Privacy Policy

1. Introduction

ProMatch Photo respects your privacy and is committed to protecting your personal data. This privacy policy explains what data we collect, how we use it, and what your rights are.

By using ProMatch Photo, you agree to the collection and use of information as described in this policy.

2. What Data Do We Collect?

2.1 Account data

When you create an account, we collect:

• Email address: For login and communication
• Name: To personalize the application
• Password: Stored securely (hashed) for authentication
• Account metadata: Creation date, last login, verification status

2.2 Content data (stored in cloud - Supabase)

The following data is stored in our cloud database (Supabase):

• Photos: All uploaded photos and images
• Projects: Project metadata, names, tags, dates and settings
• Quit claims: Signed model releases and digital signatures
• Custom frames: Your custom frame templates and designs
• Client data: Client names, contact info, and project associations
• Galleries: Shared photo galleries and slider presentations
• Social media connections: Connected accounts (GetLate integration)
• Blog content: Blog posts, drafts, and saved content
• Settings: App preferences, editing presets, and configurations

⚠️ IMPORTANT: This data IS stored on secure Supabase cloud servers and syncs across your devices.

2.3 Technical data

We automatically collect:

• Browser type and version
• Device type and operating system
• IP address (for security and analytics)
• Usage statistics (page visits, features used, performance metrics)
• Error logs and crash reports

3. How Do We Use Your Data?

We use your data for:

• Account management: Login, authentication, password reset
• Core functionality: Storing, syncing, and managing your photos and projects
• Collaboration: Enabling client galleries, sharing, and feedback
• Social media integration: Publishing to connected platforms via GetLate
• Communication: Important updates, security notices, feature announcements
• Service improvement: Analyzing usage patterns to improve features
• Security: Detecting and preventing abuse, fraud, and unauthorized access
• Legal obligations: Complying with laws and regulations

⚠️ We NEVER sell your data to third parties and do NOT use it for advertising purposes.

4. Data Storage and Security

4.1 Where Is Data Stored?

4.2 Security Measures

• Encryption: All communication uses HTTPS/SSL encryption
• Passwords: Hashed with bcrypt - never stored in readable form
• Supabase security: Enterprise-grade infrastructure with SOC 2 compliance
• Session management: Secure JWT tokens with automatic expiration
• Access control: Row Level Security (RLS) policies - users can only access their own data
• Storage security: Private storage buckets with authenticated access only
• Backups: Regular automated backups of all data
• Monitoring: 24/7 security monitoring and threat detection

4.3 Data Retention

Active accounts: All your data is kept as long as your account is active and you continue using the service.

Account deletion: When you delete your account, all associated data (photos, projects, clients, etc.) will be permanently removed from our servers within 30 days.

Inactive accounts: Accounts inactive for more than 2 years may be automatically deleted after email notification.

5. Sharing Data with Third Parties

5.1 Service Providers

We share limited data with trusted service providers:

• Supabase (database & storage): All application data and photos
  Privacy policy: https://supabase.com/privacy
• GetLate (social media integration): Connected account credentials and post data
  Only when you explicitly connect your social accounts

5.2 Public Sharing

When you create and share galleries or sliders, the following data becomes publicly accessible via unique links:

• Photos in the shared gallery/slider
• Gallery/slider title and description
• Your photographer name (if configured)

These links are private (not indexed by search engines) but can be accessed by anyone with the link.

5.3 Legal Requirements

We may share your data if legally required or to:

• Comply with legal obligations, court orders, or government requests
• Protect our rights, property, and safety
• Prevent fraud, abuse, or illegal activities
• Ensure user safety and security

⚠️ We NEVER sell or rent your data to third parties for marketing purposes.

6. Your Privacy Rights (GDPR)

Under GDPR you have the following rights:

To exercise these rights, use the tools in Settings or contact us via support@promatchphoto.com

7. Cookies and Tracking

7.1 Cookies We Use

• Essential cookies: Required for login and authentication (cannot be disabled)
• Functional cookies: Remember your settings and preferences
• Analytics cookies: Help us understand app usage (anonymous)

7.2 LocalStorage and IndexedDB

We use browser storage for caching and temporary data to improve performance. This includes session tokens and draft edits before syncing to cloud.

8. Children and Privacy

ProMatch Photo is intended for professional photographers and businesses. It is not directed at children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfer

Your data may be stored on servers outside the EU via Supabase. We ensure GDPR compliance through:

• Standard contractual clauses (SCCs)
• Adequate safeguards as required by GDPR Article 46
• Encryption of data in transit and at rest
• Supabase's SOC 2 Type II certification

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you via:

• A notification banner in the app
• An email to your registered email address
• An update to the "Last updated" date at the top of this page

By continuing to use the application after such changes, you agree to the updated policy.

11. Contact and Complaints

11.1 Contact

For questions about this privacy policy or to exercise your privacy rights:

11.2 Filing a Complaint

If you are not satisfied with how we handle your data, you have the right to file a complaint with your national data protection authority: