Legal

Privacy Policy

Last updated 29 June 2026

This policy explains what personal data Proofing Studio handles, why, and the choices you have. We’ve tried to keep it plain. If anything is unclear, email us at hello@proofing-studio.com.

Who we are

Proofing Studio (“we”, “us”) is a photo-proofing service for photographers, operated by Proofing Studio. For questions about this policy or your data, contact us at hello@proofing-studio.com.

Two roles, an important distinction

Proofing Studio is a two-sided service, so our role depends on whose data it is:

• For photographers’ own account data (your name, email, login, studio branding), we are the data controller — we decide how that data is used.
• For the client material a photographer uploads or enters (client photographs, client names, client email addresses, selections and comments), the photographer is the data controller and Proofing Studio acts as a data processor on their behalf — we only handle that data to provide the service to the photographer.

If you are a client who received a gallery and have questions about your photos or details, please contact the photographer who shared the gallery with you, as they control that data.

What we collect

When a photographer creates an account:

• Name (or studio name), email address, and a password (stored only as a secure, salted hash — never in plain text).
• Optional studio branding you add, such as a company name, photographer name, avatar, and banner image.
• Account and subscription status needed to run the service.

When a photographer uses the service:

• Galleries you create: title, client name, shoot date, the gallery passcode you set, and the photographs you upload.
• Client email addresses you enter in order to send a gallery, and the message you choose to send.
• Client activity within a gallery: which images are starred or crowned, comments left, and whether a selection has been finalised.

Automatically, for security and operation:

• A single essential session cookie that keeps you logged in (see “Cookies” below).
• Basic server logs (such as timestamps and error information) used to keep the service secure and working.

Why we use it, and our legal basis

• To provide the service — creating accounts, hosting galleries, sending the emails you trigger. Legal basis: performance of our contract with you (GDPR Art. 6(1)(b)).
• To keep the service secure and reliable — authentication, preventing abuse, fixing faults. Legal basis: our legitimate interests (Art. 6(1)(f)).
• To meet legal obligations where they apply (Art. 6(1)(c)).

We do not sell your data, and we do not use your photographs or client information for advertising or to train any models.

Who processes data for us

We rely on a small number of trusted providers (sub-processors) to run the service. They only process data to provide their function to us:

• Vercel — website hosting and file storage for uploaded photographs.
• Upstash — the database that stores account and gallery information. Our database is hosted in the AWS Europe (Ireland) region.
• Amazon Web Services (SES) — sending transactional emails, from the Europe (Ireland) region.

Some providers are based outside the European Economic Area. Where data is transferred internationally, it is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

How long we keep it

We keep account and gallery data for as long as your account is active. If you delete a gallery, its data and photographs are removed. If you close your account or ask us to delete your data, we remove it within a reasonable period, except where we must retain limited information to meet a legal obligation.

How we protect it

Passwords are stored as secure hashes, galleries are protected by a passcode you set, traffic is encrypted over HTTPS, and access to client photographs requires that passcode. No system is perfectly secure, but we take reasonable measures to protect your data.

Your rights

If you are in the EEA/UK, you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data deleted;
• restrict or object to certain processing;
• receive your data in a portable format; and
• withdraw any consent you’ve given.

To exercise any of these, email hello@proofing-studio.com. You also have the right to complain to your local data protection authority. In Spain, that is the Agencia Española de Protección de Datos (aepd.es).

Cookies

We use a single essential cookie that keeps you signed in while you use your studio. It is strictly necessary for the service to work, so it does not require consent. We do not use advertising or third-party tracking cookies.

Children

The Proofing Studio account service is intended for photographers aged 18 or over and is not directed to children. Photographs of minors may appear in galleries; where they do, the photographer is responsible for having obtained any consent required from a parent or guardian.

Changes to this policy

We may update this policy from time to time. When we do, we’ll change the “last updated” date above, and for significant changes we’ll take reasonable steps to let you know.

Contact

Questions about your privacy? Email hello@proofing-studio.com.