Legal
Security
We've designed ImageFlow from the ground up with security and privacy at the core. Here's exactly how we keep your images safe.
Zero Server Processing
Your images never leave your device. All image operations — compression, cropping, filtering, conversion — happen 100% in your browser using the HTML5 Canvas API. There are no servers receiving your files.
No Account Required
ImageFlow requires no registration or login. We can't link your activity to an identity because we don't know who you are. No email, no password, no profile.
HTTPS Everywhere
All connections to ImageFlow are encrypted via HTTPS/TLS. This protects your session from eavesdropping even on public networks.
Auto-Clear History
Any processing history shown in the UI is stored in your browser's localStorage and automatically deleted after 8 hours. You can clear it manually at any time by clearing your browser storage.
No Third-Party Trackers
We do not use advertising networks, Meta Pixel, Google Analytics, or any third-party trackers that could associate your image usage with your identity.
Open Architecture
ImageFlow's processing logic uses standard, well-audited Web APIs (Canvas, File, Blob). No proprietary black boxes handle your images.
Content Security Policy
We implement CSP headers to prevent cross-site scripting (XSS) attacks and reduce injection risks.
Responsible Disclosure
If you discover a security vulnerability in ImageFlow, please contact us responsibly before public disclosure. We take all security reports seriously and will respond promptly.