Privacy Policy

1. Introduction

Photosgraph PBC ("we," "us," or "our") operates the photosgraph platform ("the Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

Photosgraph is built on a principle of consent. This extends to our privacy practices — we aim to collect only what is necessary to operate the Service and to give you meaningful control over your information.

Data Controller

The data controller for information processed through photosgraph is:

Photosgraph PBC
155 Woodland Avenue, Lexington, KY 40502
privacy@photosgraph.com

We do not currently have a Data Protection Officer. If you have questions about our data practices, contact us at privacy@photosgraph.com.

2. Information We Collect

Information you provide:

Account information: Your username, email address, and password (stored as a secure hash — we never store your actual password).

Profile information: Your display name (which must include your real name), profile photo, bio, and optional traits you choose to add.

Photos & metadata: Photos you upload, captions, names and tags identifying people in photos, dates, places, and annotations. This includes EXIF data embedded in photo files (such as camera model, date taken, and GPS coordinates if present). We strip EXIF data from photos before displaying them to other users but may retain it internally for service operation (e.g., suggesting date and location fields).

Approval decisions: Your approvals and revocations of tags on photos.

Information collected automatically:

Log data: When you use photosgraph, our servers may record standard log information including your IP address, browser type, referring URL, and access times. This data is used for security and service operation purposes only and is retained for 90 days.

Cookies and session data:

We use essential cookies only, to maintain your login session and protect against cross-site request forgery. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. No cookie consent banner is required because we use only cookies that are strictly necessary for the Service to function.

3. Lawful Basis for Processing (GDPR)

For users and data subjects in the European Economic Area (EEA), we process personal data under the following lawful bases:

Contractual necessity (Article 6(1)(b)): Processing your account information, profile, and uploaded content as necessary to provide the Service you signed up for. This includes displaying your profile (name, photo, connections, relationships, and publicly approved photos) to other logged-in members, which is a core part of how the Service operates.

Consent (Article 6(1)(a)): Processing of your uploaded content for display within group albums you have joined (joining a group album constitutes consent for viewing by other group members; you may withdraw consent at any time by removing specific photos or leaving the group). Processing of tagged persons' data for public visibility through the explicit public toggle mechanism. You may withdraw consent at any time by toggling off public visibility or revoking your tag entirely.

Legitimate interest (Article 6(1)(f)): Processing of photos in your personal Unsorted area prior to being added to a group album, where the photo is visible only to the uploader. Processing of depicted non-users' data as described in Section 9, balanced against their rights through the safeguards described therein.

Legal obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws, such as responding to lawful requests from authorities.

4. How We Use Your Information

We use your information to:

— Operate and maintain the Service, including group albums and public albums
— Display your profile (including your name, profile photo, connections, and relationships) to logged-in members, and display your publicly approved photos to all users
— Notify you when you are tagged in a photo or invited to a group album
— Automatically add you to group albums when you are tagged in their photos
— Enable search and discovery of public photos in public albums by place, event, or theme
— Suggest public albums to which your public photos may be relevant, based on photo metadata, location, or album descriptions (you always choose whether to add a photo to a public album)
— Build the connection graph from approved, public photos
— Protect the security of your account and the Service
— Respond to your requests, reports, and inquiries
— Comply with legal obligations

We will never use your content or personal data to train machine learning models, for advertising, or for any purpose beyond operating the Service as described in this policy. Photosgraph does not accept AI-generated, AI-composited, or synthetically created images. All photos must depict real moments captured by a physical camera or scanner. See our Terms of Use for details on permitted and prohibited modifications.

5. What We Share

Profile information: Your profile — including your display name, profile photo, connections, relationships, and any photos you have approved for public visibility — is viewable by logged-in members of Photosgraph. No group-only photos appear on your profile. There is no public people directory or search.

Group album content: Photos in group albums are visible to all members of that group. This includes the photo, associated metadata, and the names and profile photos of tagged people. Group album content is not visible to non-members or to the public.

Public content: Photos where every tagged person has approved for public visibility may be added to public albums, which are visible to everyone including non-logged-in visitors. Public photos are displayed along with associated metadata (captions, dates, places, annotations, and the names and profile photos of tagged people).

Public album content and search engines: Photos in public albums are visible to everyone, including non-logged-in visitors and search engines. Public album content includes the photo, associated metadata, and the names and profile photos of tagged people who have approved public visibility. Public album pages may be indexed by search engines. By approving a photo for public visibility, you acknowledge that it may appear in search engine results.

We do not sell your data. We do not sell, rent, or trade your personal information to third parties for marketing, advertising, or any other purpose. We have not sold personal information in the preceding 12 months.

Service providers: We may share data with service providers who assist in operating the Service (e.g., hosting, email delivery), subject to contractual obligations to protect your data and use it only as directed by us.

Legal requirements: We may disclose information if required by law, legal process, or to protect the rights, property, or safety of Photosgraph PBC, our users, or the public.

6. International Data Transfers

Our servers are located in the United States. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. For transfers from the EEA, we implement appropriate safeguards as required by GDPR Chapter V, which may include Standard Contractual Clauses or reliance on adequacy decisions. Details of the specific safeguards applied to each transfer are available upon request at privacy@photosgraph.com.

7. Your Rights & Controls

All users:

Approval & revocation: You control which photos you appear in. In group albums, you can remove any photo of yourself or leave the group entirely. For public visibility, you control a toggle that you can turn off at any time. You can also revoke entirely, removing the photo from all albums across the platform.

Profile editing: You can update your profile information, photo, and traits at any time.

Account deletion: You may delete your account at any time. This will remove your profile, revoke all your tags (removing associated photos from group and public albums), delete photos you uploaded, and transfer group albums you organized. Personal data will be deleted within 30 days; backups purged within 90 days.

Data access: You may request a copy of the personal data we hold about you.

Data portability: You may request your data in a structured, commonly used, machine-readable format.

We will respond to verified data access and portability requests within 30 days (or 45 days if we notify you of an extension, as permitted under CCPA). For GDPR subject access requests, we will respond within one calendar month as required by Article 12(3).

Additional rights for EEA residents (GDPR):

Right to rectification: You may request correction of inaccurate personal data.

Right to erasure: You may request deletion of your personal data, subject to any legal retention obligations.

Right to restrict processing: You may request that we limit how we process your data in certain circumstances.

Right to object: You may object to processing based on legitimate interest.

Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at privacy@photosgraph.com.

Additional rights for California residents (CCPA):

Categories of personal information collected: Identifiers (name, email, username, IP address); internet or electronic network activity (log data, session information); geolocation data (if added to photos); and audio, electronic, visual, or similar information (photos).

Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.

Right to delete: You may request deletion of personal information we hold about you.

Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

Do Not Sell My Personal Information: We do not sell personal information. We have not sold personal information in the preceding 12 months.

8. Photo Privacy

Photosgraph uses a layered consent model with two visibility contexts:

Group albums (private):

— Photos are visible to all group members immediately upon upload, whether or not anyone has been tagged yet
— Being a member of the group constitutes consent for viewing within that group
— Any member who appears in a photo can remove it from the group at any time
— Any member can leave a group, removing all photos of them from that group

Public albums:

— Photos require that all identifiable people are tagged, and explicit public approval from every tagged person, before they can appear in public albums
— Any tagged person can toggle their public approval off at any time, which removes the photo from all public albums immediately
— The uploader can also unpublish a photo at any time

Community Commitments:

— At registration, every user agrees to Community Commitments covering photo standards, album integrity, and community conduct
— These commitments apply to all activity on the platform and are not re-confirmed per photo or per album
— Reminders appear when uploading photos and creating albums
— The commitments attest that photos are genuine, do not violate rights, and are not AI-generated. Photos of minors are permitted in group albums under specific restrictions (see Section 12).

Additional protections:

— The uploader and album organizers can tag or name people in a photo
— Uploaders must tag or name every reasonably identifiable person, or obscure them
— Photos depicting minors are restricted to private group albums and can never be made public (see Section 12)
— AI-generated, AI-composited, or synthetically created images are prohibited
— Deleted photos are permanently removed
— Any tagged person can remove a photo from all albums across the platform (permanent revocation)

We design the Service so that individuals maintain ongoing control over their appearance in photos at every level of visibility.

Deceased persons:

When a depicted person is deceased, the standard consent flow cannot apply. In these cases, approval authority rests with the uploader, who must attest in good faith that the deceased person or their family would not object to the photo being shared. Deceased named persons do not block publication of photos.

Members may designate a legacy contact who assumes approval authority over their photos if their account is memorialized. Any person with a legitimate familial relationship to a deceased depicted person may request review, changes, or removal by contacting privacy@photosgraph.com. This is a limited exception to our standard consent model, documented here for transparency. See our Terms of Use (Section 4g) for full details.

Revocation and deletion:

When a tagged person revokes their approval, the photo is immediately removed from public view and from any public albums. The photo file is retained in the uploader's private storage as part of the uploader's account content, accessible only to the uploader and other tagged individuals. This retention is based on the uploader's legitimate interest in maintaining their own photo collection. Any tagged person may request full deletion of the photo file by contacting privacy@photosgraph.com, which we will process within 10 business days.

9. Data Processing of Depicted Non-Users

Photosgraph processes photographic images that may contain the personal data of individuals who are not registered users of the Service ("depicted persons"). Uploaders are required to identify depicted non-users by name through the Photosgraph system.

When a non-user is named in a group album photo, they receive an invitation that references the group album and the number of photos waiting for them. Upon registration, they are automatically added to the group and can see all photos of themselves immediately. They may then remove any photo they don't want in the group, leave the group entirely, or approve photos for public visibility.

When we contact a non-user by email (at the uploader's direction), the invitation will include: a link to this Privacy Policy, the name of the person who tagged them, the name of the group album, the number of photos in which they appear, and instructions for requesting removal without creating an account.

What data we process: Photographic images in which a depicted person may be identifiable, along with the name (and optionally email address) provided by the uploader.

Lawful basis (GDPR): Legitimate interest of the uploader and the platform in facilitating consent-based photo sharing (Article 6(1)(f)). We balance this against the depicted person's rights by:

— Requiring uploaders to tag or name all reasonably identifiable persons
— Limiting visibility of group album photos to group members only
— Never making photos publicly visible without approval from all tagged and named persons
— Providing album context in invitations so non-users understand how their photos are being shared
— Providing a reporting mechanism accessible to non-users
— Removing content promptly upon valid takedown request

Your rights as a depicted non-user: If you believe you are identifiable in a photo on Photosgraph, you have the right to:

— Request confirmation of whether your personal data is being processed
— Request removal of any photo in which you are identifiable
— Object to the processing of your image
— Lodge a complaint with your local data protection authority

Family members of deceased depicted persons: If you are a family member of a deceased person who is identifiable in a photo on Photosgraph, you may request review, changes to visibility, or removal of photos depicting your family member. We may request documentation of the familial relationship before acting on such requests.

To exercise these rights, contact privacy@photosgraph.com. You do not need a Photosgraph account. We will act on verified requests within 10 business days, or within 24 hours for reports involving minors.

10. Data Retention

We retain data for the following periods:

Account information: Retained until you delete your account.

Published photos: Photos approved for public visibility are retained until the uploader deletes them or any tagged person revokes their public approval.

Group album photos: Photos in group albums are retained until removed by the uploader, a tagged member, or until the album is archived. Photos removed from a group album remain in the uploader's personal account unless separately deleted.

Unsorted photos: Photos in your personal Unsorted area that have not been added to any group or public album are visible only to the uploader and are retained until added to an album, deleted, or the account is deleted.

Account deletion: Upon account deletion, all uploaded photos are removed, all tags are revoked (removing photos from group and public albums), group albums you organized are transferred to the next member, and personal data is deleted within 30 days. Backup copies are purged within 90 days.

Memorialized accounts: Accounts of deceased members may be memorialized rather than deleted. Memorialized accounts retain existing photo tags and approvals in their current state. A designated legacy contact or verified family member may manage or request deletion of a memorialized account.

Server logs: Retained for 90 days, then deleted.

Takedown request records: Retained for 3 years for legal compliance purposes.

11. Security

We use industry-standard measures to protect your information, including secure password hashing, encrypted connections (TLS), and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11a. Third-Party Services

We use a limited number of third-party services to operate Photosgraph:

— Hosting provider — server infrastructure (processes all data stored on the Service)
— SendGrid (Twilio) — transactional email delivery (processes email addresses and message content for notifications and invitations)
— OpenRouter — AI advisory features for platform administration only (does not process user photos or personal data)

Each provider is bound by a data processing agreement. We do not use third-party analytics, advertising networks, social media trackers, or any service that profiles our users. An up-to-date list of sub-processors is available upon request at privacy@photosgraph.com.

12. Children's Privacy

Photosgraph is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. No minor can create an account. If we learn that a user is under 16, we will terminate their account and delete their data promptly.

Photos of minors in group albums: Photos depicting minors may appear within private group albums where the uploader reasonably believes that the parents or guardians of the depicted minors would expect the photos to be shared among the group's members. Minors cannot be tagged, no identity record is created for any minor, and photos containing a named minor can never be made public. We recommend that at least one parent or guardian of any depicted minor be a member of the album.

No biometric data of minors: Because minors cannot be tagged, Photosgraph does not create, store, or process any biometric identifiers, facial recognition templates, or persistent identity records for any minor. A minor may be noted by first name only in a group album to help with face-count completeness. This notation carries no identity linkage across albums or sessions.

Photos taken when a person was under 16 may be uploaded and tagged normally if that person is currently 16 or older.

We do not use age estimation, facial analysis, or any automated method to determine the age of persons depicted in photos. We rely on the Community Commitments agreed to at registration and user reports to enforce our policy. If you believe a photo of a minor on Photosgraph is being shared inappropriately, please report it to privacy@photosgraph.com and we will act within 24 hours.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — particularly those affecting how we collect, use, or share your data — we will notify users via email at least 30 days before the changes take effect. For non-material changes, we will post the updated policy with a revised effective date.

For material changes affecting data already collected, we may seek your affirmative consent before applying the new terms to your existing data.

14. Contact

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a concern:

Photosgraph PBC
155 Woodland Avenue, Lexington, KY 40502
privacy@photosgraph.com

For DMCA and copyright matters: dmca@photosgraph.com
For general inquiries: legal@photosgraph.com