Back to Help Center
privacy security
Updated April 19, 2026

How We Protect Your Data

How We Protect Your Data

Security is built into everything we do.

Our Security Philosophy

"We can't lose what we don't have."

The best way to protect your data is to never collect it in the first place.

Client-Side Processing

What It Means:

All image processing happens in your browser on your device:

Traditional (Server-Side):

  1. You upload file to server ❌
  2. Server processes file
  3. Server sends result back
  4. Server deletes file (hopefully)

V2Stack (Client-Side):

  1. You select file on your device ✅
  2. Browser processes file locally
  3. Result downloads to your device
  4. File never leaves your device

Security Benefits:

  • No upload = no interception risk
  • No server storage = no breach risk
  • No transmission = no MITM risk
  • Complete privacy by design

Technical Security Measures

HTTPS Encryption

What we use:

  • TLS 1.3 (latest version)
  • 256-bit encryption
  • Certificate pinned via HSTS

What it protects:

  • All data in transit
  • Prevents eavesdropping
  • Prevents tampering
  • Verifies server identity

You can verify:

  • Look for padlock in browser
  • Check "https://" in URL
  • Click padlock for certificate info

Content Security Policy (CSP)

What it does:

  • Prevents XSS (cross-site scripting) attacks
  • Restricts where scripts can load from
  • Blocks malicious injections
  • Protects against clickjacking

Implementation:

  • Strict CSP headers
  • Only trusted sources allowed
  • No inline scripts
  • Regular audits

No Cookies for Tracking

What we don't use:

  • ❌ Tracking cookies
  • ❌ Analytics cookies
  • ❌ Advertising cookies
  • ❌ Third-party cookies

What we might use:

  • ✅ Session cookies (temporary)
  • ✅ Dark mode preference (localStorage)
  • ✅ Workflow saves (localStorage)
  • All local to your browser

Infrastructure Security

Hosting (Netlify)

Certifications:

  • SOC 2 Type II
  • ISO 27001
  • GDPR compliant

Security features:

  • DDoS protection
  • Automatic SSL/TLS
  • Regular security audits
  • 99.99% uptime SLA

DNS (Cloudflare)

Protection:

  • DDoS mitigation
  • DNSSEC enabled
  • Anycast network
  • 24/7 monitoring

Privacy:

  • No logging of queries
  • GDPR compliant
  • Privacy-first approach

Code Repository (GitLab)

Security:

  • Private repositories
  • Access controls
  • Audit logs
  • Secure development practices

No user data:

  • Code only
  • No customer information
  • No file uploads

What We Don't Do

We DON'T:

Collect personal information

  • No names, emails, addresses
  • No payment information
  • No account credentials

Track your usage

  • No page-by-page tracking
  • No behavior profiling
  • No usage analytics

Store your files

  • No server storage
  • No cloud backups
  • No file retention

Share data

  • No selling to third parties
  • No data brokers
  • No advertising networks

Use AI training

  • Your files never train models
  • No machine learning on your data
  • No algorithmic analysis

Your Privacy Rights

Since we don't collect data:

Automatic rights:

  • ✅ Complete privacy
  • ✅ No tracking
  • ✅ No profiling
  • ✅ No targeted advertising

No action needed:

  • No opt-out forms
  • No privacy settings
  • No data deletion requests
  • No export requests

You're already protected by design.

Browser Security

Your browser also protects you:

Sandboxing:

  • Each tab isolated
  • Limited file system access
  • No access to other sites

Permissions:

  • You control file access
  • Can revoke anytime
  • Browser asks permission

Updates:

  • Keep browser updated
  • Security patches automatic
  • Latest protections enabled

Best practices:

  • Use modern browsers (Chrome, Firefox, Safari, Edge)
  • Enable automatic updates
  • Use ad blockers for extra protection
  • Enable "Do Not Track"

Security Best Practices (For You)

DO:

  • ✅ Use updated browsers
  • ✅ Download from official site only
  • ✅ Check for HTTPS padlock
  • ✅ Bookmark official URL
  • ✅ Use ad blockers

DON'T:

  • ❌ Download from unofficial sources
  • ❌ Share personal info (we don't ask)
  • ❌ Click suspicious links claiming to be us
  • ❌ Use on public/shared computers without clearing cache

Reporting Security Issues

Found a vulnerability?

We take security seriously:

How to report:

What happens:

  • We respond within 24 hours
  • Investigate all reports
  • Fix confirmed issues promptly
  • Thank reporters (with permission)

We appreciate:

  • Responsible disclosure
  • Detailed reports
  • Proof of concept
  • Impact assessment

Transparency

We believe in openness:

Security incidents:

  • We'll disclose any breaches
  • Transparent communication
  • Timeline of events
  • Steps taken to prevent recurrence

Policy changes:

  • Updated policy posted here
  • Significant changes noted
  • Last updated date shown

Contact us anytime:

  • Questions welcome
  • Concerns addressed
  • Feedback appreciated

Compliance

GDPR (European Union):

  • ✅ No personal data collected
  • ✅ No processing of EU data
  • ✅ Fully compliant by design

CCPA (California):

  • ✅ No selling of personal data
  • ✅ No collection of personal data
  • ✅ Fully compliant by design

COPPA (Children's Privacy):

  • ✅ Safe for all ages
  • ✅ No data collection from children
  • ✅ No age restrictions needed

PIPEDA (Canada):

  • ✅ No personal information collected
  • ✅ Fully compliant by design

Questions?

Privacy concerns? Security questions? Want to verify something?

Contact us - we're happy to help.

Your privacy and security are our top priorities.

← Back to all articlesStill need help? Contact us