// Trust & Security Report

    QaamGo Media GmbH logo

    QaamGo Media GmbH

    Free online image editor and converter with 27+ tools including AI photo editor, upscaler, colorizer, background remover, art generator, compression, format conversion, and effects (browser-based, no downloads required)

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    Privacy policy states 'This Privacy Policy describes the processing and protection of all personal data in accordance with EU data protection regulations' and 'within the scope of a data processing agreement'. Users have explicit GDPR rights (Article 15-21) documented in privacy policy.

    Verify on img2go.com
    > Show 7 unconfirmed / not-held certifications
    SOC 2 Type I
    NOT CONFIRMED

    No public evidence of SOC 2 Type I certification found on vendor domain or trust materials

    source: img2go.com
    SOC 2 Type II
    NOT CONFIRMED

    No public evidence of SOC 2 Type II certification found on vendor domain or trust materials

    source: img2go.com
    ISO/IEC 27001
    NOT CONFIRMED

    Vendor states 'Infrastructure hosted in certified data centers with strict industry security standards like ISO/IEC 27001' - this refers to the hosting provider's certification, not img2go's own certification. No evidence that img2go as a company holds ISO 27001 certification.

    source: img2go.com
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA compliance. Product is general-purpose image editing tool, not healthcare-focused.

    source: img2go.com
    PCI DSS
    NOT CONFIRMED

    Vendor states 'Payments handled by Stripe and PayPal. Credit card numbers are never disclosed to us.' PCI DSS compliance is the payment processor's responsibility, not img2go's.

    source: img2go.com
    ISO/IEC 27701 (Privacy Extension)
    NOT CONFIRMED

    No public evidence of ISO 27701 certification found on vendor domain

    source: img2go.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification found on vendor domain

    source: img2go.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Europe exclusively

    Terms of Service explicitly state: 'User files are not used for AI training.' No customer data is used to train AI models.

    // Security controls

    Encryption in transit

    TLS with modern encryption protocols

    img2go.com

    Encryption at rest

    Personal data stored in encrypted form

    img2go.com

    Data retention

    Generated files can be downloaded a maximum of 10 times; access is automatically blocked after 24 hours; files are physically deleted at the latest after 72 hours.

    img2go.com

    Data center security

    Infrastructure hosted in ISO 27001 certified data centers with DDoS protection, firewalls, intrusion detection, redundant systems, and continuous monitoring

    img2go.com

    Physical access controls

    Biometric access controls at physical facilities

    img2go.com

    Access control

    Least privilege access principles enforced

    img2go.com

    Secure development

    Secure development lifecycle with code reviews

    img2go.com

    Employee training

    Structured employee training and onboarding/offboarding procedures

    img2go.com

    Audits

    Regular audits and policy reviews

    img2go.com

    File processing

    Completely automated with no human interaction with uploaded files

    img2go.com

    // Products & data scope

    Image Editor & Converter ToolsImage Editing / Conversion

    data: Uploaded images temporarily processed; download access blocked after 24 hours (max 10 downloads) and files physically deleted at the latest after 72 hours

    27+ free tools including AI Photo Editor, AI Upscaler, AI Colorizer, Background Remover, Art Generator, Compressor, Resizer, Converter (JPG/PNG/WebP/PDF/BMP/TIFF), Crop, Rotate, Filters, GIF Creator. All run in browser, no software download required.

    Free TierPricing Model

    data: All tools available free with no account required

    No personal data collected for basic usage

    Premium/Paid PlansPricing Model

    data: Requires account and payment processing via Stripe/PayPal

    Credit card numbers processed by payment processors only; img2go does not handle card data

    // What to watch

    • ISO 27001 claim is ambiguous: homepage states 'ISO 27001 Data Centers' which refers to infrastructure provider certification, NOT vendor's own certification. Potential over-claim that could mislead users into thinking img2go is ISO 27001 certified.
    • No SOC 2 certification despite operating as a SaaS-like service with 20M+ monthly users and commercial plans.
    • Privacy policy last updated March 2023 (over 3 years old as of July 2026) - should be refreshed.
    • DPA availability mentioned in privacy policy ('within the scope of data processing agreement') but process for obtaining it is unclear - customers should verify how to request DPA.
    • No dedicated trust center or security documentation portal - security details only on homepage and security page.

    // At a glance

    Pricing model

    Freemium - all 27+ tools free without account; optional premium features via subscription

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on QaamGo Media GmbH's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    img2go.com

    > Browse all vendor trust reports