Crop

Circle Crop Crop Image

Optimize

Compress Image AI Image Upscaler Remove Background

Modify

Resize Image

Convert

Other

JPG to PDF

Privacy policy

Plain English. Nothing hidden, nothing surprising — your photos stay on your device, and we explain exactly what we do collect.

The short version

  • Two tools run 100% in your browser — Circle Crop and the Compress preview/edit step use the HTML5 Canvas API on your device. Nothing is uploaded.
  • Two tools route a single request through our infrastructure — the final Compress download (when you click “Download”) and Remove Background. Both delete your image after the response is returned; neither is stored, indexed, logged, or used to train anything.
  • We do not set tracking cookies on our own surfaces. Cloudflare Web Analytics collects aggregate page-view data without cookies. Third-party advertising cookies (AdSense) are loaded only on tool pages and only after you consent in regions that require it.
  • You can verify the client-side claims yourself. Open DevTools → Network, and watch Circle Crop and the Compress preview run with zero upload requests.

Who we are — controller identification

Araluma is operated as a personal project by Guilherme Campos, an independent developer based in Brazil.

For the purposes of GDPR (EU), LGPD (Brazil), CCPA/CPRA (California) and similar laws, the data controller is Guilherme Campos, reachable at guilherme@araluma.com for data-protection requests. General support is at support@araluma.com.

Under Brazil’s Resolução CD/ANPD nº 2/2022, this project qualifies as an “agente de tratamento de pequeno porte” and is not required to formally appoint a Data Protection Officer (Encarregado); the controller above serves as the direct communication channel with data subjects, as required by Art. 11 of that Resolução and §2 of Art. 41 of the LGPD.

What information we process — and on what legal basis

Each operation below is mapped to its legal basis under LGPD Art. 7 (Brazil) and the equivalent GDPR Art. 6 (EU). We declare these explicitly so you can audit which basis we rely on for which path.

Your images — Circle Crop and Compress preview

When you use Circle Crop, or when you adjust the quality slider, format, or split-view in Compress, the work happens entirely in your browser via <canvas> and canvas.toBlob. The image bytes never leave your device. No version is sent to our infrastructure, cached, or logged — because no request carrying your image is made. Legal basis: not applicable — no processing by us occurs.

Your images — Compress download and Remove Background

Two operations route through our infrastructure. Legal basis for both: LGPD Art. 7, V — execution of the user-requested contract (free service), plus our legitimate interest (Art. 7, IX) in operating the service sustainably.

Compress download. When you click “Download” in the Compress tool, your image is sent once to api.araluma.com (a Fastify service running on a VPS in Germany operated by Hostinger). It is re-encoded by sharp 0.34 + libvips 8.17 — the same C libraries used by Squoosh’s server-side path — and the result is streamed back to your browser. The service keeps a tenant-isolated content-addressed cache (a hash of the bytes + parameters): re-downloading the same image with the same settings replays the cached result rather than re-encoding. Cache entries are evicted by LRU and capped at 500 MB, with a typical entry lifetime of a few minutes to a few hours depending on traffic pressure; signed canonical URLs that reference cache entries have a 900-second TTL. The cache is not indexed by user, IP, or filename, is not logged, is not used to train any model, and is not made available to anyone outside the encoding service.

Remove Background. Your image is uploaded once to a Cloudflare Worker (araluma-bg-remover), staged in a private R2 bucket (araluma-bg-temp), passed through Cloudflare’s cf.image.segment transformation (which runs the BiRefNet model on Cloudflare’s edge GPUs), and the resulting cutout is streamed back to your browser. The staged R2 object is deleted automatically within one hour by an R2 lifecycle rule, regardless of outcome. Uploads are capped at 5 MB and 30 requests per IP per day. If our Worker is unreachable, the tool falls back to an in-browser model (@imgly/background-removal) that runs locally in your browser via WebAssembly — in that fallback path, no upload happens.

In neither case is your image kept, indexed, sold, or shared with a third party beyond the named sub-processor that performs the encode or segmentation. We do not look at your images, and we do not have a workflow that would surface them to us.

Site visit data

We use Cloudflare Web Analytics to understand which pages people visit, in aggregate, so we can prioritize improvements. Cloudflare Web Analytics is server-side and does not set tracking cookies, does not fingerprint your device, and does not assign you a persistent identifier. Legal basis: LGPD Art. 7, IX — legitimate interest in measuring site usage in aggregate. GDPR Art. 6(1)(f) equivalent.

The data collected is limited to: the page URL, the referring URL, your country (derived from your IP, not stored individually), the browser family (e.g. “Chrome 130”), and Core Web Vitals performance numbers. None of this is linked to a person.

Strictly-necessary cookies

Cloudflare, as our hosting, DNS, and edge-compute provider, may set a small number of strictly-necessary cookies to deliver the site and protect it from automated abuse (for example, the __cf_bm bot-management cookie). These cookies are required for the site to function and are not used for advertising or tracking. Legal basis: LGPD Art. 7, IX — legitimate interest in site security. Per the ANPD’s 2022 Cookie Guide, strictly- necessary cookies do not require prior consent. See the Cloudflare cookie policy for the full list.

Local browser storage

To make the site usable across visits, Araluma stores small amounts of data in your browser’s localStorage: your selected theme (light or dark), your preferred language, and a flag indicating whether you’ve dismissed the language-switch suggestion. This data never leaves your browser and is never visible to us. Legal basis: LGPD Art. 7, V — execution of the user-requested service (your preferences).

Rate-limiting

To prevent abuse of the Remove Background Worker, we keep a per-IP daily counter in a Cloudflare KV namespace (araluma-bg-ratelimit). The counter resets every 24 hours and stores only the count, not the images or any other content. Legal basis: LGPD Art. 7, IX — legitimate interest in service availability.

Advertising

Araluma displays a single AdSense unit served by Google on tool pages. The home page, satellite pages, and legal pages remain ad-free.

Legal basis: LGPD Art. 7, I — consent of the data subject. Per the ANPD’s 2022 Cookie Guide, advertising cookies are not strictly necessary and require explicit prior consent with a banner that offers “accept” and “reject” with equal prominence.

We use Google Funding Choices as our Consent Management Platform (CMP). It is AdSense’s native CMP, implements the IAB TCF v2.2 consent signal, and is the Google-recommended path for LGPD, GDPR and CPRA compliance for publishers serving ads. The CMP banner is shown automatically to visitors from regions that legally require prior consent (EU, UK, Brazil, California); your choice — accept all, reject all, or customize — is stored and respected on subsequent visits. You can re-open the consent settings at any time via the “Privacy” link that the CMP injects into the page footer when active.

When you consent, third-party vendors including Google may use cookies and web beacons to serve personalized ads based on your visits to Araluma and other websites. If you decline, AdSense still serves ads but only non-personalized ones, based solely on the page content and not on your browsing history. You may also opt out of personalized advertising globally by visiting Google’s Ads Settings, or aboutads.info for industry-wide opt-outs.

Premium tier (future)

We plan to offer an optional paid “Araluma Pro” tier in the future, processed through Lemon Squeezy as merchant of record. If you choose to subscribe at that point, Lemon Squeezy will process your billing details (name, email, billing address, payment method) under their own privacy policy as a sub-processor. We will only receive a confirmation that your license is valid, plus your email address for licensing communication. Legal basis: LGPD Art. 7, V — execution of the contract you enter into when subscribing.

Until the Pro tier launches, no payment information of any kind is processed by us or on our behalf.

International data transfer

Two of our sub-processors operate outside Brazil:

  • Hostinger International Ltd. runs the Compress download VPS in Germany.
  • Cloudflare, Inc. operates a global edge network; your Remove Background request may be processed at any Cloudflare data center, typically the one geographically closest to you.

Legal basis for the transfer: LGPD Art. 33, II — standard contractual clauses that Hostinger and Cloudflare publish for international transfers, combined with Art. 33, V — transfer necessary for the execution of the service the data subject requested. GDPR equivalent: Art. 46(2)(c) SCCs. The ANPD has not yet (as of this update) published a list of adequate countries under Art. 34 of the LGPD; we will update this section if Germany or other operating jurisdictions are added to that list.

Sub-processors

  • Cloudflare, Inc. — DNS, edge hosting (Cloudflare Pages), web analytics, DDoS protection, Workers (araluma-bg-remover), R2 storage (araluma-bg-temp, auto-purged hourly), KV (araluma-bg-ratelimit), and the cf.image.segment transformation that runs BiRefNet. Privacy policy.
  • Hostinger International Ltd. — VPS hosting for the Compress download service (api.araluma.com) in Germany. Privacy policy.
  • Google LLC (AdSense) — ad serving on tool pages, subject to user consent in regions that require it. Privacy policy.
  • Lemon Squeezy (Lemon Squeezy LLC) — only if you purchase a Pro license in the future. Privacy policy.

Your rights as a data subject

Depending on where you live, you have rights under laws including the EU’s GDPR, Brazil’s LGPD (Art. 18), the California CCPA/CPRA, and similar regulations.

Under Brazil’s LGPD (Art. 18), you have the right to obtain from us:

  1. Confirmation that we are processing your personal data (inciso I).
  2. Access to the data we hold about you (inciso II).
  3. Correction of incomplete, inaccurate, or outdated data (inciso III).
  4. Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD (inciso IV).
  5. Portability of your data to another service provider, subject to ANPD regulation and commercial / industrial secrets (inciso V).
  6. Deletion of data processed under your consent, except for the cases the LGPD itself allows retention (inciso VI).
  7. Information about the public and private entities with whom we have shared your data (inciso VII).
  8. Information about the possibility of not providing consent and the consequences of that refusal (inciso VIII).
  9. Revocation of consent at any time (inciso IX).

To exercise any of these rights, email guilherme@araluma.com. Under the small-scale processing regime of Resolução CD/ANPD nº 2/2022 (Art. 14, I), our maximum response time is 30 days — we aim to respond within 5 business days.

Because our service design holds essentially no personal data tied to you (no accounts, no persistent identifiers, no logged image content), most of these rights are satisfied by the design itself. If you would like written confirmation that no data is held about you, email the address above.

Right to complain to the supervisory authority

In Brazil, you may also file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd. In the EU, contact your national data-protection authority.

Children and adolescents

The LGPD defines a child as a person up to 12 years of age (complete) and an adolescent as 12 through 17 (Art. 14). Araluma is a general-audience tool and is not directed at children.

Processing data of a child requires specific and prominent consent by at least one parent or legal guardian (Art. 14 §1) — and given that our service is not directed at children and does not request identifying information from any user, we do not knowingly collect children’s personal data through normal use. If you become aware that a child has submitted personal information through the site, contact guilherme@araluma.com and we will delete it.

Changes to this policy

If we make material changes — for example, when the Pro tier launches, or when we add a new tool that changes the data flow — we will update the “Last updated” date below and, where appropriate, post a notice on the home page.

Contact {#contact}

Questions about this policy or about how Araluma handles data? Email guilherme@araluma.com. We aim to respond within 5 business days; the maximum legal response time under the LGPD small-scale processing regime is 30 days.

Controller: Guilherme Campos — Brazil — guilherme@araluma.com Last updated: 2026-05-15