Privacy and biometric notice.

What we collect. Email (Stripe-collected during checkout), payment method (handled by Stripe, never stored on our servers), reference photos you upload for your studio profile, delivered finals, and routine product telemetry (page views, shoot starts, allowance events).

How we store it. All photographic data is encrypted at rest in AWS S3 with SSE-KMS. Two buckets isolate references and outputs with independent KMS keys and distinct IAM roles. We use a single object-key naming convention and CloudTrail logs every access.

BIPA (Illinois) compliance. We obtain written consent before collecting biometric identifiers. We retain biometric data only as long as your subscription remains active or within a 60-day reactivation window after cancel. User-initiated deletion via /account/delete is honored on a 24-hour grace timer, with a confirmation email 7 days after completion.

Retention. Photographic data tied to a deleted profile is purged from S3 with 3 retries; failure to purge escalates to founder. We do not blanket-delete on a 30-day timer — retention is bound to active subscription + active profile.

Telemetry. UTM + Stripe webhook events + first-party server logs. We do not send data to Meta CAPI or TikTok Events API at launch.

EU/GDPR. Out of scope at launch. EU traffic is not served.