GDPR Compliance Information
How YondUP ensures full compliance with the General Data Protection Regulation through innovative privacy-by-design architecture.
GDPR and Image Processing
The General Data Protection Regulation (GDPR) requires organizations to protect the personal data and privacy of EU citizens. Images often contain personal data, making GDPR compliance crucial for any image processing service.
YondUP's GDPR Advantage
YondUP's client-side processing means your images never become "personal data" under our control, eliminating most GDPR obligations and providing the strongest possible privacy protection.
Our Compliance Status
Article 25: Data Protection by Design
YondUP implements privacy by design through client-side processing, ensuring data protection is built into the system from the ground up.
Article 5: Data Processing Principles
We process data lawfully, fairly, and transparently. Since processing occurs on your device, we never collect or process your personal data.
Article 17: Right to Erasure
Since we never store your data, erasure is automatic and immediate when you close your browser tab.
Article 20: Right to Data Portability
Your processed images are immediately available for download in standard formats, ensuring complete data portability.
Data Controller vs Data Processor
You Remain the Data Controller
- • You maintain full control over your images
- • You determine the purpose of processing
- • You decide what data to process
- • You control data retention and deletion
YondUP is Not a Data Processor
- • We never access your images
- • No data processing agreement needed
- • We have no GDPR obligations for your data
- • Eliminates third-party processor risk
Legal Basis for Processing
Article 6(1)(f): Legitimate Interests
For most users, processing images for compression or format conversion falls under legitimate interests.
- • Legitimate interest: Image optimization for web use, storage efficiency, or sharing
- • No overriding individual interests: Client-side processing protects privacy
- • Proportionate: Only processes images you explicitly select
Article 6(1)(a): Consent
By selecting and processing images, you provide clear consent for the processing.
- • Freely given: No coercion or mandatory registration
- • Specific: You choose exactly which images to process
- • Informed: This page explains how processing works
- • Unambiguous: Active selection of files constitutes consent
Individual Rights Under GDPR
| Right | Traditional Service | YondUP Client-Side |
|---|---|---|
| Access (Art. 15) | Request required | Not applicable - no data stored |
| Rectification (Art. 16) | Manual process | Not applicable - no data stored |
| Erasure (Art. 17) | Request and wait | Automatic on tab close |
| Portability (Art. 20) | Export feature | Immediate download |
| Object (Art. 21) | Stop processing | Close tab to stop |
Data Protection Impact Assessment (DPIA)
Low Risk Assessment
YondUP's architecture presents minimal privacy risk, potentially eliminating the need for DPIAs when using our service for image processing.
Risk Factors
- • ✅ No systematic monitoring
- • ✅ No large-scale processing
- • ✅ No data matching or combining
- • ✅ No automated decision-making
- • ✅ No vulnerable individuals affected
Mitigating Factors
- • Client-side processing only
- • No data transmission to servers
- • No data retention
- • Open source transparency
- • User maintains full control
For Organizations Using YondUP
Simplified Compliance
- • No data processing agreements (DPAs) required
- • No vendor due diligence for data protection
- • Reduced breach notification obligations
- • Simplified privacy impact assessments
Employee Training
- • Train staff on client-side processing benefits
- • Emphasize that images never leave their devices
- • Highlight automatic data deletion
- • Document privacy-by-design approach
Record Keeping
- • Document the privacy-by-design approach
- • Record that no third-party processing occurs
- • Maintain evidence of technical safeguards
- • Update privacy notices to reflect client-side processing
International Data Protection Compliance
Global Regulations
- • GDPR (EU): Fully compliant
- • CCPA (California): No personal info collected
- • PIPEDA (Canada): Privacy by design
- • LGPD (Brazil): Client-side processing
- • PDPA (Singapore): No data transfer
Benefits Worldwide
- • No cross-border data transfers
- • No data localization requirements
- • Simplified regulatory compliance
- • Reduced legal and operational overhead
- • Universal privacy protection