Privacy Policy

This Privacy Policy explains how PhotoSelect collects, uses, stores, and shares personal data when you use our platform.

For photographer account and billing operations, PhotoSelect acts as an independent data fiduciary/controller. For guest and event data uploaded or managed by photographers, PhotoSelect generally acts as a processor on behalf of the photographer, except where we must process data independently for security, fraud prevention, and legal compliance.

We may collect account details (phone number, email, business name), authentication and session data, uploaded media and metadata, billing and subscription records, support communications, and security telemetry.

For guest interactions, we may process access events, OTP verification data, consent flags, swipe and engagement events, and anonymized analytics session identifiers.

We process data to provide core platform functionality (album hosting, guest access, selection workflows, delivery and download flows), secure the service, prevent abuse, support billing and compliance, and improve reliability and product quality.

Depending on context, we rely on consent, contractual necessity, legal obligations, and other lawful uses under applicable law. Guest analytics and marketing-related interactions are expected to run on explicit consent signals captured in product flows.

PhotoSelect uses a secure session cookie for authenticated photographer sessions. Guest and album access tokens may be stored in browser storage for continuity of guest access experiences.

We share data only as required to deliver the service, including payment processors, OTP/communication providers, cloud infrastructure and object storage providers, analytics/observability providers, and security/abuse tooling.

We do not sell personal data. We may disclose data when legally required or to protect platform security and rights.

Our current subprocessor register is available at /subprocessors.

Retention is based on operational need, security, legal obligations, and customer configuration. Time-bound OTP and access artifacts expire automatically. Certain guest analytics fields are designed for anonymization after defined retention windows.

Product retention examples include short-lived OTP credentials, expiring signed delivery/download links, and lifecycle cleanup for stale delivery artifacts.

We use technical and organizational measures such as scoped access controls, signed URL delivery patterns, encryption in transit, rate limiting, audit logging, and monitoring. No system can be guaranteed fully secure.

In the event of a material personal-data breach affecting customer accounts, we will notify affected customers without undue delay and meet any applicable regulator-reporting timelines under Indian law (including CERT-In directions where applicable).

Depending on your region and our service providers, personal data may be processed in India and other jurisdictions with appropriate contractual and security safeguards.

Subject to applicable law, you may request access, correction, deletion, or other rights over your personal data. Account deletion options are available in-product for eligible users.

To submit a request, email privacy@photoselect.space from your registered account identity with enough detail for verification, including the account phone/email and relevant album or event context where applicable.

PhotoSelect is intended for professional and event use and is not directed at children under applicable age thresholds.

We may update this policy from time to time. Material updates will be reflected with a revised effective date and may be communicated through product notices or other channels.

For privacy requests, grievance redressal, or data rights requests, contact: privacy@photoselect.space.

You may also contact support at support@photoselect.space for general assistance. We target acknowledgment of verified privacy requests within 72 hours and substantive closure within 30 days unless law requires otherwise.

Our public routing summary, including support, billing, legal, privacy, and security channels, is also published at /contact.