Welcome to Xposure ("we," "our," or "us"). We build minimalist, high-performance tools for professional photographers. We believe that software should be invisible, and that extends to your privacy. We only collect the data necessary to run the platform securely and efficiently.

This policy explains how we collect, use, and protect your personal data in compliance with the European General Data Protection Regulation (GDPR).

1. Our Roles

Under the GDPR, we operate in two different capacities depending on who is using the platform:

As a Data Controller: When you (the Photographer) sign up for an account, we decide how your account and billing data is processed.
As a Data Processor: When you upload photographs of your clients, or when your clients visit your galleries, you are the Data Controller. We merely process and store this data on your behalf.

2. What Data We Collect & Why

We collect strictly what is necessary to operate the platform.

From Photographers (Account Holders):

Account Data: Your name and email address. We use this to create your account, secure your login, and communicate important platform updates.
Billing Data: If you upgrade to a paid plan, payment details are collected directly by our payment provider (Stripe). We do not store your credit card numbers on our servers; we only store your billing history and subscription status.

From Gallery Visitors (Clients/Guests):

Analytics & Security Data: When visitors view a gallery, we collect their IP address and basic interaction data (e.g., view counts). This allows us to protect the platform from malicious traffic and provide the Photographer with basic gallery analytics.

3. How We Store & Share Your Data

Your data is securely stored on servers located strictly within the European Union.

We do not sell your data. We only share data with trusted third-party service providers (Sub-processors) required to run the platform:

Cloud Infrastructure: For secure hosting and high-resolution image storage.
Stripe: For processing subscription payments.
Email Providers: For sending transactional emails (like password resets or gallery delivery links).

4. Cookies & Tracking

We use cookies for two different purposes:

Functional Cookies (Strictly Necessary): We use secure, HTTP-only session cookies to keep Photographers logged in and keep private galleries secure. The platform cannot function without these.
Analytics - no cookies, no tracking: We use Umami, a privacy-focused analytics tool, to measure aggregate traffic on our public pages. Umami sets no cookies, assigns no persistent identifiers, and does not share data with third parties - so we do not display a cookie consent banner. We do not use Google Analytics, Meta Pixels, or any other cross-site tracking technology.

5. Data Retention & Deletion

We believe your data is yours. If a Photographer decides to close their account, or if an account is terminated, all associated data-including high-resolution photos, galleries, and account details-is deleted immediately and permanently from our active servers.

6. Your GDPR Rights

If you are located in the EU, you have the following rights regarding your personal data:

Right to Access: You can request a copy of the data we hold about you.
Right to Rectification: You can update or correct inaccurate data.
Right to Erasure: You can ask us to delete your personal data (the "Right to be Forgotten").
Right to Restrict or Object: You can object to how we process your data.
Right to Data Portability: You can request your data in a structured, machine-readable format.

To exercise any of these rights, please contact us at the email address below.

7. Age Limitations

Our platform is intended for individuals who are at least 16 years old. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information immediately.

8. Contact Us

If you have any questions about this Privacy Policy, your data, or how we handle your privacy, please contact us at:
Email: [email protected]