Privacy Policy
Effective: May 20, 2026
Hey Photo Friend ("we", "us", "our") provides software for photographers to run in-person sales sessions, deliver client galleries, and manage their studio. This Privacy Policy explains what information we collect, how we use it, and who we share it with. By using our services or this website, you agree to the practices described here.
1. Information we collect
- Account information. Email address, name, business name, profile photo, and authentication identifiers when you sign up.
- Photos you upload. Photographs you (or your clients) upload for processing, presentation, or delivery. We store these on encrypted cloud infrastructure on your behalf.
- Client information you enter. Names, email addresses, phone numbers, and session details for the clients you serve. You are the data controller for this information; we process it on your behalf.
- Payment information. When you subscribe or process a client payment, payment card data is handled directly by Stripe or Square. We never see or store full card numbers.
- Usage data. Pages visited, features used, device and browser type, IP address, and approximate location. Used to improve the product and diagnose issues.
- Waitlist signups. If you join our waitlist, we collect your name and email address.
2. How we use information
- Provide and operate the services you signed up for
- Authenticate your account and protect it from abuse
- Process payments and manage subscriptions
- Send service emails (receipts, security notices, product updates you opted into)
- Improve product features and fix bugs
- Comply with legal obligations
3. Third-party sub-processors
We use trusted third-party services to operate. Each has its own privacy policy.
- Clerk — user authentication and session management. Privacy policy
- Supabase — database hosting and file storage for galleries and session data. Privacy policy
- Cloudflare — CDN, R2 object storage for original photos, and Turnstile for bot/abuse protection on our public forms. Cloudflare Privacy Policy. By using our forms protected by Turnstile, you also agree to the Cloudflare Turnstile Privacy Addendum.
- Stripe and Square — payment processing for subscriptions and client orders. Stripe · Square
- ActiveCampaign — email delivery for waitlist and marketing emails. Privacy policy
- HighLevel (HPF CRM) — CRM integration for photographers who choose to connect it. Privacy policy
- Sentry — error monitoring and performance tracking. PII is scrubbed before transmission where possible. Privacy policy
- Vercel — web hosting and analytics. Privacy policy
4. Cookies and similar technologies
We use cookies and similar local-storage technologies to keep you signed in, remember preferences, measure aggregate usage, and protect against abuse. You can clear or disable cookies in your browser, but some features may stop working.
5. Data retention
- Account data: kept while your account is active. Deleted within 30 days of account closure on request.
- Session photos and originals: kept while your session is active. Originals are automatically purged 90 days after a session is archived; downsized previews are retained longer.
- Audit and security logs: retained for 365 days for incident response.
- Backups and disaster-recovery snapshots: up to 30 days.
6. Security
We use industry-standard practices including encryption in transit (TLS), encryption at rest, row-level access controls in our database, multi-factor authentication for administrators, and rate limiting + bot challenges on public endpoints. No system is perfectly secure, but we work hard to protect your information.
7. Your rights
Depending on where you live (GDPR, CCPA, and similar laws), you may have the right to access, correct, delete, or export your personal information, and to object to certain processing. To exercise these rights, email privacy@heyphotofriend.com. We respond within 30 days.
8. Children
The service is intended for users 18 and older. We do not knowingly collect personal information from children under 13. Photographers using our platform to deliver galleries containing photos of minors are responsible for obtaining appropriate consent from parents or guardians.
9. International data transfers
Our infrastructure providers may store and process data outside your country of residence, including in the United States. We rely on standard contractual clauses and our providers' compliance frameworks where applicable.
10. Changes
We may update this policy as the product evolves. Material changes will be announced via email or a notice on the service. Continued use after a change constitutes acceptance.
11. Contact
Questions, requests, or concerns: privacy@heyphotofriend.com.