GDPR Compliance
Last updated: March 18, 2026
Our Commitment
ImgLink is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and explains your rights as a data subject.
Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: When you create an account or upload content, you consent to the processing of your data as described in our Privacy Policy.
- Contractual Necessity: Processing necessary to provide the Service you requested (e.g., storing and serving your uploaded images).
- Legitimate Interest: Processing for security, fraud prevention, abuse detection, content moderation, and service improvement, balanced against your privacy rights.
- Legal Obligation: Processing required to comply with applicable laws, including responding to lawful data requests from law enforcement and regulatory authorities, reporting illegal content to authorities (e.g., CSAM to NCMEC), and preserving data pursuant to legal process.
Data We Process
| Data Type | Purpose | Retention |
|---|---|---|
| Email & Username | Account management | Until account deletion* |
| Password (hashed) | Authentication | Until account deletion |
| IP Address | Security, abuse prevention, law enforcement | 90 days in logs* |
| Uploaded Images | Core service delivery | Until deleted by user |
| Upload Metadata | Content moderation, law enforcement | Until deleted by user* |
| Usage Analytics | Service improvement | Aggregated, no PII |
* Data associated with illegal activity or accounts terminated for policy violations is preserved indefinitely for law enforcement purposes and is exempt from deletion requests.
Your Rights
Under GDPR, you have the right to:
Note: Certain rights may be limited where we have a legal obligation to retain data, such as in response to law enforcement requests, active investigations, or where data is required as evidence of illegal activity. GDPR Article 17(3) permits refusal of erasure requests where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Law Enforcement & Legal Obligations
ImgLink fully cooperates with law enforcement agencies and complies with all applicable legal obligations. Under GDPR, we process personal data for law enforcement purposes under the following legal bases:
- Legal Obligation (Art. 6(1)(c)): We are legally required to respond to valid court orders, subpoenas, and other lawful requests, and to report certain illegal content (e.g., CSAM) to designated authorities.
- Legitimate Interest (Art. 6(1)(f)): We have a legitimate interest in preventing illegal activity, protecting our users, and cooperating with law enforcement to ensure public safety.
- Vital Interest (Art. 6(1)(d)): In emergency situations involving imminent danger to life, we may disclose data to protect vital interests.
Data disclosed to law enforcement may include: account information, email addresses, IP addresses, upload records, timestamps, session data, content metadata, and the content itself.
How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
- Email us at [email protected]
- Use our contact form
- Open a support ticket
We will respond to your request within 30 days. We may ask you to verify your identity before processing certain requests.
Data Protection Officer
For GDPR-related inquiries, contact our data protection team at [email protected].
Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.