Privacy Policy

Introduction

Welcome to PhotoFlow ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our photography platform, which allows photographers to upload, manage, and share photos with their clients. By using PhotoFlow, you agree to the practices described in this policy.

1. Information We Collect

We collect the following types of information to provide and improve our services:

• Personal Information: When you sign up or use PhotoFlow, we may collect your name, email address, and other contact details.
• Photos and Content: Photographers upload photos to our platform, which may include metadata (e.g., timestamps, geolocation). We also generate branded versions of these photos.
• Client Selections: Clients can select photos via shared links. We store these selections to facilitate collaboration between photographers and clients.
• Usage Data: We collect information about how you interact with our platform, such as IP addresses, browser type, device information, and pages visited.
• Cookies and Tracking: We use cookies and similar technologies to enhance user experience, track usage, and analyze trends. You can manage cookie preferences in your browser settings.

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To enable photo uploads, branded photo generation, album sharing, and client photo selection.
• Communication: To send you updates, notifications, and support messages (e.g., confirming photo selections).
• Improvement: To analyze usage data and improve our platform’s functionality and user experience.
• Security: To protect against unauthorized access, fraud, and other illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell your personal information. We may share your data in the following circumstances:

• With Clients: Photographers share albums with clients via secure token-based links. Clients can view and select photos.
• Service Providers: We use third-party services (e.g., Amazon Web Services for hosting, storage, and processing) that may access your data to provide our services.
• Legal Obligations: We may disclose your information if required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

4. Data Storage and Security

We store your data on secure servers hosted by Amazon Web Services (AWS). Photos are stored in S3, and user data is stored in a PostgreSQL database managed by RDS. We use Redis for temporary task processing (e.g., branded photo generation). We implement industry-standard security measures, including encryption, access controls, and regular audits, to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.

5. Your Rights

Depending on your location, you may have the following rights under privacy laws (e.g., GDPR, CCPA, DPDP Act):

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data, subject to legal obligations.
• Opt-Out: Opt out of certain data uses (e.g., analytics cookies).
• Data Portability: Request your data in a machine-readable format.

To exercise these rights, please contact us at privacy@photoflow.com.

6. Data Retention

We retain your personal information and photos for as long as necessary to provide our services or comply with legal obligations. For example, we retain photos in S3 until the photographer deletes them or their account is closed. Usage data is retained for up to 12 months for analytics purposes, after which it is anonymized or deleted.

7. International Data Transfers

PhotoFlow operates globally, and your data may be transferred to and processed in countries other than your own, including India (where our servers are located) and the United States (AWS data centers). We ensure that such transfers comply with applicable privacy laws, using mechanisms like Standard Contractual Clauses for GDPR compliance.

8. Children's Privacy

PhotoFlow is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that such data has been collected, we will delete it immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.