Privacy Policy
Version 1.0 | Effective Date: January 24, 2026
LensWizard (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
Please read this Privacy Policy carefully. If you do not agree with the terms, please do not access the Service.
1. Information We Collect
1.1 Information You Provide
Account Registration
- Name
- Email address
- Password (securely hashed)
- Profile information
Customer Booking Information
- Name and email address
- Booking details (date, time, location)
- Payment information (processed by Stripe, not stored by us)
- Communication with Photographers
Photographer Account Information
- Business name and contact information
- Bank account details (for payouts, processed by Stripe)
- Tax identification information (where required)
- Portfolio photos
- Service offerings and pricing
- Location and availability
Photos and Content
- Photos uploaded by Photographers for delivery
- Portfolio images
- Profile pictures
1.2 Information Collected Automatically
Technical Data
- IP address
- Browser type and version
- Device type and operating system
- Time zone and language settings
- Page views and navigation patterns
Usage Data
- Features and pages accessed
- Booking history
- Search queries
- Referral sources
Cookies and Similar Technologies
- Session cookies (authentication)
- Preference cookies (language, theme settings)
- Analytics cookies (usage patterns)
See Section 8 for more details on cookies.
2. How We Use Your Information
2.1 Primary Purposes
| Purpose | Legal Basis (GDPR) |
|---|---|
| Process bookings and payments | Contract performance |
| Deliver photos to customers | Contract performance |
| Send transactional emails (confirmations, receipts) | Contract performance |
| Provide customer support | Contract performance |
| Verify Photographer identities | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Improve our services | Legitimate interest |
| Send marketing communications | Consent |
2.2 Communication
We may contact you for:
- Transactional emails: Booking confirmations, payment receipts, photo delivery notifications
- Service emails: Account updates, security alerts, policy changes
- Marketing emails: Promotions, new features, photographer highlights (opt-in only)
You can unsubscribe from marketing emails at any time using the link in each email.
2.3 Analytics and Improvement
We analyze aggregated and anonymized data to:
- Understand how users interact with our platform
- Identify and fix technical issues
- Improve user experience
- Develop new features
3. How We Share Your Information
3.1 With Other Users
| Data Shared | From | To | Purpose |
|---|---|---|---|
| Name, email | Customer | Photographer | Complete booking |
| Name, email, portfolio | Photographer | Customer | Booking selection |
| Photos | Photographer | Customer | Photo delivery |
3.2 With Third-Party Service Providers
We share data with trusted service providers who assist our operations:
| Provider | Data Shared | Purpose | Privacy Info |
|---|---|---|---|
| Stripe | Payment details, email, booking amounts | Payment processing | Stripe Privacy |
| Resend | Name, email, booking details | Email delivery | Resend Privacy |
| Cloudflare | Photos, technical data | Photo storage (R2) | Cloudflare Privacy |
| Sentry | Error logs (anonymized, no PII) | Error tracking | Sentry Privacy |
| Eventbrite | OAuth tokens, event data (if connected) | Marketing integration | Eventbrite Privacy |
All service providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.3 Legal Requirements
We may disclose your information when required by law or in response to:
- Valid legal process (subpoenas, court orders)
- Government requests
- Protection of our rights, property, or safety
- Protection of users or the public
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity with equivalent privacy protections.
3.5 We Do Not Sell Your Data
LensWizard does not sell, rent, or trade your personal information to third parties for their marketing purposes.
4. Data Retention
4.1 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Service provision |
| Photos | Until album/account deletion | Photo delivery |
| Booking records | 7 years | Tax and legal compliance |
| Payment records | 7 years | Financial regulations |
| Communication logs | 2 years | Customer support |
| Analytics data | 26 months (aggregated) | Platform improvement |
4.2 After Deletion
When you delete your account:
- Personal data is removed within 30 days
- Financial records are retained as required by law
- Anonymized data may be retained for analytics
- Backups are purged according to our backup rotation schedule
5. Your Rights (GDPR and CCPA)
5.1 Rights for All Users
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Portability: Receive your data in a portable format
- Objection: Object to certain processing activities
- Restriction: Request limited processing of your data
- Withdraw Consent: Revoke consent where processing is based on consent
5.2 EU/EEA Residents (GDPR)
Under the General Data Protection Regulation, you also have the right to:
- Lodge a complaint with your local data protection authority
- Not be subject to automated decision-making with legal effects
- Receive clear information about data processing
Data Protection Authorities:
- Germany: BfDI
- EU list: EDPB Members
5.3 California Residents (CCPA)
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information is collected
- Know whether personal information is sold or disclosed
- Opt-out of the sale of personal information (we do not sell data)
- Request deletion of personal information
- Non-discrimination for exercising these rights
5.4 Exercising Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@lenswizards.com
- Response time: Within 30 days (GDPR) or 45 days (CCPA)
We may need to verify your identity before processing requests.
6. Data Security
6.1 Security Measures
We implement appropriate technical and organizational measures:
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.2+ for all connections |
| Encryption at rest | AES-256 for stored data |
| Access controls | Role-based access, principle of least privilege |
| Authentication | Secure password hashing (bcrypt), optional 2FA |
| Payment security | PCI DSS compliant via Stripe (no card data stored) |
| Infrastructure | Cloud hosting with security certifications |
6.2 Security Practices
- Regular security assessments
- Secure development practices
- Employee training on data protection
- Incident response procedures
6.3 Data Breach Notification
In the event of a data breach affecting your personal data:
- We will notify affected users within 72 hours
- We will notify relevant supervisory authorities as required
- We will provide information about the breach and remediation steps
7. International Data Transfers
7.1 Data Location
Your data may be processed in:
- European Union (primary)
- United States (service providers)
7.2 Transfer Safeguards
For transfers outside the EU/EEA, we rely on:
- Standard Contractual Clauses (SCCs): EU-approved contract terms
- EU-US Data Privacy Framework: For US companies that have self-certified
- Adequacy decisions: For transfers to countries with adequate protection
7.3 Your Rights
You have the right to obtain a copy of the safeguards used for international transfers upon request.
8. Cookies and Tracking
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session |
| Functional | Language preferences, theme settings | 1 year |
| Analytics | Usage patterns, performance monitoring | 26 months |
8.2 Managing Cookies
You can manage cookie preferences through:
- Your browser settings
- Our cookie preference center (when available)
Note: Disabling essential cookies may affect platform functionality.
8.3 Third-Party Cookies
Our service providers may set cookies for analytics and functionality. See their respective privacy policies (linked in Section 3.2) for details.
9. Children’s Privacy
LensWizard is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@lenswizards.com, and we will delete such data.
10. Third-Party Links
Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.
11. Photos and Biometric Data
11.1 Photo Storage
Photos uploaded by Photographers are stored on secure cloud infrastructure (Cloudflare R2) and are accessible only to:
- The Photographer who uploaded them
- Customers who have received delivery access
- LensWizard staff for support purposes (when necessary)
11.2 Biometric Data
Photos may contain biometric identifiers (facial features). We do not:
- Process photos for facial recognition
- Extract or store biometric templates
- Share photos with third parties for biometric analysis
Photos are stored solely for the purpose of delivery between Photographers and Customers.
12. Marketing and Communications
12.1 Marketing Consent
We only send marketing communications if you have:
- Opted in to receive them, or
- Have an existing relationship and have not opted out
12.2 Opting Out
You can opt out of marketing at any time by:
- Clicking “Unsubscribe” in any marketing email
- Updating preferences in your account settings
- Contacting us at privacy@lenswizards.com
12.3 Transactional Communications
You cannot opt out of essential transactional communications (booking confirmations, security alerts, policy updates).
13. Changes to This Policy
13.1 Updates
We may update this Privacy Policy periodically. Changes will be communicated via:
- Email notification for material changes
- Notice on our website
- Updated “Effective Date” at the top of this policy
13.2 Review
We recommend reviewing this policy periodically to stay informed about how we protect your data.
14. Contact Information
For privacy-related questions, requests, or complaints:
Data Protection Contact
- Email: privacy@lenswizards.com
- Response time: Within 30 days
General Support
- Email: support@lenswizards.com
Mailing Address LensWizard [Address to be added]
15. Legal Basis Summary (GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Contract performance |
| Booking processing | Contract performance |
| Payment processing | Contract performance |
| Photo storage and delivery | Contract performance |
| Transactional emails | Contract performance |
| Identity verification | Legitimate interest |
| Fraud prevention | Legitimate interest |
| Platform analytics | Legitimate interest |
| Customer support | Legitimate interest |
| Marketing emails | Consent |
| Cookies (non-essential) | Consent |
Last updated: January 24, 2026
Note: This document provides a framework based on industry best practices and regulatory requirements. We recommend legal review specific to your jurisdiction.