Privacy Policy

Last updated: 26 de enero de 2026

At JorgeX Technologies LLC (hereinafter "PhotoHeart", "we", "us" or "our"), we are committed to protecting our users' privacy. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our platform at photoheart.app.

1. Data Controller

Company Name: JorgeX Technologies LLC EIN: 61-2301728 Address: 30N Gould St Ste N, Sheridan, WY 82801, USA Email: privacy@photoheart.app

2. Data We Collect

2.1. Account Data

When you register with PhotoHeart, we collect:

  • Full name
  • Email address
  • Authentication information (encrypted password or OAuth tokens)
  • Professional profile information (optional)

2.2. Service Usage Data

During use of the platform, we may collect:

  • Your clients' data (name, email, phone) that you enter in the CRM
  • Images and photographs you upload to the platform
  • Photo session and gallery information
  • Billing and transaction data
  • Activity logs and platform usage records

2.3. Payment Data

Payments are processed securely by Stripe (PCI DSS Level 1).

Data we send to Stripe:

  • Your email address
  • Billing information you provide

Data Stripe returns to us:

  • Successful or failed payment confirmation
  • Reference identifiers (customer and subscription IDs)
  • Subscription status
  • Last 4 digits of your card (to display in your dashboard)

PhotoHeart does NOT store: Full card numbers, CVV/CVC, or complete banking details.

2.4. Integration Data

If you connect external services, we store access tokens securely in Supabase Vault (AES-256 encryption):

Google Calendar (optional):

  • Purpose: Sync your photo sessions with your calendar
  • Data sent to Google: Event title, date, time, location, description
  • Data received: List of calendars, existing events
  • OAuth Scopes: calendar.events, calendar.readonly

Gmail (optional):

  • Purpose: Send emails to your clients from your own email account
  • Data sent to Google: Email content, recipients
  • Data received: Send confirmation
  • OAuth Scopes: gmail.send, gmail.readonly
  • Important: Emails are sent from YOUR account. PhotoHeart does not access the contents of your inbox.

You can disconnect these integrations at any time from Settings → Integrations. When disconnected, the tokens are permanently deleted.

2.5. Marketing, Events, and Promotions Data

When you participate in giveaways, events, promotions, or subscribe to our commercial communications (without needing to be a registered user), we collect:

  • Name
  • Email address
  • Explicit consent for commercial communications
  • Acquisition source (event, landing page, form, etc.)
  • Registration date

This data is used to:

  • Manage your participation in giveaways and promotions
  • Send you commercial communications about PhotoHeart (if you have given your consent)
  • Inform you about partner offers related to the photography sector (if you have given your consent)
  • Contact you if you are a giveaway winner

3. Processing Purposes

3.1. Service Provision

  • Provide and maintain the PhotoHeart service
  • Manage your account and subscription
  • Process payments and billing
  • Send you service-related notifications (transactional)
  • Improve and personalize your experience

3.2. Commercial Communications (with your consent)

  • Send you newsletters with news, tips, and content for photographers
  • Inform you about new features, offers, and PhotoHeart promotions
  • Share partner offers in the photography sector (editing tools, image banks, training, etc.)
  • Invite you to events, webinars, and relevant activities

3.3. Giveaways and Promotions

  • Manage your participation in giveaways and contests
  • Contact you if you are a winner
  • Send you the corresponding prizes or benefits

3.4. Other

  • Comply with legal obligations
  • Statistical analysis and service improvement (anonymized data)
  • Fraud prevention and security
  • Contract performance: To provide the contracted service
  • Consent: For marketing communications (if you have granted it)
  • Legitimate interest: To improve our services and prevent fraud
  • Legal obligation: To comply with tax and data protection regulations

5. Third Parties and Data Processors

We share your data with the following service providers acting as data processors:

Infrastructure and Storage

  • Supabase: Database, authentication, file storage
  • Vercel: Hosting and deployment

Payments

Communications

  • Resend: Transactional email sending

Authentication

  • Google OAuth: Google login (optional)

Optional Integrations

If you choose to connect them:

  • Google Calendar: Photo session synchronization
  • Gmail: Email sending from your account

These integrations require your explicit consent and can be disconnected at any time.

Analytics (with your consent)

  • Google Analytics: Usage analysis
  • Meta Pixel: Conversion analysis
  • Vercel Analytics: Aggregated metrics (no cookies)

All our providers comply with GDPR and maintain adequate security measures.

6. International Transfers

Some providers are located outside the EEA. Transfers are carried out with appropriate safeguards:

  • Standard contractual clauses approved by the European Commission
  • Privacy certifications (EU-US Data Privacy Framework)

7. Data Retention

We retain your data for as long as you maintain your active account. After cancellation:

Data TypeRetention Period
Service accessUntil end of paid period
Images and files3 months post-cancellation
Configuration data6 months post-cancellation
Invoices and quotesMinimum 5 years (tax obligation)
Signed contractsPermanent retention

Important: You can export all your data before deletion from Settings → Storage.

7.2. Marketing Data Retention

For data collected through events, giveaways, or commercial communication subscriptions:

  • Giveaway participants: Up to 12 months after the giveaway ends, unless you have given consent for commercial communications
  • Newsletter subscribers: Until you request to unsubscribe or withdraw your consent
  • Consent history: We maintain a record of consent granted for legal compliance purposes

8. Commercial Communications

8.1. Types of Communications

If you have given your consent, you may receive:

  • PhotoHeart Newsletter: News, tips for photographers, success stories (approx. 1-2 times per month)
  • Offers and promotions: Special discounts, limited-time offers, promotional codes
  • Partner offers: Promotions for complementary tools for photographers
  • Events: Invitations to webinars, trade shows, and industry events

8.2. Partners and Collaborators

Occasionally, we may include in our communications offers from partner companies in the photography sector (editing tools, image banks, training, etc.). We never sell or transfer your email to third parties. Partner offers are always sent through our own channels.

8.3. How to Unsubscribe

You can stop receiving commercial communications at any time by sending an email to privacy@photoheart.app indicating that you wish to unsubscribe.

Unsubscribing from commercial communications does not affect transactional emails necessary for the service (payment confirmations, security notifications, etc.).

9. Giveaways and Promotions

9.1. Legal Terms

Each giveaway or promotion will have its own specific legal terms that will be published alongside the promotion, including:

  • Participation period
  • Entry requirements
  • Prize description
  • Giveaway mechanics
  • Selection date and method
  • Winner contact method

9.2. Data Processing in Giveaways

When participating in a giveaway:

  • We collect the minimum necessary data (usually name and email)
  • We request your explicit consent for processing
  • Receiving future commercial communications is optional and not a requirement for participation
  • Data is retained as indicated in section 7.2

9.3. Winner Communication

If you are selected as a winner, we will contact you via the email you provided. If you do not respond within the deadline specified in the terms, a new winner may be selected.

10. Your Rights (GDPR/LOPDGDD)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing
  • Withdraw consent: At any time, without retroactive effect

To exercise these rights, contact us at: privacy@photoheart.app

We will respond to your request within a maximum of 30 days.

11. Data Security

We implement technical and organizational measures to protect your data:

  • Data encryption in transit (HTTPS/TLS)
  • Data encryption at rest
  • Two-factor authentication available
  • Secure credential storage in Supabase Vault
  • Role-based access control
  • Regular backups
  • Continuous security monitoring

12. Cookies and Similar Technologies

Essential Cookies (no consent required):

  • Authentication cookies (Supabase) to maintain your session

Analytics Cookies (with consent):

  • Google Analytics - to understand how you use the service
  • Meta Pixel - to measure campaign effectiveness

We display a consent banner on your first visit. For more information, see our Cookie Policy.

13. Minors

PhotoHeart is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If you are aware that a minor has provided us with data, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy occasionally. We will notify you of any significant changes by email or through a notice on the platform. The "last updated" date at the top indicates when the last revision was made.

15. Contact and Complaints

For any privacy-related queries:

If you believe we have not adequately addressed your rights, you may lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es


Related documents: