Privacy Policy
Last updated: December 8, 2025
PhotoKeep (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered photo enhancement service.
Information We Collect
Information You Provide
- Account Information: Email address, name, and password (or OAuth credentials)
- Payment Information: Processed securely through Stripe; we do not store credit card details
- Photos: Images you upload for enhancement processing
Information Collected Automatically
- Usage Data: Features used, enhancement types selected, credit consumption
- Device Information: Browser type, operating system, device identifiers
- Log Data: IP address, access times, pages viewed, referring URL
How We Use Your Information
- Provide Services: Process and enhance your photos using AI models
- Account Management: Manage your subscription and credits
- Improve Services: Analyze usage patterns to enhance our AI models
- Communication: Send service updates, security alerts, and marketing (with consent)
- Legal Compliance: Comply with applicable laws and regulations
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Original photos | 24 hours after processing |
| Enhanced photos | 30 days (or until manual deletion) |
| Usage logs | 90 days |
| Payment records | 7 years (legal requirement) |
Data Sharing
We share your data with:
- Service Providers: Cloud hosting (Hivelocity), payment processing (Stripe), analytics (Amplitude), error tracking (Sentry)
- Legal Requirements: When required by law or legal process
- Business Transfers: In connection with merger, acquisition, or asset sale
We do NOT sell your personal data or photos to third parties.
Your Rights (GDPR/CCPA)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Delete your account and data (“right to be forgotten”)
- Portability: Receive your data in a portable format
- Objection: Opt out of marketing communications
- Restriction: Limit how we process your data
To exercise these rights, contact us at [email protected]
Data Security
- HTTPS/TLS encryption for all data in transit
- AES-256 encryption for data at rest
- httpOnly secure cookies (XSS protection)
- CORS and CSP security headers
- Regular security audits and penetration testing
- Rate limiting and account lockout protection
Contact Us
For privacy-related inquiries:
- Email: [email protected]
- Data Protection Officer: [email protected]
EU residents may lodge complaints with their local data protection authority.
Effective Date: December 8, 2025 | Version 1.0