Privacy

We will never sell your private data or information. We don't give out your private info to organizations that may sell it. We do though disclose some customer information to SAAS providers that we use in order to make the Shrink.sh service functional. Those third party companies include Zoho Mail for any communication with us, Circle CI for continuous integration testing, Sentry for error monitoring, Heroku for hosting, and Drift for customer communication - each of these has their own privacy policies.

Your files

Shrink.sh accesses your files using the OAuth access token provided by your SCM (like Github), and no private code is stored or cached on our servers. The Shrink.sh service only accesses image files. All writes are made to branches and sync with your SCM using the official API.

No human ever reads your code or see your images. No tools exist for us to access it, even for debugging. If we do need access to an image for debugging, we will contact you to ask for a copy of it.

Our software interacts only with the images stored in your SCM, using its official API over a secure connection.

What data does Shrink.sh store?

We do not use any analytics tools to track or measure your activity on our site.
Shrink.sh stores as little data as possible about your usage
The only data we store is statistics about the files we process:
  • file format (JPG, PNG, etc)
  • hashes
  • dimensions
  • file size
We do not save a copy of your images. Your images are temporarily saved on our server to allow the optimization process to take place, but are removed afterward. We do not have a way to access them once removed.

Security

All access to account information and repository data is conducted over a secure connection using the official SCM API. We do not store any passwords or secrets.
Shrink.sh team members will never access your data.
Shrink.sh accesses your Github repository only to create pull requests optimizing your images. When you sign up for Shrink.sh you are explicitly allowing Shrink.sh to access your repositories on Github. Revoking this access is easy, just click the revoke button any time through your GitHub application settings page here. Doing this will block Shrink.sh from having any access to your private repositories.
Shrink.sh is hosted on Heroku. If the Heroku service becomes vulnerable, your source code may also become vulnerable to accidental disclosure. Heroku's Security Center discusses their security in great detail.

Feedback

We take security incredibly seriously. If you have any suggestions for how we could improve our security, or improve this policy, please contact us at security@shrink.sh. We will act immediately to deal with the issue.