Hi Siga, the images are stored as unique string and served over https like so:

https://tinypng.com/web/output/kceuuvhf3xdzre5afcwf7xek5wfj8g7t/compressed.jpg

We don’t store them in combination with IP address.

Well to be complete, the images are stored in Google Storage.

Separate to that we store log entries for a maximum of 30 days with Google Stackdriver. These log entries contain combination of IP address + download location or IP address + API key.

Your personal information you entered when signing up (email and username) are stored in a database on Google Kubernetes cluster.

Hope this clarifies. We take data protection very serious, in case you have other questions or concerns please let us know.

TinyPNG is hosted on Google Cloud. That’s where your data is stored as mentioned in the previous comments. We have done a check for GDPR, because we too are a European company and what came out we addressed.

If there is something that can be improved in the communication please let us know.

Hi @patabugen, to summarise and answer your question: you believe that data saved on third-party servers is not confirm with GDPR but there are specific provisions saying that data transferred abroad needs to be stored somewhere with similar regulations. And you are asking us whether that is the case.

If you are unsure, the data stored at third-party servers is explained in detail in the terms on https://tinypng.com/terms under points 8 to 10. Any service providers also have a DPA with Tinify, to make sure there are no loop holes.

In case there is a specific issue you are having please let us know with some factual and specific information, we would be happy to hear anything that may have been overlooked or needs updating based on that.

Ok great! Thanks!