Back to Photog Flow

Privacy Policy

Effective April 29, 2026

This policy explains what data Photog Flow collects, why we collect it, and how we handle it. It applies to everyone who uses Photog Flow — the web app at photogflow.app, the booking pages we host on your domain, and the email and APIs we run.

We’ve tried to write it the way we’d want to read it: short paragraphs, real examples, no euphemisms. If anything is unclear, email us at hello@photogflow.app.

1. Definitions

  • “You” is whoever is using Photog Flow — usually a wedding or couples photographer who has signed up for an account.
  • “Your clients” are the couples, families, and other people you upload data about into Photog Flow (contacts, contracts, galleries, invoices).
  • “We,” “us,” “Photog Flow” is the company operating photogflow.app.
  • “Personal data” means any information that identifies a person — names, email addresses, photographs of identifiable people, billing details, IP addresses.

2. Data we collect

We collect five categories of data:

Account data. Your name, email address, business name, timezone, signature block, and any settings you configure. You provide this when you sign up or update your settings.

Business content. Everything you upload or create inside the app: client contacts, leads, projects, kanban notes, inbox messages, photographs uploaded to galleries, contracts, invoices, calendar events, custom pipeline stages, memory facts. This is your data; you own it.

Payment data. Stripe (our payment processor) collects credit card and bank account information directly when you or your clients pay. Photog Flow never sees, stores, or has access to raw card or bank details. Stripe holds them; we hold a customer ID that points back to Stripe.

Usage data. Page views, feature interactions, click events, IP address, browser user-agent — captured by PostHog so we can see which features are used and where the app breaks.

Diagnostic data. When the app errors, Sentry captures the stack trace, the URL, browser metadata, and any logged user ID. This helps us fix bugs and is retained for 90 days.

3. Why we collect data

We have specific purposes for each category:

  • Account data — to authenticate you and personalize the app.
  • Business content — to provide the service you’re paying for: store your work, send your invoices, deliver your galleries, host your booking page.
  • Payment data — to bill you and to let your clients pay you.
  • Usage data — to understand which features matter and which need work.
  • Diagnostic data — to fix bugs and respond to incidents.

We never use your business content to train AI models. Anthropic, our AI provider, processes prompts in real time and is contractually prohibited from training on our customers’ data per their commercial terms.

4. Legal bases for processing (EEA, UK, Switzerland)

If you’re in the European Economic Area, the United Kingdom, or Switzerland, the GDPR requires us to identify a legal basis for processing your data.

  • Performance of a contract — account data, business content, payment data: necessary to provide the service you signed up for.
  • Legitimate interests — usage data and diagnostic data: necessary to operate, secure, and improve the service.
  • Legal obligation — retention of certain payment and tax records for the period required by law.
  • Consent — any optional analytics or marketing communications, which we never enable without your action.

You can object to processing based on legitimate interests at any time by contacting hello@photogflow.app.

5. Subprocessors

Photog Flow runs on these third-party services. Each is bound by its own data processing terms; current versions are linked.

  • Supabase — primary database, authentication, file storage. US-East (Virginia). privacy policy.
  • Stripe — payment processing, payouts, subscription billing. US, EU. privacy policy.
  • Resend — transactional email, inbound email routing. US. privacy policy.
  • Sentry — error monitoring. US. privacy policy.
  • PostHog — product analytics. US cloud. privacy policy.
  • Anthropic — AI model inference. US. privacy policy.
  • Vercel — app hosting, edge runtime, image CDN. Global edge with US data residency. privacy policy.
  • Google Cloud — OAuth identity, Gmail send, Calendar sync (only when you explicitly connect Google). US, EU. privacy policy.

We update this list whenever we add a new processor. If you’re a B2B customer who needs prior notice of subprocessor changes, contact us and we’ll work out terms.

6. Your data is your data

We do not sell, rent, lease, or share your data with advertisers, data brokers, or anyone else for their own marketing or business purposes. Your business content is treated as confidential.

The only times we share data with third parties:

  • With our subprocessors above, strictly to provide the service.
  • When you direct us to (e.g., when your client pays an invoice, the payment goes through Stripe).
  • When required by law — a valid subpoena, court order, or government request that we are legally compelled to honor. We will notify you unless legally prohibited.
  • In a business transfer — if Photog Flow is acquired or merged, your data transfers with the company. We will notify you in advance and you may delete your account.

7. Your rights

You have rights regardless of where you live; the specifics vary by jurisdiction.

All users. Access your data (export contacts, invoices, contracts, galleries via the app’s export tools), correct inaccuracies, delete your account from Settings › Account › Delete account, and receive a copy of your data in a machine-readable format on request.

EEA, UK, and Swiss residents (GDPR). You additionally have rights to restrict processing, object to processing, and lodge a complaint with your supervisory authority. We respond within 30 days; we may extend by 60 days for complex requests and will notify you if so.

California residents (CCPA / CPRA). Right to know what we collect, right to delete, right to correct, right to opt out of “sharing” (we do not share for cross-context advertising), and right to limit use of sensitive personal information (we do not process any). We do not discriminate against residents who exercise these rights.

To exercise any of the above, email hello@photogflow.app or use the in-app tools.

8. Data retention

  • Account data and business content — kept for as long as your account is active. After account deletion, retained in a recoverable state for 30 days, then permanently deleted from primary systems. Encrypted backups age out on their own rotation (typically 30–90 days).
  • Payment records — kept for 7 years to satisfy US tax and accounting law.
  • Diagnostic data — 90 days, then permanently purged.
  • Usage analytics — rolled up to anonymous aggregates after 12 months; raw event data deleted.
  • Email logs — outbound delivery logs kept for 30 days for deliverability troubleshooting; message bodies are not retained beyond delivery confirmation.

When you delete a specific record (a contact, a project, a gallery), it is removed from our primary systems within 7 days and from backups within 90.

9. How we keep data secure

We treat your business content as confidential. Specific safeguards:

  • Encryption in transit — all traffic between you, your clients, and Photog Flow runs over TLS 1.2 or higher.
  • Encryption at rest — Supabase encrypts the database and file storage by default. OAuth tokens (Gmail, Google Calendar) are additionally encrypted with AES-256-GCM before being stored.
  • Row-level security — every database table has RLS policies that prevent one studio from reading another’s rows. Service-role credentials that can bypass RLS are server-side only and never exposed to the browser.
  • Authentication — passwords are hashed and salted by Supabase Auth; we never see plaintext passwords. Single sign-on via Google OAuth is supported.
  • Access control — only Photog Flow team members with a business need can access production systems, and access is logged.

No system is perfectly secure. If a security breach occurs that affects your personal data, we will notify affected users without undue delay and within 72 hours of discovery where feasible, as required by GDPR and most US state breach notification laws.

10. International data transfers

Photog Flow’s primary database is in the United States. If you are in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction outside the US, using our service means your personal data is transferred to the US.

For these transfers, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission and the UK addendum, with our US-based subprocessors. A copy of our SCCs is available on request from hello@photogflow.app.

We monitor changes to data transfer law (Schrems II, EU-US Data Privacy Framework, UK adequacy decisions) and adjust our safeguards accordingly.

11. Cookies and tracking

Photog Flow uses three categories of cookies:

  • Essential cookies — authentication, session, CSRF protection. The app cannot function without these. No consent required.
  • Functional cookies — preference storage (theme, sidebar state). No consent required.
  • Analytics cookies (PostHog) — page views and feature usage. EU/UK/Swiss visitors see a consent banner on first visit and can opt in or out at any time via the cookie preferences link in the footer.

We don’t use third-party advertising cookies. We don’t track you across other websites.

12. Children

Photog Flow is built for adult professionals. You must be 18 or older to create an account. We do not knowingly collect personal information from anyone under 16.

Photographers who serve minor clients (school portraits, graduation, family shoots involving children) are responsible for obtaining the consent of the minor’s parent or legal guardian before uploading any data — including photographs — about that minor to Photog Flow.

If we learn we have collected personal data from a child under 16 without verified parental consent, we will delete it.

13. Roles when you serve your clients

For information you upload about your own clients — contacts, communications, photographs, contracts, invoices — Photog Flow acts as a data processor and you act as the data controller. You are responsible for:

  • Notifying your clients that you use Photog Flow.
  • Obtaining any consent your local law requires (e.g., consent for storing portraits of recognizable people, model releases).
  • Responding to your clients’ requests about their data — access, deletion, correction. We will assist in good faith on technical questions.

If you are a B2B customer who needs a separate Data Processing Agreement (DPA), email hello@photogflow.app.

14. Changes to this policy

We may update this policy as the product evolves or as the law changes. For material changes that affect your rights, we’ll send notice to the email address on file at least 30 days before the change takes effect. Continued use of the service after the effective date means you accept the updated policy.

We post the effective date at the top of this document and keep prior versions in our internal records; you can request a copy from hello@photogflow.app.

15. Contact

Questions, concerns, or to exercise any of the rights described above:

hello@photogflow.app

Photog Flow is operated from the United States. We aim to respond within 7 business days; under GDPR or CCPA we respond within the legally required timeframe.