Introduction

Codobux IT Services Private Limited ("we," "us," or "our"), operating the Imghippo platform at www.imghippo.com, is committed to protecting the personal data and privacy rights of all users, including those located in the European Economic Area (EEA), the United Kingdom, and Switzerland.

This page explains how we comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and outlines the specific rights available to you under this regulation. This page should be read alongside our Privacy Policy, which provides full details on how we collect, use, and store your data.

Data Controller

For the purposes of the GDPR, the data controller responsible for your personal data is:

Company: Codobux IT Services Private Limited
Location: Punjab, India
Email: info@imghippo.com

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is carried out in compliance with the GDPR.

Legal Basis for Processing

We process your personal data only when we have a valid legal basis under the GDPR. The legal bases we rely on include:

Consent — when you create an account, sign in through a social provider, or upload images, you consent to the processing of your data as described in our Privacy Policy. You may withdraw consent at any time.
Contract performance — processing necessary to provide the services you requested, such as hosting your images, processing files through our tools, and managing your account.
Legitimate interests — processing necessary for our legitimate business interests, such as improving the platform, preventing abuse, ensuring security, and analyzing usage patterns. We balance these interests against your rights and freedoms.
Legal obligation — processing necessary to comply with applicable laws, regulations, or legal proceedings.

Personal Data We Collect

A summary of the personal data we collect and the purpose for each category:

Data Category	Purpose	Legal Basis
Name, email, username	Account creation and authentication	Consent / Contract
Profile picture	Display in profile and comments	Consent
Uploaded images and metadata	Image hosting and tool processing	Contract
IP address, browser, device info	Security, abuse prevention, analytics	Legitimate interest
Usage data and page visits	Platform improvement and analytics	Legitimate interest
Support ticket content	Responding to your requests	Contract / Legitimate interest

For a complete description of data collection practices, see our Privacy Policy.

Your Rights Under GDPR

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

Right of access — you can request a copy of all personal data we hold about you.
Right to rectification — you can request correction of inaccurate or incomplete personal data. You can also update your profile information directly through your account settings.
Right to erasure ("right to be forgotten") — you can request deletion of your personal data. You can delete your account and all associated data directly from your account settings, or contact us to request deletion.
Right to restrict processing — you can request that we limit how we process your data in certain circumstances, such as when you contest the accuracy of your data.
Right to data portability — you can request your personal data in a structured, commonly-used, machine-readable format where technically feasible.
Right to object — you can object to processing based on legitimate interests, including profiling and direct marketing.
Right to withdraw consent — where processing is based on consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, email us at info@imghippo.com. We will respond to your request within 30 days as required by the GDPR. We may ask you to verify your identity before processing your request.

International Data Transfers

Imghippo is operated by Codobux IT Services Private Limited, based in India. Your data is stored on servers located in the United States (Amazon Web Services).

When your data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

Reliance on adequacy decisions where available.
Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without an adequacy decision.
Technical and organizational security measures to protect your data during transfer and storage.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account data — retained while your account is active. Permanently deleted when you delete your account.
Uploaded images — retained until you delete them or your account. Anonymous uploads are retained until removed by our team.
Temporary processed files — automatically deleted within 24 hours.
Analytics data — retained in anonymized form as configured in Google Analytics.

Cookies and Consent

We use cookies and similar technologies as described in our Privacy Policy. Under the GDPR, we categorize cookies as follows:

Strictly necessary — required for authentication and core functionality. These do not require consent.
Analytics (Google Analytics) — used to understand usage patterns. Requires consent for EEA users.
Advertising (Google Ads) — used to display relevant advertisements. Requires consent for EEA users.
Security (Cloudflare) — used for DDoS protection and bot detection. Classified as strictly necessary.

You can manage your cookie preferences through your browser settings. Disabling non-essential cookies will not affect core platform functionality.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using HTTPS/TLS.
Secure password hashing and token-based authentication.
Access controls limiting data access to authorized personnel.
Regular security assessments and monitoring.
Cloudflare protection against DDoS attacks and malicious traffic.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by the GDPR, and will inform affected users without undue delay.

Third-Party Data Processors

We use the following third-party services that process personal data on our behalf:

Amazon Web Services (AWS) — cloud infrastructure and image storage (US region).
Cloudflare — CDN, security, and performance optimization.
Google — Analytics, Ads, and OAuth authentication.
Meta (Facebook) — OAuth authentication.
X (Twitter) — OAuth authentication.

Each of these processors is bound by their own GDPR-compliant data processing agreements. We encourage you to review their respective privacy policies.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

We encourage you to contact us first at info@imghippo.com so we can attempt to resolve your concern directly. We take every complaint seriously and will respond promptly.

Changes to This Page

We may update this GDPR compliance page to reflect changes in our data practices, legal requirements, or regulatory guidance. When we make changes, we will update the effective date at the top of this page.

Contact Us

For any GDPR-related questions, data access requests, or privacy concerns, please contact us:

Email: info@imghippo.com
Support: Imghippo Help Center
Operated by: Codobux IT Services Private Limited, Punjab, India

We will respond to all GDPR-related requests within 30 days.

GDPR Compliance