Privacy Policy
Your privacy is important to us. This policy explains how Bg Remover collects, uses, and protects your personal information when you use our services.
Contents
1. Information We Collect
We collect several types of information to provide and improve our services:
Account Information
- Name and email address when you create an account
- Password (stored securely using bcrypt hashing)
- Profile information you choose to provide
- Billing information if you subscribe to a paid plan
Usage Data
- Images uploaded for background removal (processed and deleted per retention policy)
- API usage metrics, request logs, and rate limit data
- Device information, browser type, IP address, and operating system
- Pages visited, features used, and interaction patterns
- Referring URLs and search terms used to find our service
Automatically Collected Information
When you access our website or API, we automatically collect certain technical information through cookies, server logs, and similar technologies. This includes your IP address, browser type, device identifiers, and information about how you interact with our services. This data helps us maintain security, prevent abuse, and improve our platform.
2. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery
To process your images, manage your account, and provide background removal services.
Service Improvement
To analyze usage patterns, fix bugs, and develop new features that enhance your experience.
Communication
To send service updates, security alerts, billing notifications, and respond to support requests.
Security & Fraud Prevention
To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
Legal Compliance
To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Analytics & Research
To understand usage trends and conduct research to improve our AI models and service quality.
3. Information Sharing
We do not sell your personal information to third parties. We may share your information only in the following circumstances:
- Service Providers: We share data with trusted third-party vendors who assist in operating our service, such as cloud hosting providers (AWS, Google Cloud), payment processors (Stripe), and email delivery services. These providers are contractually bound to protect your data.
- Legal Requirements: We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or prominent notice before your data is subject to a different privacy policy.
- With Your Consent: We may share information with third parties when you explicitly consent to or direct us to do so.
4. Data Security
We implement industry-standard security measures to protect your personal information:
- All data transmitted between your browser and our servers is encrypted using TLS 1.3
- Passwords are hashed using bcrypt with a high work factor and are never stored in plain text
- Our infrastructure is hosted on SOC 2 Type II compliant cloud providers
- We conduct regular security audits, penetration testing, and code reviews
- Access to user data is restricted to authorized personnel on a need-to-know basis
- We maintain comprehensive logging and monitoring to detect unauthorized access
- Database backups are encrypted at rest using AES-256 encryption
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach, in accordance with applicable laws.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Request a copy of all personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data ("right to be forgotten").
Receive your data in a structured, machine-readable format.
Request that we limit how we use your data.
Object to our processing of your data for certain purposes.
Withdraw consent at any time where we rely on consent to process your data.
File a complaint with your local data protection authority.
GDPR (European Users)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). We process your data based on legitimate interests, contractual necessity, or your explicit consent. You may exercise your rights by contacting us at privacy@bgremover.dev.
CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. You have the right to know what personal information we collect, the right to delete your data, and the right to opt out of the sale of personal information. We do not sell your personal information.
7. Data Retention
We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:
- Account data is retained for the duration of your account and for 30 days after deletion to allow for account recovery
- Processed images for free-tier users are retained for 24 hours, then permanently deleted
- Processed images for paid-plan users are retained according to their subscription plan (7-30 days)
- API usage logs are retained for 90 days for analytics and debugging purposes
- Server and security logs are retained for 12 months
- Billing records are retained for 7 years as required by tax and financial regulations
8. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@bgremover.dev so we can take appropriate action.
9. International Data Transfers
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this privacy policy.
For transfers from the EEA to countries not deemed to provide an adequate level of data protection, we use Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on other appropriate legal mechanisms to safeguard your data.
10. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:
- Posting the updated policy on our website with a revised "Last Updated" date
- Sending an email notification to registered users for significant changes
- Displaying a prominent notice on our platform
We encourage you to review this policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
For EU data subject requests, please clearly indicate your request type and provide sufficient information for us to verify your identity.