Privacy Policy for ApprovePictures

This Privacy Policy explains how ApprovePictures ("we", "us", or "our") collects, uses, discloses, and protects personal data when you access or use the website approvepictures.com (the "Platform" or "Service").

1. Data Controller

The legal entity responsible for the processing of your personal data under the EU General Data Protection Regulation (GDPR) is:

Christian Nikita Valsvik
Organization Number: 836259882
Address: Hjalmevegen 3, 3580 Geilo, Norway
Email: support@approvepictures.com

2. GDPR Role Allocation (Data Controller vs. Data Processor)

Under the EU General Data Protection Regulation, a critical distinction is made regarding the personal data of End-Customers (Clients) interacting with user galleries:

• The User as Data Controller: The registered or anonymous User who uploads the images and invites clients is the "Data Controller" of their clients' personal data. The User determines the purpose of the gallery, manages client relationships, and is responsible for obtaining any necessary consents from individuals appearing in the images. End-Customers should review the respective User's own privacy terms.
• ApprovePictures as Data Processor: ApprovePictures acts strictly as a "Data Processor" regarding End-Customer interactions. We store and process gallery interactions, selections, comments, and transaction tokens solely on behalf of, and under the instruction of, the User.

3. Compliance and Legal Basis

We process personal data in accordance with the GDPR and the Norwegian Personal Data Act (Personopplysningsloven). Our processing activities for Users are based on the performance of a contract (to deliver our gallery services), legitimate interests (ensuring security and performance), or explicit consent where applicable.

4. Data We Collect and Process

The data collected depends entirely on how you interact with our Platform:

• Registered Users: Account details including email address, authentication metadata (via Google OAuth or email signup), subscription data, connected Stripe merchant identifiers (for Studio tier Users), uploaded images, and embedded EXIF metadata.
• Anonymous Users: Temporary session identifiers, uploaded images, and associated EXIF metadata.
• End-Customers (Clients): Review and feedback interaction logs including star ratings, text comments, coordinate data from image drawing/annotations, and tokenized payment transaction references when purchasing directly from a Studio tier User.

5. Our Core AI Non-Training Guarantee

We maintain a strict stance on the intellectual property and creative works of our users. We explicitly guarantee that we do not scan, parse, analyze, or utilize any uploaded images, customer-provided information, or review metrics to train artificial intelligence (AI) systems, machine learning architectures, or predictive algorithmic models.

6. Image Metadata and EXIF Processing

When a User uploads photos for client review or delivers final assets, the Platform utilizes client-side libraries (exifr) to temporarily analyze image metadata in temporary browser memory. This is performed solely to read specific timestamp attributes (DateTimeOriginal and SubSecTimeOriginal) to generate a unique, non-identifiable tracking ID string (stored as exif_timestamp_id in our database). This tracking ID allows the Platform to accurately match re-exported final delivery files with their corresponding client proofing files even if file names have changed.

Important: Raw EXIF metadata fields — including sensitive data such as device camera settings, hardware descriptions, and precise GPS location coordinates — are never extracted, collected, or persisted on our servers.

7. Technical Data Security and Access Controls

In compliance with GDPR Article 32, we implement industry-standard cryptographic and technical measures to ensure platform security, prevent unauthorized data access, and block link-guessing vulnerabilities:

• Cryptographically Secure Tokens: Public gallery sharing URLs do not use sequential or predictable identifiers. Instead, every unique gallery link is governed by an unguessable 20-character sharing token generated via client-side secure cryptography engines (crypto.getRandomValues()).
• Password Hashing: User-defined gallery passwords are immediately obfuscated using cryptographic SHA-256 hashing algorithms on the client side before transmission. Raw passwords are never stored in cleartext on our databases.
• Brute-Force Rate Limiting: To protect password-restricted galleries, our backend enforces a strict rate-limit filter tracking both the share token and IP address (maximum 5 validation attempts per 10-minute window). Exceeding this threshold systematically locks down further attempts for that specific IP.
• Opaque Support Auditing: For security maintenance, administrative support operations utilize independent, isolated report tokens (report_token) to inspect issues without exposing the primary secure sharing tokens or user credentials.

8. Cookies and Local Browser Storage

ApprovePictures does not deploy traditional marketing, tracking, or user behavioral analytics frameworks (such as Google Analytics, Mixpanel, or tracking pixels). We exclusively use essential web browser storage capabilities (such as Local Storage via Supabase Auth) to maintain secure user authentication states, session tokens, and account login stability. Because these elements are strictly necessary to deliver the requested core service, they do not require proactive tracking consent, and they are never utilized for cross-site advertising or profiling.

9. Data Location and Infrastructure

All core data, database sets, asset storage, and infrastructure hosts are deployed 100% within secure data centers located strictly inside the European Union (EU) borders to ensure complete alignment with GDPR standards.

10. Data Retention and Deletion

• Anonymous Galleries: All files, images, logs, and comments linked to an anonymous gallery are automatically and permanently wiped from our EU servers exactly 7 days after the gallery creation date.
• Registered Galleries: File retention complies with the expiration thresholds explicitly selected by the respective User, or until the User chooses to delete the gallery manually.
• Account Data: Retained while the subscription profile is active, governed by the terms specified in our subscription lifecycle.

11. Third-Party Sub-processors & Dual-Stripe Processing Context

We utilize trusted external processors to maintain platform integrity, billing frameworks, and communication pipelines. Regarding financial transactions, Stripe acts in a dual-capacity on our Platform: firstly, to process subscription billing between Users and ApprovePictures; secondly, via integration features (Stripe Connect Direct Charges), to process direct commercial transactions between End-Customers and Studio Tier Users. At no point do raw credit card details or full banking numbers pass through or reside on ApprovePictures servers.

12. Data Subject Rights

Under the GDPR framework, you retain comprehensive rights regarding your personal data. This includes the right to request access, rectification, total erasure, restriction of operational processing, data portability, and the right to lodge a formal complaint with Datatilsynet (the Norwegian Data Protection Authority).