Privacy Policy

1.1 Photographer Account Information

When you register for a PhotoTouch account, we collect:

• Name, company name, email address, phone number
• Billing address and payment information (processed by Stripe)
• Login credentials (passwords stored using one-way hashing)
• Account configuration preferences and settings

1.2 Customer Information (Processed on Behalf of Photographers)

When photographers use our platform to serve their customers, we process:

• Customer names, email addresses, phone numbers
• Photo codes and gallery access credentials
• Photographs uploaded by the photographer
• Order and transaction records
• Registration data collected at photography events
• Support ticket communications
• Model release consent records

We process this data as a data processor on behalf of the photographer (data controller). See our Data Processing Agreement.

1.3 Automatically Collected Information

• IP addresses and browser user agent strings (for security and audit logging)
• Login timestamps and session activity
• Theme preference (light/dark mode, stored in browser localStorage)

• Service delivery: Operating the PhotoTouch platform, processing uploads, delivering galleries, fulfilling print orders, and sending communications on behalf of photographers
• Account management: Managing photographer subscriptions, billing, and support
• Security: Detecting and preventing unauthorized access, fraud, and abuse through audit logging, rate limiting, and anomaly detection
• AI-powered features (opt-in): When enabled by the photographer, generating email templates and assisting with customer service triage. No customer photographs are shared with AI providers.
• Communications: Sending transactional emails (password resets, account alerts) and photographer-initiated customer communications (gallery notifications, marketing campaigns)
• Compliance: Maintaining SOC 2-aligned audit trails and controls, responding to lawful data requests, and supporting GDPR/CCPA obligations

We do not sell personal information. We share data only as follows:

• Sub-processors: Third-party service providers that assist in operating the platform (infrastructure, email delivery, payment processing, SMS). See our Sub-Processor Disclosure for the complete list.
• Photographer-configured integrations: When a photographer connects their own third-party services (CRM, analytics, venue systems) via the API Integration Builder, data flows to those services under the photographer's control.
• Legal requirements: When required by law, subpoena, court order, or to protect the rights, safety, or property of TriPrism, our users, or others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to affected users.

• Photographer accounts: Data is retained for the duration of the active account plus 90 days after closure to allow for reactivation and final billing.
• Customer data: Photographers control their own data retention through platform tools. Photographers may configure automatic deletion schedules or perform manual erasure at any time using the built-in GDPR tools.
• Audit logs: Retained for a minimum of 7 years to support contractual, security, and regulatory obligations.
• Security logs: Login attempts, rate limiting records, and IP logs are retained for 7 days and automatically purged.
• Backup data: Backups follow the same retention schedule as primary data and are encrypted at rest.

For Photographers (Account Holders)

• Access: View all data associated with your account through the platform dashboard
• Correction: Update your account information at any time via My Account settings
• Deletion: Request account closure by contacting support@phototouchinc.com
• Portability: Export your account data in standard formats
• Objection: Opt out of non-essential communications at any time

For Customers (End Users of Photographer Services)

• Access & Deletion: Contact the photographer who collected your information. Photographers have built-in GDPR tools to export and delete your data.
• Model release revocation: If you signed a model release, you can revoke consent at any time using the revocation link provided in your release email.
• Escalation: If a photographer does not respond to your request within 30 days, contact us at support@phototouchinc.com and we will facilitate.

California Residents (CCPA/CPRA)

• We do not sell personal information as defined under the CCPA.
• We do not use personal information for cross-context behavioral advertising.
• You may exercise your right to know, delete, or opt out by contacting support@phototouchinc.com.

European Economic Area (GDPR)

Our lawful bases for processing are: (a) performance of a contract (photographer accounts), (b) legitimate interest (security, fraud prevention), and (c) consent (where applicable). You may lodge a complaint with your local supervisory authority.

PhotoTouch is a business tool for professional photographers. We do not knowingly collect personal information directly from children under 13. Photographers who photograph minors (school photos, sports, events) are responsible for obtaining appropriate parental or guardian consent and complying with COPPA, FERPA, and applicable child protection laws.

No facial recognition or biometric processing. PhotoTouch does not perform facial recognition, biometric template generation, or cross-photo identity matching on any photographs, including those of minors.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. No data is shared with advertising networks.

We implement industry-standard security measures to protect personal information. For detailed information about our security practices, see our Security Overview.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active account holders in advance where practicable (target: 30 days before taking effect). The "Effective" date at the top of this page indicates when the policy was last revised. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

For privacy inquiries, data requests, or concerns:

Email

support@phototouchinc.com

Company

TriPrism, Inc. dba PhotoTouch, Inc.

Address

San Diego, California, United States