Privacy Policy

1. Introduction

Pro Photo Systems ("PPS," "we," "us," or "our") operates the website prophotosystems.com and associated tenant subdomains and custom-domain storefronts (collectively, the "Service"). This Privacy Policy explains how we collect, use, share, and protect information.

The Service connects three groups of users:

• Photographers — paying subscribers who use PPS to operate their photography business
• Organizations — schools, sports leagues, dance studios, and similar groups whose participants are photographed
• Parents and Guardians — customers who view and purchase photos, including photos of their children

This Policy applies to all three groups. Where rules differ by group, we say so explicitly. By using the Service, you agree to this Policy.

2. Information We Collect

2.1 Information you provide directly

• Account information: name, email address, password, role (photographer, organization administrator, parent)
• Contact information: phone number (optional; required only if you opt in to SMS notifications)
• Photographer business information: business name, payment account info via Stripe Connect, sending domain, branding assets
• Organization information: organization name, rosters of participants (including children), event schedules
• Parent purchase information: shipping address, billing information handled by Stripe (PPS does not store credit card numbers)
• Reference photos: photos that parents or organizations upload of a participant to enable face matching at picture day

2.2 Information from your use of the Service

• Photos taken at events: uploaded by photographers; may include photos of children
• Face embeddings (biometric identifiers): computed from reference photos and uploaded photos so that we can match a participant to their photos. See Section 6.
• Usage data: pages visited, features used, device type, browser, IP address, approximate location derived from IP
• Order history: purchases, cart contents, fulfillment status
• Communication preferences: opt-in/opt-out status for email and SMS

2.3 Information about children

The Service is not directed to children under 13. Children appear in the Service only as subjects (the people being photographed) and never as account holders. Accounts are held by parents/guardians, organization administrators, or photographers.

When a parent uploads a reference photo of their child, the parent consents to that photo (and its derived face embedding) being processed for the purpose of matching the child to picture-day photos. See Section 6.

3. How We Use Information

• To provide the Service: operate the platform, deliver photos, process orders, manage subscriptions
• To match photos to subjects:generate face embeddings, run face-matching against the organization's reference set, deliver matched photos to the correct parent
• To process payments: via Stripe (for parent purchases and photographer subscriptions and payouts)
• To send transactional communications: order confirmations, photo-ready notifications, account security, billing
• To send promotional communications (only with consent): marketing emails and SMS
• To improve the Service: analyze aggregate usage, develop new features, prevent fraud and abuse
• To comply with legal obligations: respond to lawful requests, enforce our Terms, protect rights and safety

4. How We Share Information

We do not sell personal information.

We share information with service providers (data processors) only as needed for the Service:

• Cloudflare — hosting, content delivery, object storage (R2), DNS, image transformations
• Supabase — managed PostgreSQL database, authentication
• Stripe — payment processing for parent purchases and photographer subscriptions and payouts
• AWS — face matching via Amazon Rekognition
• Postmark — transactional email delivery
• Twilio — SMS delivery
• fal.ai — AI-powered background replacement and color correction
• Imagen — AI-powered photo retouching

Each processor handles only the data needed to perform their function, under contractual terms. We may also disclose information when required by law (subpoena, court order, etc.) or to protect rights and safety.

5. Data Retention

• Account data: while your account is active and for a reasonable period after closure for accounting, legal, and support purposes
• Photos: while the associated event is active; deleted within 30 days of event deletion
• Reference photos and face embeddings: see Section 6
• Order history: 7 years for tax and accounting purposes
• Communication preferences (opt-out records): kept indefinitely so we honor your opt-out

6. Biometric Information

What we collect: When a reference photo is uploaded for a subject, we generate a numeric face embedding — a mathematical representation derived from facial geometry — using Amazon Rekognition. The embedding cannot be reverse-engineered into an image. We treat this embedding as a biometric identifier.

Purpose: Used solely to match a subject to their own photos from an event. We do not use biometric data for surveillance, identity verification, advertising, or any purpose other than photo matching.

Consent: Where biometric consent is required — including for organizations located in Illinois, Texas, and Washington — we do not generate a face embedding for a subject until consent has been recorded. For minors, a parent or guardian provides this consent through the parent portal or the organization that manages the roster. An organization may also disable face matching entirely, in which case no embeddings are created for any of its subjects.

Retention and destruction:We maintain a retention schedule for biometric data. A subject's face embedding is permanently deleted from Amazon Rekognition when any of the following occurs, whichever is earliest: (a) the subject is removed from the roster; (b) biometric consent is revoked or declined; or (c) within 12 months of the organization's last event. We maintain an internal audit log of biometric enrollment and deletion events.

Sharing: Face embeddings are NOT sold, NOT shared with advertisers, and NOT shared between unrelated photographers/organizations. They are stored in AWS Rekognition collections scoped to a single organization.

Right to delete / opt out:A parent/guardian (for their child) or the organization may revoke biometric consent at any time, which immediately deletes the subject's face embedding. You may also email privacy@prophotosystems.com; deletion requests are honored promptly.

7. SMS Communications

If you opt in to SMS notifications, we collect and process your phone number to send transactional messages (photo-ready alerts, order updates, account security) and, with separate consent, promotional messages. Opt-in is captured via a clearly-labeled checkbox at registration; opt-out is supported via STOP, account settings, or contacting support.

SMS data is processed by Twilio as our delivery provider. See our SMS Terms for the full message program description, frequency, and opt-out instructions.

8. Your Rights and Choices

All users may:

• Access their information
• Correct inaccurate information
• Delete their account
• Opt out of marketing emails (via unsubscribe link)
• Opt out of marketing SMS (reply STOP)
• Opt out of face matching and delete biometric data at any time (see Section 6)
• Request a copy of their data

California residents (CCPA/CPRA): right to know, right to delete, right to correct, right to opt out of sale (we do not sell), right to limit use of sensitive personal information (we limit biometric data use to face matching), right to non-discrimination.

Children's privacy (COPPA): If you believe a child under 13 has provided information directly, contact us and we will delete it.

To exercise rights, email privacy@prophotosystems.com. We respond within 45 days as required by law.

9. Security

We use industry-standard security: TLS encryption in transit, encryption at rest, Postgres Row-Level Security for tenant isolation, two-factor authentication for admin accounts, and regular security review. We will notify affected users of any breach as required by applicable law.

10. International Transfers

Information is stored and processed primarily in the United States. By using the Service from outside the U.S., you consent to this transfer.

11. Changes to This Policy

We may update this Policy. We will post the updated Policy with a new "Last Updated" date. For material changes, we will notify you via email or in-app notice.

12. Contact

For privacy questions or to exercise your rights: privacy@prophotosystems.com