Skip to content
IMGLoader
IMGLoader

Privacy Policy

Last updated: 2026-02-22

IMGLoader is a web tool that lets you connect supported platforms using official OAuth, select media, and either download selected items as a ZIP or transfer items into another connected platform. IMGLoader does not require its own user account system (no IMGLoader username/password). We do not sell user data, and we do not build advertising profiles from your connected accounts. Depending on your deployment, the site may be supported by ads.

At a glance

  • No IMGLoader account. We don’t ask you to create an IMGLoader profile, and we don’t collect passwords for connected platforms.
  • OAuth-based access. Platforms only grant the scopes you approve, and you can disconnect at any time.
  • Temporary exports. For large downloads, ZIP export artifacts may be stored temporarily to make downloads reliable. These artifacts are encrypted at rest and automatically deleted after a short retention window.
  • Browser-held key encryption (supported browsers). On supported browsers, stored ZIP export artifacts can be additionally encrypted using a key generated and kept only in your browser (the private key is not stored server‑side).
  • Aggregate usage stats. We keep high-level, non-identifying totals (like job counts, bytes processed, durations, and failure counts) to monitor reliability and costs over time.

Data we process

  • No site accounts. We don’t collect names, emails, or passwords for IMGLoader.
  • Platform tokens (OAuth). When you click “Connect” for a platform (e.g., Pinterest, Google Photos, DeviantArt), that platform redirects back with tokens so the app can access your collections/items per the scopes you approve. Tokens are stored in secure cookies. Disconnecting clears stored tokens for that provider. Closing the tab may interrupt active downloads/transfers.
  • Media processing. Media is fetched from the source platform to prepare a ZIP download, to stream previews, or to upload into a destination platform (for transfers). We do not use your media for advertising, and we do not use your media to train machine learning models. For large ZIP downloads, ZIP export artifacts may be stored temporarily so you can download them reliably. Stored export artifacts are encrypted at rest. On supported browsers, stored ZIP artifacts may also be additionally encrypted with a browser‑held key (the private key is not stored server‑side).
  • Job metadata. To run downloads and transfers, we store basic job metadata such as a job ID, state (queued/running/done/error), item counts, file names you choose, and destination settings. We do not build a searchable index of your library.
  • Reporting metrics. We may store historical and aggregate usage metrics (for example: counts of ZIP and transfer jobs, bytes processed, and average durations) to power internal reporting and cost estimation. These metrics are not meant to identify you or reconstruct your library.

Cookies

We use essential cookies to operate the service (for example: OAuth state/CSRF protection, session identifiers, and platform tokens). Depending on your deployment, we may also use cookies for analytics/advertising. You can control cookies in your browser settings; the app may be limited without essential cookies.

  • Third‑party cookies. If ads or analytics are enabled, third‑party providers may set cookies to measure performance and deliver ads.
  • Google advertising cookies. If Google AdSense is enabled, Google may use cookies (e.g., the DoubleClick cookie) to serve ads, including personalized ads.
  • Opt‑out of personalized ads. You can manage ad personalization in your Google Ads settings and industry pages such as Google Ads Settings, aboutads.info/choices, and optout.networkadvertising.org.

Third parties

  • Platform APIs. Your content is accessed only with your permission and subject to the relevant platform’s terms and policies (for example: Pinterest, Google Photos, DeviantArt).
  • Infrastructure providers. IMGLoader may use cloud infrastructure to run background jobs and temporarily store encrypted export artifacts. These providers process data on our instructions to deliver the service.
  • Advertising/analytics providers. If enabled, ad networks or analytics tools may collect usage data per their own policies.

Data retention

We keep data only as long as needed to provide the service, maintain reliability, and prevent abuse. Retention can vary depending on platform behavior and job type.

  • Access logs. Basic access logs (e.g., IP, user‑agent, timestamps) are retained for up to 30 days for security and abuse prevention, then purged.
  • Tokens. OAuth access tokens are kept in secure cookies and typically expire within ~1 hour. Refresh tokens (when provided by a platform) may also be stored in secure cookies. You can disconnect at any time to clear tokens we store for a provider.
  • Temporary exports. For large downloads, ZIP export artifacts (ZIP parts) may be stored temporarily and auto‑deleted (typically within a few hours). Download links are time‑limited. On supported browsers, browser-held key encryption may be used; the decryption key remains in your browser. Clearing site data or switching browsers can prevent decryption even while the encrypted artifact still exists.
  • Aggregate stats. Non-identifying aggregate metrics (for example daily totals) may be retained longer to support historical reliability and cost reporting.

Security

Data is protected in transit using HTTPS. If ZIP export artifacts are stored temporarily for large downloads, they are encrypted at rest and access is restricted via least‑privilege service roles. When browser-held key encryption is used (supported browsers), the stored ZIP artifact is additionally encrypted with a key that is generated and kept only in your browser, so the stored object is not decryptable using cloud storage access alone. Preview streaming uses short, ranged requests and does not store full media files as exports.

Operational controls: production access is restricted and audited. We design permissions so routine operations do not require access to export artifacts. Any exceptional access is intended to be time‑limited and logged.

Note: No system can be guaranteed 100% secure. IMGLoader reduces risk through encryption, short retention, and restricted access controls, but media must be processed to perform the actions you request (for example, packaging files into a ZIP or uploading during transfers).

Children’s privacy

IMGLoader is not directed to children under 13. If you believe we have received information from a child, please contact us to remove it.

Changes

We may update this policy from time to time. Continued use of the site after changes means you accept the updated policy.

Contact

Questions? Email support@imgloader.com.