This Policy applies to all users of the Service worldwide. It forms part of our Terms of Service. By accessing or using the Service, you agree to the practices described below.

Controller: For GDPR and similar laws, Spectracular is the data controller for personal data processed via rsz.app and its API.

We do not intentionally collect sensitive personal data (e.g., health or biometric data). If you choose to include such data in images, you are responsible for ensuring you have the legal right to do so.

We process information to:

• Provide, maintain, and improve the Service
• Authenticate users and secure accounts
• Monitor, detect, and prevent fraud or abuse
• Respond to inquiries and support requests
• Generate aggregated statistics that do not identify individuals
• Comply with legal obligations and enforce our Terms

We rely on one or more of the following bases:

• Contractual necessity - to deliver the Service you request
• Legitimate interests - to secure and improve the Service
• Consent - for optional cookies or marketing communications
• Legal obligation - to comply with applicable law or lawful requests

• Content Data: deleted automatically within 90 days of processing unless you request earlier deletion or retain copies in your account.
• Account & Billing Records: retained for as long as your account is active and as required for tax, accounting, and legal compliance (typically up to 7 years).
• Logs: retained up to 90 days for security and troubleshooting, then aggregated or deleted.

We do not sell, rent, or share personal data with third parties for their own marketing. We may disclose information only:

• Service Providers - vetted subcontractors that perform hosting, payment, or support functions under contractual confidentiality obligations
• Legal Compliance - when required by law, court order, or governmental request
• Business Transfers - in connection with a merger, acquisition, or sale of assets, provided the acquirer assumes equivalent privacy commitments

We operate globally using servers located in the United States and the European Economic Area. When we transfer personal data across borders we rely on:

• Adequacy decisions of the European Commission
• Standard Contractual Clauses or UK Addendum
• Other legally recognized transfer mechanisms

We implement industry-standard administrative, technical, and physical safeguards, including:

• HTTPS/TLS encryption in transit
• Encryption at rest for stored Content Data
• Least-privilege access controls and API key management
• Regular penetration testing and vulnerability scanning

No method of transmission or storage is entirely secure; therefore, we cannot guarantee absolute security.

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete personal data
• Object to or restrict processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at [email protected]. We will respond within 30 days or as required by law.

We use cookies and similar technologies to operate and improve our Service. Below is an overview of the types of cookies we use:

Essential Cookies

These cookies are necessary for the Service to function properly, including authentication, security (CSRF tokens), and maintaining login state.

Analytics Cookies

We use Google Analytics (with IP anonymization enabled) to understand how visitors interact with our site. This helps us improve the Service.

Advertising Cookies

Third-party vendors, including Google, use cookies to serve ads based on your prior visits to this website or other websites. Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to rsz.app and/or other sites on the Internet.

These advertising cookies may be set on pages that include ad tags, even if ads are not visibly displayed.

Your Choices and Opt-Out Options

You can control cookies in several ways:

• Cookie Banner: Use our cookie consent banner to accept or reject non-essential cookies when you first visit the site.
• Browser Settings: Most browsers allow you to block or delete cookies through their settings.
• Google Ads Settings: You can opt out of personalized advertising by visiting Google Ads Settings.
• Network Advertising Initiative: You can opt out of some third-party vendors' use of cookies for personalized advertising by visiting aboutads.info.
• European Users: Visit Your Online Choices for additional opt-out options.

Please note that opting out of personalized advertising does not mean you will stop seeing ads—it means the ads you see may be less relevant to your interests.

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

You must keep your API keys confidential, comply with rate limits, and ensure that any end-user data you submit has been lawfully obtained and is adequately anonymized or encrypted if required.

We may update this Policy periodically. Material changes will be posted on this page with a new “Last updated” date and, where required, notified to you by email.

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact: