Portraiteer LogoPortraiteer

Privacy Policy

Last updated: 2025-12-30

Effective date: 2026-01-01

This Privacy Policy explains how Portraiteer (“Portraiteer,” “we,” “us”) collects, uses, shares, and protects information when you use our website, apps, and services (the “Service”).

This policy does not describe how third parties process information (for example, your internet service provider, your device manufacturer, or third-party platforms you use to access the Service).

1. Key Concepts

  • Workspace: An account space (for example, a studio/team) that can have multiple members and roles (owner/admin/member).
  • Identity: A person profile created or imported into a Workspace (for example, a client/contact).
  • Guest Portal: An experience where an Identity may access a gallery or manage consent, if invited.
  • User Content: Photos, images, captions, albums, labels, and related information uploaded or created in the Service.

2. Information We Collect

We collect information from four broad categories: (A) account/workspace data, (B) content and face-labeling data, (C) usage/analytics data, and (D) billing data.

2.1 Account and Workspace Data

We collect information needed to create and manage accounts and Workspaces, such as:

  • Account identifiers: email address, name (if provided), and a stable user identifier from our authentication provider (AWS Cognito), such as a unique sub identifier.
  • Workspace membership and roles: Workspace name, role (owner/admin/member), invitations, and basic administrative settings.
  • Audit-related data: last login time and security-related events (for example, sign-in activity).

We use AWS Cognito for authentication and do not store your password directly in our application database.

2.2 Photos, Metadata, Identities, Consents, and Face-Related Data

The Service is designed for photo organization and labeling. Depending on how you use it, we may process:

  • Photos and images you upload.
  • Photo-related metadata you add or that is embedded in the file, such as taken date, captions, photographer name, location, and album/grouping information.
  • Identities (people/contacts) created or imported into a Workspace (for example, name, email, and other attributes you provide).
  • Consent records, including (as applicable) studio/workspace authorization and individual consent status (including revocations/opt-outs).
  • Face detection and labeling data, which may include detected face regions and derived face-related representations (for example, templates/embeddings) used to power face detection and labeling features.

Important: Even if names or face labels are not shown publicly, photos themselves can contain personal information.

2.3 Usage, Device, and Analytics Data

Like most online services, we collect information about usage and devices, such as:

  • IP address, device/browser information, and approximate location derived from IP
  • pages viewed and feature interactions (for example, uploads, shares, label reviews)
  • session duration and performance logs
  • referral URLs and cookie/local storage identifiers

We also may generate workspace analytics (for example, share counts, gallery views, and labeling activity). Access to workspace analytics is typically limited to Workspace owners/admins.

2.4 Billing and Payment Data (Stripe)

We use Stripe to process payments. We do not store full credit card numbers. We may store:

  • Stripe customer identifiers (for example, customer_id)
  • subscription status and plan metadata
  • invoice/receipt references and transaction identifiers

Payment transactions involve Stripe and related entities as needed to process payments and prevent fraud.

2.5 Communications

If you contact us (for example, support emails), we collect the contents of those communications and related contact information.

3. Biometric Notices and Face-Related Data

Certain features of the Service involve detecting faces in photos and enabling face labeling. Depending on your jurisdiction, some face-related data processed by the Service may be considered biometric identifiers or biometric information.

3.1 What Face-Related Data We Process

When you use face detection and labeling features, we may process:

  • Face detections, such as the location of a face in an image (for example, bounding boxes tied to a specific photo).
  • Derived face-related data used to power detection, suggestions, and labeling workflows (for example, face templates/embeddings or similar representations).

3.2 What We Use It For

We use face-related data only to provide and secure the Service, including:

  • detecting faces in photos,
  • generating and presenting labeling suggestions,
  • enabling manual labeling and review workflows,
  • enforcing consent controls (such as opt-outs / “do not tag”), and
  • preventing fraud and abuse and maintaining platform safety.

3.3 Consent and Workspace Responsibilities

Workspaces are responsible for ensuring they have the lawful basis and any required notices and consents to process photos of individuals and any face-related (biometric) data, including where biometric privacy laws apply.

If an Identity is invited to the Guest Portal (if enabled), they may be able to view shared content and manage consent settings depending on the Workspace configuration.

3.4 Retention and Destruction (Our Policy)

We retain face detections and other face-related data only for as long as needed to provide the Service for the relevant Workspace and content, unless a shorter period is required by law.

  • While a Workspace and its photos remain active: we may retain face detections (for example, bounding boxes linked to photos) and related face-labeling data so the Service can function (e.g., organizing and labeling photos).
  • When a photo is deleted: face detections and associated face-labeling data tied to that photo are deleted from our primary database as part of the deletion process (including cascading deletes where applicable).
  • When a Workspace is deleted: face detections and associated face-labeling data within that Workspace are deleted from our primary database as part of the deletion process.
  • Backups / rollback storage: deleted data may persist in backups for a limited period (for example, up to approximately 14 days) before being removed through normal backup expiration.

If an Identity revokes consent (or otherwise requests removal where applicable), we disable or remove face labels and related face-labeling data for that Identity from active systems as part of our consent controls. We may retain a minimal record (for example, identifiers and revocation status) to help prevent re-tagging and to maintain an audit trail of the revocation.

Where laws like Illinois’ Biometric Information Privacy Act apply, our policy is to permanently destroy biometric identifiers/information when the initial purpose for collecting/obtaining it has been satisfied, or within the legally required period (including, where applicable, within 3 years of the individual’s last interaction with us), whichever occurs first.

3.5 No Sale of Biometric Data

We do not sell biometric identifiers or biometric information.

3.6 Security Incidents

If we become aware of a security incident involving biometric identifiers or biometric information, we will take steps we believe are appropriate and provide notices when required by applicable law.

4. How We Use Information

We use information to:

  • Provide and operate the Service, including uploads, galleries, identity management, face detection, suggestions, and labeling workflows
  • Manage accounts and Workspaces, including permissions, invitations, and role-based access
  • Process payments and administer subscriptions
  • Secure the Service, prevent abuse, investigate suspicious activity, and enforce our Terms
  • Improve and analyze Service performance and usability (including aggregated analytics)
  • Comply with law, respond to lawful requests, and protect rights and safety

5. Who Can See Your Information

5.1 Within a Workspace

Workspace members can access Workspace content and data according to Workspace roles and permissions. In general:

  • Workspace members may see uploaded photos and associated metadata within that Workspace.
  • Workspace owners/admins may also see billing/subscription status and certain usage analytics.

5.2 Identity Access via Guest Portal (if invited)

If an Identity is invited via the Guest Portal, they may be able to:

  • view galleries shared with them
  • manage or revoke consent (depending on your configuration)

5.3 Public or Shared Galleries

You may enable sharing features (for example, a public link). When you do:

  • viewers may be able to see the photos included in the shared gallery
  • the Service is intended to avoid attaching identity names and face-label data to public/shared galleries by default, but the photos themselves may still identify people

You are responsible for what you choose to share publicly and for ensuring you have the rights and permissions to do so.

6. How We Share Information

We do not share your Workspace-private photos, identities, and face labels with the public unless you choose to share content via a sharing feature.

We may share information in these situations:

6.1 Service Providers (Processors)

We use trusted vendors to provide infrastructure and features (for example, hosting, authentication, payment processing, analytics). These providers process information on our behalf under contractual obligations.

Examples include:

  • AWS (hosting/infrastructure) and AWS Cognito (authentication)
  • Stripe (payment processing)

6.2 Legal and Safety

We may disclose information if we believe it is reasonably necessary to:

  • comply with law or valid legal process
  • protect the rights, safety, and security of Portraiteer, our users, or others
  • prevent fraud, abuse, or security incidents

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction.

7. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • keep you signed in
  • remember preferences
  • provide analytics and improve performance
  • protect against fraud and abuse

You can control cookies through your browser settings. Some features may not work correctly if cookies are disabled.

8. Data Retention and Deletion

We retain information for as long as needed to provide the Service and for legitimate business and legal purposes (for example, security, dispute resolution, and compliance).

8.1 Workspace Content

Workspace owners/admins can typically delete photos and other content within the Service. Deleted content may persist for a limited period in backups (for example, up to approximately 14 days) before being removed through normal backup expiration.

8.2 Consent Revocations and “Do Not Tag”

If an Identity revokes consent (or requests removal where applicable):

  • we restrict future labeling/tagging for that Identity, and
  • we remove or disable associated face labels as part of the Service’s consent controls.

We may retain a minimal record (for example, name/email and revocation status) to help prevent re-tagging and to maintain an audit trail of the revocation.

8.3 Biometric / Face-Related Data Retention

Where required by applicable law (for example, Illinois’ Biometric Information Privacy Act), we maintain retention and destruction practices for biometric information, including destroying biometric identifiers/information when the initial purpose has been satisfied or within the legally required period.

9. Security

We use reasonable administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting personal information, we will take steps that we believe are appropriate, including providing notices when required by law.

10. Your Rights and Choices

Depending on where you live, you may have rights to:

  • access or obtain a copy of certain personal information
  • correct inaccurate information
  • delete certain information
  • object to or restrict certain processing
  • withdraw consent (where processing is based on consent)

Workspace owners/admins may be able to manage certain data directly in the product. Identities using the Guest Portal may be able to manage consent status depending on how the Workspace is configured.

To request access, deletion, or other rights, contact us using the information in Section 12.

11. Children’s Privacy

The Service is not intended for children under 18, and we do not knowingly collect personal information from children.

12. International Transfers

We may process and store information in countries other than where you live. These countries may have different data protection laws. Where required, we use appropriate safeguards for international transfers.

13. Contact Us

If you have questions or requests regarding this Privacy Policy, contact us at legal@portraiteer.com

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you (for example, via the Service or email). The “Last updated” date above indicates when this policy was last revised.