Security at Pixshift
Your images, your data — our promise.
Privacy and security aren't features — they're the foundation of our service. Here's exactly how we protect your data.
Encrypted Transmission
Every connection to Pixshift is encrypted via HTTPS/TLS. Your images are never transmitted unencrypted — neither during upload nor download.
Automatic Deletion
Images are not stored on our servers. Processing happens exclusively in memory and the result is provided directly as a download. No image data remains on our systems after processing.
Database in the EU
Our database is located in the EU (AWS Stockholm). Image processing happens server-side on our hosting infrastructure (Vercel, GDPR-compliant via EU-US Data Privacy Framework). Your images are used exclusively for processing and are not shared with third parties.
No Sharing
We don't sell, share, or analyze your images. Period. Your files belong to you — we only process them and deliver the result.
Secure Authentication
Passwords are hashed with bcrypt (12 rounds of salting) and never stored in plain text. Authentication uses signed JWT tokens with HttpOnly cookies.
GDPR Compliant
Pixshift is fully GDPR compliant. You always have the right to access, correct, and delete your data. Your account can be completely deleted with one click.
Isolated Processing
Every image processing job runs in isolation. There's no mixing of user data — your upload is processed individually and the result is only made available to you.
Security Headers
Our website uses modern security headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy and Permissions-Policy protect against common attacks like clickjacking and MIME sniffing.
Questions about security?
Contact us anytime — we're happy to answer all questions about data protection.
Go to contact form