Privacy Policy

Last Updated:

Plain-English summary (not a substitute for the full policy below): Anonymous use stores no personal data on our servers. If you sign in with Google to use paid features, we store your email, your tier, your billing identifiers, your style preferences, your credit balance, and any 👍/👎 feedback you submit, all in a Cloudflare KV record. We never sell data. Your uploaded images are sent to Google Gemini for AI analysis, then discarded from memory. Cached AI responses live up to 7 days. You can delete your account anytime by emailing us.

1. Who We Are

PhotoScanr ("we," "us," "our") is operated by Duncan Rawlinson and provides an AI-powered photo metadata generation tool at photoscanr.com. We are based in Ontario, Canada. Contact: [email protected].

2. Data We Handle

2.1 Anonymous (signed-out) users

If you use the Service without signing in, we do not store any personally identifying information on our servers. We may temporarily process the following:

  • IP address: used for per-IP rate limiting and per-IP cost-ceiling enforcement. Stored ephemerally in Cloudflare's edge cache and KV with a 48-hour TTL maximum. Not associated with any account.
  • Cloudflare Turnstile token: used to verify you are not a bot before each analysis call. Validated and discarded immediately.
  • Image content: see Section 3.

2.2 Signed-in users (Google Sign-In)

If you sign in with Google to use paid features, the reverse Pro trial, credit packs, or to save preferences, we store the following on a Cloudflare KV record keyed by your Google subject ID:

  • Email address (received from Google Sign-In and from Stripe at checkout).
  • Subscription tier (Free / Pro / Studio) and trial state (`trialEndsAt`, `isTrial`).
  • Stripe customer ID and subscription ID for billing reference. The actual payment method (card details) is held by Stripe, not by us.
  • Current period end for subscription renewal tracking.
  • Style preferences (free-text guidance you save for your AI analyses).
  • Auto-rank preference (boolean).
  • Credit balance and lifetime credits purchased.
  • Feedback count (aggregate count of 👍/👎 you've submitted).
  • Account creation timestamp.

We also store individual feedback records (`feedback:{your_sub}:{analysis_id}:{platform}`) for up to 90 days containing your thumb vote, optional edited text, timestamp, and tier. These help us evaluate AI output quality and are not used for advertising.

2.3 JWT (session token)

After signing in, we issue a JSON Web Token (JWT) that is stored in your browser's localStorage. It contains your Google subject ID, email, tier, trial state, and an expiry timestamp (24 hours). It is sent with every authenticated API request. Signing out deletes it from your browser.

3. Your Uploaded Images

When you upload an image:

  1. The image is sent from your browser to our Cloudflare Worker proxy (downscaled client-side to 1024px long-edge to reduce data transfer).
  2. The Worker forwards the image and a prompt to Google Gemini for analysis.
  3. Google's response (text-only metadata) is returned to you.
  4. The metadata response is cached in Cloudflare's edge cache for up to 7 days, keyed by a hash of the image (so re-uploads of the same image return cached results without re-calling Gemini). Cached responses are anonymous; the cache key does not include your account ID.
  5. The image bytes themselves are discarded from our worker's memory after the response is returned. We do not save your images to any persistent store.

Whatever Google does with the image during processing is governed by Google's Generative AI Terms and Google's Privacy Policy. Our use of the Gemini API is on the paid tier, where Google states it does not use your inputs or outputs to train models.

4. Third-Party Processors

We rely on the following third parties to operate the Service. Each has its own privacy policy:

We are not responsible for the data practices of these third parties. Their data handling occurs under their own terms.

5. Cookies and Local Storage

  • localStorage: stores your JWT (after sign-in), your selected free-tier extra platform, and other UI preferences. Stays on your device, not transmitted to us except as part of authenticated API calls.
  • Cookies: set by Google Analytics and (where served) Google AdSense for measurement and advertising. You can manage these via your browser settings, Google Ads Settings, the DAA opt-out, or the EDAA opt-out.

6. How We Use Data

We use stored data only to:

  • Provide the Service (run analyses, enforce tier limits, process payments).
  • Authenticate you and remember your preferences across sessions and devices.
  • Track aggregate usage for cost monitoring and product improvement.
  • Comply with legal obligations.

We do not sell your personal data. We do not share your stored data with advertisers or any party other than the third-party processors listed in Section 4 (and only for the purposes of operating the Service).

7. Data Retention

  • Account record (`google:{your_sub}`): retained as long as your account exists. Deleted on request, or at our discretion if your account is terminated.
  • Stripe customer reference (`stripe:{customer_id}`): retained while you have a Stripe customer record with us.
  • Feedback records: 90-day TTL; aggregate `feedbackCount` persists with your account.
  • Cached AI responses: 7-day TTL. Anonymous (not linked to your account).
  • Rate-limit / cost-ceiling counters: 48-hour TTL.
  • Image bytes: not retained; discarded from worker memory after each analysis call.

8. Your Rights

Depending on your jurisdiction, you may have rights under GDPR, CCPA, PIPEDA, or other privacy laws, including:

  • Access: request a copy of the data we store about you.
  • Correction: ask us to correct inaccurate data.
  • Deletion: request deletion of your account and associated data.
  • Portability: request your data in a portable format.
  • Withdraw consent: for processing based on consent (e.g., feedback).
  • Object to processing: for marketing or other non-essential processing (we do not currently use your data for marketing).

To exercise any of these rights, email [email protected]. We will respond within a reasonable time.

9. Account Deletion

You can delete your account at any time by emailing [email protected] from the address associated with your Google Sign-In. We will delete your KV record (account data, style preferences, credit balance, feedback aggregate, etc.) and individual feedback records. We will also cancel any active Stripe subscription. Stripe may retain billing records as required by law.

10. International Transfers

Cloudflare and Google operate globally; your data may be processed at edge locations or data centers in the United States, European Union, or other jurisdictions. By using the Service, you consent to such transfers. Cloudflare and Google maintain appropriate safeguards (Standard Contractual Clauses, etc.) for international transfers.

11. Children

The Service is not directed to anyone under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If we learn that a child has provided personal data, we will delete it. If you believe a child has provided personal data, contact us at [email protected].

12. Security

We use HTTPS, signed JWTs (HMAC-SHA256), encrypted Cloudflare KV, and Cloudflare Turnstile to protect the Service. Despite reasonable safeguards, no internet system is perfectly secure. We disclaim liability for breaches caused by third-party processors or events beyond our control.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted at this URL with a new "Last Updated" date. Material changes that affect your data may be communicated via email to signed-in users where feasible. Continued use of the Service after changes constitutes your acceptance.

14. Contact

Questions about this Privacy Policy or our data practices? Contact [email protected].