We will never sell your private data or information. We don't give out your private info to organizations that may sell it. We do though disclose some customer information to SAAS providers that we use in order to make the service functional. Those third party companies include Zoho Mail for any communication with us, Circle CI for continuous integration testing, Sentry for error monitoring, Heroku for hosting, and Drift for customer communication - each of these has their own privacy policies.

Your files accesses your files using the OAuth access token provided by your SCM (like Github), and no private code is stored or cached on our servers. The service only accesses image files. All writes are made to branches and sync with your SCM using the official API.

No human ever reads your code or see your images. No tools exist for us to access it, even for debugging. If we do need access to an image for debugging, we will contact you to ask for a copy of it.

Our software interacts only with the images stored in your SCM, using its official API over a secure connection.

What data does store?

We do not use any analytics tools to track or measure your activity on our site. stores as little data as possible about your usage
The only data we store is statistics about the files we process:
  • file format (JPG, PNG, etc)
  • hashes
  • dimensions
  • file size
We do not save a copy of your images. Your images are temporarily saved on our server to allow the optimization process to take place, but are removed afterward. We do not have a way to access them once removed.


All access to account information and repository data is conducted over a secure connection using the official SCM API. We do not store any passwords or secrets. team members will never access your data. accesses your Github repository only to create pull requests optimizing your images. When you sign up for you are explicitly allowing to access your repositories on Github. Revoking this access is easy, just click the revoke button any time through your GitHub application settings page here. Doing this will block from having any access to your private repositories. is hosted on Heroku. If the Heroku service becomes vulnerable, your source code may also become vulnerable to accidental disclosure. Heroku's Security Center discusses their security in great detail.


We take security incredibly seriously. If you have any suggestions for how we could improve our security, or improve this policy, please contact us at We will act immediately to deal with the issue.