Support » Plugin: Compress JPEG & PNG images » GDPR compliance, follow up

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author TinyPNG

    (@tinypng)

    Hi Siga, the images are stored as unique string and served over https like so:

    https://tinypng.com/web/output/kceuuvhf3xdzre5afcwf7xek5wfj8g7t/compressed.jpg

    We don’t store them in combination with IP address.

    Thread Starter SiGa

    (@siga)

    Thanks much for that very fast answer!

    So if I read that right, no personal data (except my own, when I sign up for the key) is stored on third-party servers?

    Plugin Author TinyPNG

    (@tinypng)

    Well to be complete, the images are stored in Google Storage.

    Separate to that we store log entries for a maximum of 30 days with Google Stackdriver. These log entries contain combination of IP address + download location or IP address + API key.

    Your personal information you entered when signing up (email and username) are stored in a database on Google Kubernetes cluster.

    Hope this clarifies. We take data protection very serious, in case you have other questions or concerns please let us know.

    Sorry, to be honest, I’m not really convinced…
    If I use TinyPNG, my personal Data saved on third-party servers?
    Which is not confirm with GDPR, I think

    Plugin Author TinyPNG

    (@tinypng)

    TinyPNG is hosted on Google Cloud. That’s where your data is stored as mentioned in the previous comments. We have done a check for GDPR, because we too are a European company and what came out we addressed.

    If there is something that can be improved in the communication please let us know.

    Sorry, to be honest, I’m not really convinced…
    If I use TinyPNG, my personal Data saved on third-party servers?
    Which is not confirm with GDPR, I think

    GDPR does not restrict where you store data as long as it’s “secure”. Whether it’s “secure” depends on the data your storing and whether you trust the person storing it (in this case TingPNG). GDPR does have specific provisions saying that data transferred abroad needs to be stored somewhere with similar regulations.

    Plugin Author TinyPNG

    (@tinypng)

    Hi @patabugen, to summarise and answer your question: you believe that data saved on third-party servers is not confirm with GDPR but there are specific provisions saying that data transferred abroad needs to be stored somewhere with similar regulations. And you are asking us whether that is the case.

    If you are unsure, the data stored at third-party servers is explained in detail in the terms on https://tinypng.com/terms under points 8 to 10. Any service providers also have a DPA with Tinify, to make sure there are no loop holes.

    In case there is a specific issue you are having please let us know with some factual and specific information, we would be happy to hear anything that may have been overlooked or needs updating based on that.

    Hey @tinypng – I think you mis-read my comment. I was agreeing with you and pointing out to @resttube that third-party servers can be compatible with GDPR.

    Plugin Author TinyPNG

    (@tinypng)

    Ok great! Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘GDPR compliance, follow up’ is closed to new replies.