Privacy Policy

Introduction

At ImageToPass ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Apple Wallet Pass Generator service at imagetopass.com.

Our Privacy Commitment: We collect minimal data, delete files automatically, and never sell your information to third parties.

Information We Collect

1. Personal Information

• Email Address: We collect your email address when you sign up. This is used solely for authentication (magic link login) and sending you pass download links.
• Payment Information: Credit card information is processed securely by Stripe. We do not store your credit card details on our servers.

2. Pass Data

• Images (Standard Passes): Photos you upload for standard passes are deleted immediately after pass generation (within seconds).
• Images (Hybrid Passes): Photos for hybrid passes are stored securely for 1 year to enable online viewing with full resolution.
• Pass Information: Text you enter (name, title, descriptions, barcode data) is stored to generate your pass and maintain your pass history.
• Generated Pass Files: Standard pass files (.pkpass) are automatically deleted 48 hours after creation. Hybrid pass data is retained for 1 year.
• Hybrid Pass View Tracking: For hybrid passes, we track view events (IP address, timestamp, user agent) for analytics and abuse detection purposes.

3. Technical Information

• Log Data: Standard server logs (IP address, browser type, access times) for security and troubleshooting.
• Cookies: We use minimal cookies for authentication sessions only (JWT tokens).

How We Use Your Information

We use your information exclusively for:

• Authentication: Sending magic link login emails
• Service Delivery: Generating your Apple Wallet passes
• Hybrid Pass Features: Storing and serving full-resolution photos for online viewing (hybrid passes only)
• Communication: Sending pass download links and credit purchase confirmations
• Account Management: Managing your credit balance and pass history
• Payment Processing: Processing credit pack purchases via Stripe
• Analytics & Abuse Prevention: Tracking views on hybrid passes to detect suspicious activity
• Customer Support: Responding to your support requests

We never: Sell your data, share it with third parties for marketing, or use it for purposes beyond operating ImageToPass.

Data Retention & Automatic Deletion

We automatically delete data on the following schedule:

Pass metadata (title, type, creation date) is retained in your account history for reference purposes but can be deleted upon request.

Third-Party Services

We use the following trusted third-party services:

• Stripe: Payment processing. View their privacy policy at stripe.com/privacy
• Postal (Email Service): Transactional email delivery (magic links, download links, receipts)
• Infisical: Secure secrets management (certificates and API keys only, no user data)

These services are bound by their own privacy policies and security standards. We do not share more information than necessary to provide our service.

Your Rights

You have the following rights regarding your data:

• Access: Request a copy of all data we have about you
• Correction: Update your email address by contacting support
• Deletion: Request complete account deletion (we will delete all associated data)
• Data Portability: Request an export of your pass history and account data
• Opt-Out: Stop receiving transactional emails (note: this will prevent you from using the service)

To exercise any of these rights, contact us at support@imagetopass.com

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on contractual necessity (to provide the service) and your consent
• Data Controller: reHosted is the data controller for your information
• Right to Lodge a Complaint: You may file a complaint with your local data protection authority
• Data Transfers: Your data is stored on servers in the United States with appropriate safeguards

Security

We take security seriously and implement the following measures:

• Passwordless Authentication: Magic links eliminate password-related security risks
• Encrypted Connections: All data transmitted over HTTPS/TLS
• Secure Storage: Database credentials and API keys stored in Infisical (secrets management)
• Automatic Cleanup: Files deleted automatically to minimize data exposure
• Token Expiration: Short-lived tokens reduce risk of unauthorized access
• Regular Updates: Software dependencies updated regularly for security patches

While we implement strong security measures, no system is 100% secure. We encourage you to use ImageToPass responsibly and avoid including sensitive personal information in your passes.

Children's Privacy

ImageToPass is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at support@imagetopass.com and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email. The "Last Updated" date at the top of this page indicates when the policy was last revised.

Continued use of ImageToPass after policy changes constitutes acceptance of the updated policy.