backdroppr

Privacy Policy

Last updated: July 31, 2025

Who we are

Backdroppr ("we", "us") provides an image background-removal service. We act as the data controller for personal data we collect.

1) What we collect

Account information.

Name (optional) and email (if you register). Authentication is handled by Clerk; we don't store your password.

Usage data.

Device type, browser, pages viewed, actions (e.g., uploads started/completed), and basic performance metrics. We use cookies for authentication and analytics (via PostHog when you accept cookies). We do not store full IP addresses in our database. Our edge provider (e.g., Cloudflare) may process IPs temporarily for security and delivery. Analytics data collection respects your cookie preferences and can be opted out at any time.

Image data.

When you use the service, your image is sent securely to our processing provider Replicate. Images are used only to produce your result and are configured to be automatically deleted within 1 hour after processing (including any transient staging we perform). We do not use your images to train models.

Payment data.

We currently do not offer paid features and do not collect payment information.

2) How we use data

  • Provide and improve the service. Run processing, measure latency/reliability, fix bugs.
  • Operate accounts and communicate. Account/admin emails (e.g., login, notices).
  • Protect the service. Detect abuse, enforce rate limits and usage caps.

Legal bases (GDPR/UK GDPR). Performance of contract (to provide the service), legitimate interests (security, analytics, improving the service), and consent where required (e.g., certain cookies/marketing).

3) How we share data

  • Service providers (processors). We use trusted vendors under contract and our instructions only.
  • Legal/Compliance. If required by law or to protect rights.
  • Business transfers. In a merger/acquisition, with notice.

We do not sell your personal data.

4) Subprocessors (key vendors)

  • Clerk – authentication
  • Cloudflare – edge delivery, security, optional object storage
  • Replicate – image inference/processing
  • PostHog – product analytics (when cookies accepted)

We maintain an up-to-date list of subprocessors in this policy and may update it as vendors change.

5) Data storage, transfers, and security

  • Security. TLS in transit; access controls; least-privilege credentials.
  • Transfers. Data may be processed in the U.S. or other locations by our providers. Where required, we rely on appropriate safeguards (e.g., SCCs).
  • Images. Free and Pro processing run on servers via Replicate. Inputs/outputs are temporary and configured to auto-delete within 1 hour. We do not retain images long-term.

6) Retention

  • Account & usage records: kept while your account is active and then as needed for operations/compliance.
  • Processing telemetry (non-content): short, limited retention for reliability and fraud control.
  • Images: temporary only (see above); auto-deleted within 1 hour.

7) Your rights

Depending on your location, you can request access, correction, deletion, restriction/objection, data portability, and withdrawal of consent. Contact support@backdroppr.com. You may also complain to a data protection authority.

8) Children's privacy

Backdroppr isn't intended for children under 13, and we don't knowingly collect their data. If you believe a child has provided data, contact us to remove it.

9) Changes to this policy

We'll update this page when practices or laws change and adjust the "Last updated" date.

Questions? support@backdroppr.com