SammaPix
← Back to SammaPix

Privacy Policy

Last updated: March 5, 2026

Overview

SammaPix (“we”, “our”, or “the service”) is a free online image optimization tool. We take your privacy seriously. This policy explains what data we collect, how we use it, and what rights you have.

Image Processing

Your images never leave your browser for compression, WebP conversion, or resize operations. All processing happens locally using your device's CPU and browser APIs. We never upload, store, or access your image files for these features.

AI Rename is the only exception. When you use AI Rename, a small compressed thumbnail (max 1024px) of your image is sent to Google's Gemini API for visual analysis. This thumbnail is used solely to generate a descriptive filename and alt text — it is not stored by SammaPix and is processed according to Google's Privacy Policy.

Account Data

If you create an account (required for AI Rename), we collect:

  • Your email address (from Google or GitHub sign-in)
  • Your name and profile picture (from your OAuth provider)
  • Usage data: number of AI Rename calls per day (to enforce free plan limits)

We do not sell your personal data to third parties. We do not use your email for marketing without explicit consent.

Authentication

We use NextAuth.js for authentication. Sign-in is handled via Google OAuth or GitHub OAuth. We only request the minimum scopes required: your email address and public profile. We do not access your Google Drive, Gmail, or any other services.

Cookies

We use the following cookies:

  • Session cookie (next-auth.session-token) — required for login. Expires when you close your browser or after 30 days.
  • Language preference (NEXT_LOCALE) — stores your detected language preference. No personal data.
  • Analytics — we use Cloudflare Web Analytics, which is privacy-first and does not use cookies or fingerprinting.

If you use AdSense-served ads, Google may set cookies for ad personalization. You can opt out via Google Ad Settings.

Data Retention

Account data is retained as long as your account is active. You can request deletion at any time by contacting us. Upon deletion, your email, name, and usage data are permanently removed within 30 days.

Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Access — request a copy of the data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and associated data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at the email below.

Third-Party Services

  • Google Gemini API — processes AI Rename thumbnails
  • Google OAuth — optional sign-in provider
  • GitHub OAuth — optional sign-in provider
  • Stripe — payment processing for Pro subscriptions
  • Vercel — hosting and edge infrastructure

Contact

For privacy requests or questions, contact: privacy@sammapix.com

Data controller: Luca Sammarco, sammapix.com