GDPR compliance, follow up

Hi Siga, the images are stored as unique string and served over https like so:

https://tinypng.com/web/output/kceuuvhf3xdzre5afcwf7xek5wfj8g7t/compressed.jpg

We don’t store them in combination with IP address.

Thanks much for that very fast answer!

So if I read that right, no personal data (except my own, when I sign up for the key) is stored on third-party servers?

Well to be complete, the images are stored in Google Storage.

Separate to that we store log entries for a maximum of 30 days with Google Stackdriver. These log entries contain combination of IP address + download location or IP address + API key.

Your personal information you entered when signing up (email and username) are stored in a database on Google Kubernetes cluster.

Hope this clarifies. We take data protection very serious, in case you have other questions or concerns please let us know.

Sorry, to be honest, I’m not really convinced…
If I use TinyPNG, my personal Data saved on third-party servers?
Which is not confirm with GDPR, I think

TinyPNG is hosted on Google Cloud. That’s where your data is stored as mentioned in the previous comments. We have done a check for GDPR, because we too are a European company and what came out we addressed.

If there is something that can be improved in the communication please let us know.

Sorry, to be honest, I’m not really convinced…
If I use TinyPNG, my personal Data saved on third-party servers?
Which is not confirm with GDPR, I think

GDPR does not restrict where you store data as long as it’s “secure”. Whether it’s “secure” depends on the data your storing and whether you trust the person storing it (in this case TingPNG). GDPR does have specific provisions saying that data transferred abroad needs to be stored somewhere with similar regulations.

Hi @patabugen, to summarise and answer your question: you believe that data saved on third-party servers is not confirm with GDPR but there are specific provisions saying that data transferred abroad needs to be stored somewhere with similar regulations. And you are asking us whether that is the case.

If you are unsure, the data stored at third-party servers is explained in detail in the terms on https://tinypng.com/terms under points 8 to 10. Any service providers also have a DPA with Tinify, to make sure there are no loop holes.

In case there is a specific issue you are having please let us know with some factual and specific information, we would be happy to hear anything that may have been overlooked or needs updating based on that.

Hey @tinypng – I think you mis-read my comment. I was agreeing with you and pointing out to @resttube that third-party servers can be compatible with GDPR.

Ok great! Thanks!