Security
Last reviewed: March 18, 2026
Security & data lifecycle
Images.dayfiles.com processes images locally by default. Server fallback is limited to heavy tasks, with signed access and automated deletion.
This page explains the operating model in product terms. For broader context, also review How it works and Privacy.
Processing model
Client-side whenever possible
Fallback: Server processing for heavy tools or unsupported browsers
The distinction matters because not every image task carries the same trust expectations. Simpler browser-safe routes should not feel identical to heavier or protected workflows.
Retention
Fallback artifacts expire after 60 minutes.
Auto-delete: enabled
Controls
- Signed URL access only: yes
- Public bucket access: disabled
- MIME validation: enabled
- Max upload size: 25MB
- Soft rate limit: 40/minute
What this means for users
The site should feel different from a generic upload-first editor. Many workflows stay on-device, heavier routes make their fallback behavior explicit, and privacy-sensitive tools such as blur or watermarking are meant to sit inside a broader trust story rather than appear as isolated utilities.