PhotoMind
← Back to Home

Privacy Policy

Last updated: November 10, 2024

Introduction

Welcome to PhotoMind ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our photo organization service.

By using PhotoMind, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Photos and Images

When you use our service, you upload photos and reference face images. These files are:

  • Temporarily stored on AWS S3 servers
  • Processed using AWS Rekognition for face detection and matching
  • Automatically and permanently deleted after 24 hours
  • Never used to train AI models or machine learning systems
  • Never shared with third parties for any purpose

Account Information

If you create an account, we collect:

  • Email address
  • Name (optional)
  • Authentication data (managed by Clerk)
  • Usage statistics (number of photos processed, jobs created)

Payment Information

For premium subscriptions, payment processing is handled entirely by Stripe. We do not store credit card information on our servers. We only receive:

  • Stripe customer ID
  • Subscription status
  • Billing cycle information

Technical Information

We automatically collect certain technical information:

  • IP address (for security and rate limiting)
  • Browser type and version
  • Device information
  • Usage logs (timestamps, endpoints accessed)

How We Use Your Information

We use collected information for:

  • Service Delivery: Processing your photos and organizing them by person
  • Account Management: Creating and maintaining your account
  • Payment Processing: Managing subscriptions and payments
  • Security: Preventing fraud, abuse, and unauthorized access
  • Improvements: Analyzing usage patterns to improve our service (anonymized data only)
  • Communication: Sending service updates, security alerts, and support messages

Data Storage and Security

Photo Storage

Your photos are stored on AWS S3 with the following security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (AES-256)
  • Access restricted to our secure backend services only
  • Automatic deletion after 24 hours (enforced by S3 lifecycle policies)

Database Security

Account information and job metadata are stored in Supabase (PostgreSQL) with:

  • Row-level security policies
  • Encrypted connections
  • Regular security audits
  • No storage of facial recognition data or encodings

Data Retention

🔒 Privacy Guarantee

All uploaded photos and processed results are automatically and permanently deleted after 24 hours. This is not negotiable and cannot be extended.

We retain:

  • Photos: 24 hours maximum (then permanently deleted)
  • Job metadata: Summary information (photo count, person names found) kept for your history
  • Account information: Until you delete your account
  • Payment records: As required by law (typically 7 years)

Third-Party Services

We use the following third-party services:

AWS Rekognition

Used for face detection and matching. Photos are processed but not stored by AWS. See AWS Privacy Policy

AWS S3

Temporary photo storage with automatic deletion. See AWS Privacy Policy

Clerk

Authentication and user management. See Clerk Privacy Policy

Stripe

Payment processing for premium subscriptions. See Stripe Privacy Policy

Vercel

Hosting and analytics. See Vercel Privacy Policy

Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update incorrect or incomplete information
  • Deletion: Request deletion of your account and all associated data
  • Export: Download your job history and metadata
  • Opt-out: Unsubscribe from marketing emails (service emails still required)
  • Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at photomindcontact@gmail.com

Cookies and Tracking

We use essential cookies for:

  • Authentication (keeping you logged in)
  • Session management
  • Security (CSRF protection)

We do not use advertising cookies or tracking pixels. Analytics are anonymized.

Children's Privacy

PhotoMind is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: photomindcontact@gmail.com

Response Time: We aim to respond within 48 hours

This Privacy Policy is effective as of November 10, 2024