At JorgeX Technologies LLC (hereinafter "PhotoHeart", "we", "us" or "our"), we are committed to protecting our users' privacy. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our platform at photoheart.app.
1. Data Controller
Company Name: JorgeX Technologies LLC EIN: 61-2301728 Address: 30N Gould St Ste N, Sheridan, WY 82801, USA Email: privacy@photoheart.app
2. Data We Collect
2.1. Account Data
When you register with PhotoHeart, we collect:
- Full name
- Email address
- Authentication information (encrypted password or OAuth tokens)
- Professional profile information (optional)
2.2. Service Usage Data
During use of the platform, we may collect:
- Your clients' data (name, email, phone) that you enter in the CRM
- Images and photographs you upload to the platform
- Photo session and gallery information
- Billing and transaction data
- Activity logs and platform usage records
2.3. Payment Data
Payments are processed securely by Stripe (PCI DSS Level 1).
Data we send to Stripe:
- Your email address
- Billing information you provide
Data Stripe returns to us:
- Successful or failed payment confirmation
- Reference identifiers (customer and subscription IDs)
- Subscription status
- Last 4 digits of your card (to display in your dashboard)
PhotoHeart does NOT store: Full card numbers, CVV/CVC, or complete banking details.
2.4. Integration Data
If you connect external services, we store access tokens securely in Supabase Vault (AES-256 encryption):
Google Calendar (optional):
- Purpose: Sync your photo sessions with your calendar
- Data sent to Google: Event title, date, time, location, description
- Data received: List of calendars, existing events
- OAuth Scopes:
calendar.events,calendar.readonly
Gmail (optional):
- Purpose: Send emails to your clients from your own email account
- Data sent to Google: Email content, recipients
- Data received: Send confirmation
- OAuth Scopes:
gmail.send,gmail.readonly - Important: Emails are sent from YOUR account. PhotoHeart does not access the contents of your inbox.
You can disconnect these integrations at any time from Settings → Integrations. When disconnected, the tokens are permanently deleted.
2.5. Marketing, Events, and Promotions Data
When you participate in giveaways, events, promotions, or subscribe to our commercial communications (without needing to be a registered user), we collect:
- Name
- Email address
- Explicit consent for commercial communications
- Acquisition source (event, landing page, form, etc.)
- Registration date
This data is used to:
- Manage your participation in giveaways and promotions
- Send you commercial communications about PhotoHeart (if you have given your consent)
- Inform you about partner offers related to the photography sector (if you have given your consent)
- Contact you if you are a giveaway winner
3. Processing Purposes
3.1. Service Provision
- Provide and maintain the PhotoHeart service
- Manage your account and subscription
- Process payments and billing
- Send you service-related notifications (transactional)
- Improve and personalize your experience
3.2. Commercial Communications (with your consent)
- Send you newsletters with news, tips, and content for photographers
- Inform you about new features, offers, and PhotoHeart promotions
- Share partner offers in the photography sector (editing tools, image banks, training, etc.)
- Invite you to events, webinars, and relevant activities
3.3. Giveaways and Promotions
- Manage your participation in giveaways and contests
- Contact you if you are a winner
- Send you the corresponding prizes or benefits
3.4. Other
- Comply with legal obligations
- Statistical analysis and service improvement (anonymized data)
- Fraud prevention and security
4. Legal Basis for Processing
- Contract performance: To provide the contracted service
- Consent: For marketing communications (if you have granted it)
- Legitimate interest: To improve our services and prevent fraud
- Legal obligation: To comply with tax and data protection regulations
5. Third Parties and Data Processors
We share your data with the following service providers acting as data processors:
Infrastructure and Storage
- Supabase: Database, authentication, file storage
- Vercel: Hosting and deployment
Payments
- Stripe: Payment and subscription processing (Privacy Policy)
Communications
- Resend: Transactional email sending
Authentication
- Google OAuth: Google login (optional)
Optional Integrations
If you choose to connect them:
- Google Calendar: Photo session synchronization
- Gmail: Email sending from your account
These integrations require your explicit consent and can be disconnected at any time.
Analytics (with your consent)
- Google Analytics: Usage analysis
- Meta Pixel: Conversion analysis
- Vercel Analytics: Aggregated metrics (no cookies)
All our providers comply with GDPR and maintain adequate security measures.
6. International Transfers
Some providers are located outside the EEA. Transfers are carried out with appropriate safeguards:
- Standard contractual clauses approved by the European Commission
- Privacy certifications (EU-US Data Privacy Framework)
7. Data Retention
We retain your data for as long as you maintain your active account. After cancellation:
| Data Type | Retention Period |
|---|---|
| Service access | Until end of paid period |
| Images and files | 3 months post-cancellation |
| Configuration data | 6 months post-cancellation |
| Invoices and quotes | Minimum 5 years (tax obligation) |
| Signed contracts | Permanent retention |
Important: You can export all your data before deletion from Settings → Storage.
7.2. Marketing Data Retention
For data collected through events, giveaways, or commercial communication subscriptions:
- Giveaway participants: Up to 12 months after the giveaway ends, unless you have given consent for commercial communications
- Newsletter subscribers: Until you request to unsubscribe or withdraw your consent
- Consent history: We maintain a record of consent granted for legal compliance purposes
8. Commercial Communications
8.1. Types of Communications
If you have given your consent, you may receive:
- PhotoHeart Newsletter: News, tips for photographers, success stories (approx. 1-2 times per month)
- Offers and promotions: Special discounts, limited-time offers, promotional codes
- Partner offers: Promotions for complementary tools for photographers
- Events: Invitations to webinars, trade shows, and industry events
8.2. Partners and Collaborators
Occasionally, we may include in our communications offers from partner companies in the photography sector (editing tools, image banks, training, etc.). We never sell or transfer your email to third parties. Partner offers are always sent through our own channels.
8.3. How to Unsubscribe
You can stop receiving commercial communications at any time by sending an email to privacy@photoheart.app indicating that you wish to unsubscribe.
Unsubscribing from commercial communications does not affect transactional emails necessary for the service (payment confirmations, security notifications, etc.).
9. Giveaways and Promotions
9.1. Legal Terms
Each giveaway or promotion will have its own specific legal terms that will be published alongside the promotion, including:
- Participation period
- Entry requirements
- Prize description
- Giveaway mechanics
- Selection date and method
- Winner contact method
9.2. Data Processing in Giveaways
When participating in a giveaway:
- We collect the minimum necessary data (usually name and email)
- We request your explicit consent for processing
- Receiving future commercial communications is optional and not a requirement for participation
- Data is retained as indicated in section 7.2
9.3. Winner Communication
If you are selected as a winner, we will contact you via the email you provided. If you do not respond within the deadline specified in the terms, a new winner may be selected.
10. Your Rights (GDPR/LOPDGDD)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a structured format
- Objection: Object to certain processing of your data
- Restriction: Request restriction of processing
- Withdraw consent: At any time, without retroactive effect
To exercise these rights, contact us at: privacy@photoheart.app
We will respond to your request within a maximum of 30 days.
11. Data Security
We implement technical and organizational measures to protect your data:
- Data encryption in transit (HTTPS/TLS)
- Data encryption at rest
- Two-factor authentication available
- Secure credential storage in Supabase Vault
- Role-based access control
- Regular backups
- Continuous security monitoring
12. Cookies and Similar Technologies
Essential Cookies (no consent required):
- Authentication cookies (Supabase) to maintain your session
Analytics Cookies (with consent):
- Google Analytics - to understand how you use the service
- Meta Pixel - to measure campaign effectiveness
We display a consent banner on your first visit. For more information, see our Cookie Policy.
13. Minors
PhotoHeart is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If you are aware that a minor has provided us with data, please contact us immediately.
14. Changes to This Policy
We may update this Privacy Policy occasionally. We will notify you of any significant changes by email or through a notice on the platform. The "last updated" date at the top indicates when the last revision was made.
15. Contact and Complaints
For any privacy-related queries:
Email: privacy@photoheart.app General support: support@photoheart.app
If you believe we have not adequately addressed your rights, you may lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es
Related documents: