Privacy Policy

Introduction

At jrvaPhotoShare, we are committed to protecting your privacy and safeguarding your personal data. This Privacy Policy explains what information we collect, how we use it, how it is protected, and the choices you have when using our photo sharing service.

Information We Collect

Information You Provide

• Account Information: Email address (required for login, account recovery, and service notices), optional display name.
• Photos and Albums: Photos you upload, album names, descriptions, and captions.
• Communication Preferences: Your opt-in or opt-out choices for marketing emails.
• Customer Service and Support: Information that you provide to us related to customer service, support, and other communications related to your account and/or use of the service.

Automatically Collected Information

We collect only the minimum information necessary to operate securely and reliably:

• Security Logs: IP address, timestamps, authentication events, and failed login attempts.
• Minimal Usage Metrics: High-level feature usage counts (not detailed click tracking), used for reliability and usability improvements.
• Device Information: Browser type and operating system version.

We do not use third-party tracking cookies, advertising pixels, or cross-site analytics.

Legal Basis for Processing (Where Applicable)

We process personal information based on one or more of the following:

• Performance of a contract (providing the service you request)
• Your consent (marketing emails, album sharing)
• Legitimate interests (security, abuse prevention, service reliability)
• Legal obligations

How We Use Your Information

We use this minimal collected information to:

• Provide and maintain the photo sharing service
• Authenticate users and secure accounts
• Send essential service communications (password resets, confirmations, policy updates)
• Send optional marketing emails only if you opt in
• Detect and prevent abuse, fraud, and unauthorized access
• Improve service reliability and features

What We Do NOT Do

• We do not sell, rent, trade, or broker personal data.
• We do not use third-party advertising or tracking services.
• We do not track users across websites.
• We do not use uploaded media files for AI training, facial recognition, or profiling.
• We do not view, browse, or access your uploaded photos. Our customer service admin/super-admin functions do not have the ability to view user photos unless a user provides a share link related to a question or service issue, along with permission to view the shared album.

Information Sharing and Disclosure

We do not share personal information with third parties for marketing purposes.

Limited sharing occurs only in the following cases:

• With Your Consent: When you share photo albums using invite links.
• Service Providers: Trusted infrastructure providers used strictly to operate the service. Our storage and content delivery providers (Backblaze, BunnyCDN) receive only your media files and the technical data necessary for storage and delivery. They do not receive your personal account information. Our security and performance provider (Cloudflare) processes all incoming website traffic as a reverse proxy, including page requests, form submissions, and uploads. See the Website Security and Infrastructure section below for details.
• Legal Requirements: When required by law or valid legal process.
• Security: To protect users, the service, or the public from harm or abuse.

Media files are stored encrypted at rest with a third-party storage provider and delivered via secure content delivery network.

Payment Processing

jrvaPhotoShare uses Stripe Checkout, a third-party payment service provided by Stripe, Inc., to process subscription payments and other transactions. Stripe is a widely used and trusted payment processor that is certified to comply with applicable payment security standards, including the Payment Card Industry Data Security Standard (PCI DSS).

When you initiate a payment, you are redirected to Stripe-hosted payment pages. Payment information you enter, such as credit or debit card details, is collected and processed directly by Stripe and is never received, stored, or processed by jrvaPhotoShare.

Stripe may collect and process information necessary to complete the transaction, including payment details, billing information, IP address, device information, and data used for security, fraud detection, and compliance purposes. Stripe may also use cookies, scripts, or similar technologies on its hosted checkout pages to enable secure payment processing and fraud prevention.

jrvaPhotoShare stores only limited information related to completed transactions, consisting of:

• The Stripe payment intent identifier
• Transaction amount
• Date and time of the transaction

jrvaPhotoShare does not store cardholder name, credit card numbers, security codes, card expiration dates, or other sensitive payment information.

Stripe's collection and use of information is governed by Stripe's own Privacy Policy and Terms of Service. We encourage users to review Stripe's privacy practices for additional details.

Website Security and Infrastructure

jrvaPhotoShare uses Cloudflare, Inc. to provide security, DDoS protection, and performance optimization for our website. Cloudflare acts as a reverse proxy, meaning all requests to our website pass through Cloudflare's network before reaching our servers.

This includes page view requests, form submissions (such as login and registration), and photo uploads. Cloudflare may collect and process IP addresses, request headers, cookies, and other technical information for security analysis, bot detection, and abuse prevention.

Outbound communications from our servers—such as emails we send to you, or API calls to payment and storage providers—do not pass through Cloudflare.

Cloudflare's collection and use of information is governed by their own Privacy Policy. We encourage users to review their privacy practices for additional details.

Photo Storage and Delivery

jrvaPhotoShare uses third-party cloud infrastructure to store and deliver your media files:

• Backblaze B2: A secure cloud storage service provided by Backblaze, Inc. where your uploaded media files are stored encrypted at rest.
• BunnyCDN: A media-optimized content delivery network provided by Bunny.net that delivers media files to viewers through geographically distributed servers for faster loading.

When you upload a media file, it is transmitted from our server to Backblaze B2 for storage. When media files are requested, BunnyCDN retrieves them from Backblaze if needed, caches them for faster delivery, and delivers them to the viewer.

These providers may collect technical information necessary for storage and delivery, including IP addresses, request data, and access timestamps. This information is used for content delivery, security, performance optimization, and abuse prevention.

Media files are delivered using time-limited, cryptographically signed URLs that expire automatically. This prevents unauthorized access and hotlinking.

We do not share your personal account information (such as email address or display name) with our storage or CDN providers. They receive only the media files and the technical information necessary for storage and delivery.

Backblaze's and Bunny.net's collection and use of information is governed by their respective Privacy Policies. We encourage users to review their privacy practices for additional details.

Data Security

We use industry-standard safeguards, including:

• Secure password hashing
• HTTPS-encrypted connections
• Session protection and automatic expiration
• Brute-force and abuse protection
• Regular security monitoring
• Automatic expiration and revocation of album share links

Your Photo Albums

Your media remain your property.

When you share albums:

• Recipients may view your media using invite links
• Recipients may technically capture or save viewed media files
• You control access through link creation, expiration, and revocation
• Canceling an album link immediately disables access

Disabling or deleting your account automatically revokes all associated share links.

Marketing Communications

If you opt in:

• We send no more than 1–2 emails per month
• Emails cover service updates and usage tips
• You may unsubscribe at any time

We will never share your email address for marketing.

Data Retention

• Account data is retained while your account is active
• Upon account deletion:
  • Media files and albums are permanently deleted within 15 days
  • Personal information is removed from active systems
  • Limited anonymized security logs may be retained for up to 90 days

Safety and Legal Compliance

jrvaPhotoShare is designed to respect user privacy while maintaining a safe and lawful service.

The management of jrvaPhotoShare has a moral and legal obligation to report any Child Sexual Abuse Material (CSAM) that is discovered on our service. If we receive a credible report of media that appears to be CSAM on our service, we will investigate, and if warranted, the incident will immediately be reported to the U.S. National Center for Missing and Exploited Children (NCMEC) per 18 U.S. Code § 2258A. Additionally the associated account will be limited to isolate the media in question and to prevent sharing and deletion of the media, per 18 U.S. Code § 2258A.

Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate data
• Delete your account and data
• Opt out of marketing emails
• Download or export all of your media files and account data

Children's Privacy

jrvaPhotoShare is not intended for children under 13 and complies with the U.S. Children's Online Privacy Protection Act (COPPA). We do not knowingly collect data from children under the age of 13.

Changes to This Policy

If we make significant changes:

• The version number and date will be updated
• You may be prompted to review the policy at login
• We may notify you via email

Contact Us

For privacy questions or requests:
privacy@jrvaPhotoShare.com

← Back