Privacy Policy

Last updated: 2026-06-25

1. Who We Are

bgcut is operated by Marco B., based in Spain. For any privacy-related enquiries, contact us at support@openimages.app.

We are the data controller for any personal data processed in connection with your use of bgcut at bgcut.openimages.app.

2. What Data We Collect and Why

2a. Uploaded Images

When you submit an image for background removal, it is transmitted over HTTPS to our Cloudflare Worker, which forwards it to our GPU inference server (Modal). The image is processed entirely in memory by the BiRefNet HR model and immediately discarded — we do not write it to disk, to a database, or to any object store at any point. The resulting PNG is returned directly to your browser. We retain no copy of your image or the processed output.

Legal basis: contract performance (Art. 6(1)(b) GDPR) — processing the image is the service you requested.

2b. Purchase Email and License Key

When you buy a license pack, Stripe collects your email address and payment details. Your email address and the associated license key (format: BGCT-XXXX) are stored in our database (Cloudflare D1) so that we can deliver and validate your key. This data is retained for as long as the license remains active.

Legal basis: contract performance (Art. 6(1)(b) GDPR) — we need your email to deliver the license key and to support you if you lose it.

2c. Infrastructure Logs

Cloudflare, as our CDN, hosting, and DNS provider, automatically records standard request metadata: IP address, timestamp, HTTP method, URL path, status code, and User-Agent string. These logs are maintained by Cloudflare under their own data retention policies and are used for security, abuse prevention, and operational diagnostics.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR) — maintaining the security and integrity of the service.

3. Sub-Processors

We share data with the following third-party processors:

  • Stripe, Inc. (US/EU) — payment processing. Stripe collects and processes your payment card data and email address under their own privacy policy. Stripe is certified under the EU–US Data Privacy Framework.
  • Modal Labs, Inc. (EU/US) — GPU inference. Your uploaded image is sent to Modal's infrastructure for processing. As described in section 2a, no data is retained after inference completes.
  • Cloudflare, Inc. (US) — hosting, CDN, and DNS. All traffic to bgcut.openimages.app passes through Cloudflare's network. Cloudflare processes request metadata as described in section 2c.

4. International Transfers

Modal and Stripe may process data on infrastructure located in the United States. Where such transfers occur, they are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission under Art. 46(2)(c) GDPR. You may request a copy of the applicable transfer mechanisms by contacting us at support@openimages.app.

5. Data Retention

  • Uploaded images: zero retention — not stored at any point in the processing pipeline.
  • License key and purchase email: retained for the duration that the license is active. You may request deletion at any time (see section 6).
  • Infrastructure logs: retained per Cloudflare's standard policies, typically up to 30 days.

6. Your Rights Under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: request deletion of your personal data where no overriding legal basis applies.
  • Data portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Restriction: ask us to restrict processing in certain circumstances.
  • Lodge a complaint: you have the right to lodge a complaint with your local supervisory authority. If you are in Spain, this is the Agencia Española de Protección de Datos (AEPD) at aepd.es.

To exercise any of these rights, contact us at support@openimages.app. We will respond within 30 days.

7. Cookies and Tracking

bgcut does not use advertising cookies, analytics trackers, or third-party marketing pixels. We do not track you across websites and we do not build advertising profiles. The only browser storage we use is what is strictly necessary for the service to function (for example, storing your license key locally so you do not need to re-enter it on each visit).

8. Security

All data in transit is encrypted using TLS. Image processing occurs over private channels between our Cloudflare Worker and the Modal inference server. Our Cloudflare D1 database storing license keys is access-controlled and not publicly accessible. No payment card data is stored by us — Stripe handles all payment data under their own PCI-DSS certification.

9. Children

bgcut is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at support@openimages.app and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of bgcut after an update constitutes acceptance of the revised policy.

11. Contact

For any questions about this Privacy Policy or your personal data, write to us at support@openimages.app.