Privacy Policy

1. Information we collect

We collect only what's needed to run your studio:

• Account data: name, business name, email, password hash, profile photo, public profile slug.
• Studio content: projects, services, templates, messages, invoices, schedules, and analytics events you create inside the app.
• Uploaded media: photos and files you or your clients upload to galleries and projects.
• Client data you enter: client names, contact details, booking notes, and any information your clients submit through your public profile or portals.
• Technical data: IP address, browser type, device identifiers, and basic usage logs, used to keep the service secure and reliable.
• Payment data: handled by our payment processor; we store only the metadata required to reconcile invoices (amount, status, last four digits) — never full card numbers.

2. How we use your data

• Operate the platform — authenticate accounts, render galleries, send transactional email, generate share links.
• Improve the product — diagnose bugs, measure feature usage in aggregate.
• Communicate with you — service notices, billing, and (only with consent) product updates.
• Comply with legal obligations and protect against fraud or abuse.

We do not sell your data or your clients' data. We do not use uploaded photos to train AI models.

3. Storage, security, and location

Account data and studio content live in a managed Postgres database. Uploaded photos are stored in private object storage and are accessible only through signed URLs generated for the share links you create. All traffic is encrypted in transit (TLS). Data is hosted in the United States and the European Union via our infrastructure providers.

4. Sharing data with third parties

We share data only with vendors strictly required to deliver the service:

• Cloud hosting and database: for storing your account and content.
• Email delivery: for transactional notifications.
• Payment processing: when subscriptions or client invoices are processed.
• Analytics: privacy-respecting product analytics on aggregate behavior.

Each vendor is bound by a data processing agreement. We do not share data with advertisers.

5. Your rights (GDPR, CCPA, and similar laws)

You may at any time:

• Access a copy of the data we hold about you.
• Correct inaccurate data through your account settings.
• Delete your account and associated data.
• Export your projects, galleries, and client data.
• Object to or restrict certain processing.

To exercise any of these rights, contact us through the support page. We respond within 30 days.

6. Clients of PixPrism photographers

If you received an invitation, gallery link, or invoice from a photographer using PixPrism, the photographer is the data controller for the content they collect about you. PixPrism acts as a data processor on their behalf. Direct requests about your data to the photographer first; we will assist them in fulfilling your request.

7. Retention

We keep your data for as long as your account is active. When you delete your account, studio content and uploaded media are permanently removed within 30 days, except where we are legally required to retain certain records (for example, tax invoices).

8. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or cross-site tracking cookies.

9. Children

PixPrism is not directed at children under 16. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or an in-app notice at least 14 days before they take effect.

11. Contact

Questions about this policy? Reach us through the support page.