imghost← back
// legal

privacy policy

last updated: 19 june 2026 · jurisdiction: united kingdom

This policy explains what personal data imghost ("we", "us", "our") collects when you use this service, why we collect it, how long we keep it, and what rights you have under UK data protection law. We act as the data controller for the personal data described below.

1. who we are

imghost is an image hosting service operated as part of imgto64.co.uk, based in the United Kingdom. For data protection queries, see the contact section at the bottom of this page.

2. what data we collect

  • Account data — your email address (email/password sign-up), or basic profile data (email, display name, avatar URL) provided by Discord, GitHub, or X when you use one of those sign-in options.
  • Content you upload — the image files you upload, their filenames, file sizes, and MIME types.
  • Usage data — upload timestamps and the URL slugs (custom or auto-generated) associated with your images.
  • Technical data — standard server logs (IP address, browser type) may be generated by our hosting provider (Vercel) and database provider (Supabase) as a normal part of running the service.

We do not use advertising cookies or behavioural tracking, and we do not sell personal data to anyone.

3. our legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract — processing your account and image data is necessary to provide the service you've signed up for.
  • Legitimate interests — for basic security, fraud prevention, and keeping the service running reliably.
  • Consent — where you choose to sign in via a third-party provider (Discord, GitHub, X), which shares data with us under permissions you approve.

4. where your data is stored

Account data and image data are stored using Supabase (database/auth) and served via Vercel (hosting). These providers may store or process data outside the UK/EEA. Where this happens, it is covered by their own data transfer safeguards — see supabase.com/privacy and vercel.com/legal/privacy-policy.

5. how we use your data

  • To create and manage your account.
  • To host, store, and serve the images you upload via the URLs they generate.
  • To enforce access controls so only you can view, edit, or delete your own images in your account dashboard.
  • To respond to support requests if you contact us.

6. public image links

Every uploaded image is given a public URL — either auto-generated or a custom slug you choose. Anyone with that link, or who guesses a slug, can view the image. Treat upload links as you would any publicly shared link. Do not upload images you don't want potentially seen by others.

7. third-party sign-in providers

If you sign in via Discord, GitHub, or X, those providers will share limited profile data with us (typically your email and display name) based on the permissions you approve during their login flow. We only request the minimum scopes needed to identify your account — we don't request access to your messages, repositories, posts, or other unrelated data.

8. data retention

We keep your account and image data for as long as your account remains active. You can delete individual images at any time, or use the "delete all images" option in Settings. If you want your account and all associated data permanently deleted, contact us and we will action this within a reasonable timeframe, normally within 30 days.

9. your rights under UK GDPR

As a UK data subject, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure of your data ("right to be forgotten")
  • Request a copy of your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled

Most of these rights are available directly through the Settings page (editing your display name, changing your password, deleting images). For anything else, contact us using the details below.

10. children

This service is not directed at children, and you must be at least 13 years old to create an account. We do not knowingly collect data from children under 13.

11. security

We use industry-standard practices including Row Level Security on our database (so users can only access their own data) and encrypted connections (HTTPS) throughout the service. No system is 100% secure, but we take reasonable steps to protect your data.

12. changes to this policy

We may update this policy from time to time. Material changes will update the "last updated" date above. Continued use of imghost after changes constitutes acceptance of the revised policy.

13. contact us

For any privacy questions, data requests, or to exercise your rights above, get in touch via the contact details listed on imgto64.co.uk.