Legal

Privacy Policy

Last updated: 2026-06-03

This policy explains what Fotofolio ("Fotofolio", "we", "us") collects about you, why we collect it, how we use it, who we share it with, and what choices you have. It applies to fotofolio.nanoappstudio.com and the photographer-facing service we run there.

We've tried to keep this readable. If anything is unclear, write to privacy@nanoappstudio.com.

1. The data we collect

Account data

  • Name, email, optional phone
  • Password (hashed; we can't read it)
  • Subscription tier + billing status
  • Account preferences (theme, language)

Content you upload

  • Photos and videos you publish to your portfolio or send to clients
  • Album titles, captions, tags
  • Signatures / watermarks you create
  • Drafts of edited photos before you publish them

Usage data

  • Page views in your dashboard (to fix bugs and prioritise features)
  • Public portfolio visit counts + referrers (so you can see how your portfolio is performing)
  • Device + browser type

Data from connected services

  • Adobe Lightroom: photo metadata and image data you choose to import
  • DaVinci Resolve / Adobe Premiere / Blender / Kdenlive / Shotcut: project metadata and rendered output you choose to upload via our plugins
  • Razorpay / Stripe: payment status (we don't see your card)

2. How we use it

  • To run the service: store your photos, render your portfolio, deliver client galleries
  • To bill you and process payments
  • To send transactional emails (welcome, password reset, plan changes)
  • To improve the product (we look at aggregated, anonymous usage data)
  • To respond when you ask us for help
  • To investigate abuse (illegal content, scraping, etc.)

We do not sell your data. We do not use your photos to train AI models.

3. Who we share it with

Service providers (sub-processors)

  • Amazon Web Services — hosting, file storage (S3), email (SES)
  • Razorpay + Stripe — payment processing
  • Adobe — when you choose to connect Lightroom
  • Pinterest / Meta / Google — when you choose to connect those for social publishing (planned features)

People you choose to share with

  • Anyone you give a client-gallery link to (with or without an access code)
  • Anyone who visits your public portfolio

Required by law

We respond to lawful subpoenas, court orders, and similar binding requests, but we'll push back on overbroad requests and tell you about them where we can.

4. Where your data lives

Files are stored in Amazon S3 (region us-east-1 today). Account data lives in a SQLite database on an EC2 instance in the same region. We'll add Indian region storage as Indian customer base grows.

5. How long we keep it

  • While your account is active: indefinitely, so the service works
  • After you delete your account: full deletion within 30 days. We may retain billing records longer where law requires.
  • Backups: encrypted backups retained 30 days, then permanently deleted

To delete your account, go to Data deletion or email privacy@nanoappstudio.com.

6. Your rights

Depending on where you live (GDPR, India DPDP, California CCPA), you have some or all of these rights:

  • Access — get a copy of the data we have about you
  • Correction — fix it if it's wrong
  • Deletion — ask us to delete it
  • Portability — get it in a format you can move elsewhere
  • Object — to processing you don't agree with

Email privacy@nanoappstudio.com to exercise any of these. We respond within 30 days.

7. Security

  • HTTPS everywhere
  • Passwords hashed with bcrypt
  • OAuth tokens encrypted at rest
  • Personal access tokens stored as SHA-256 hashes
  • EC2 instance with restricted SSH access; backups encrypted

We're a small team. We don't pretend to be SOC 2 audited yet. If we have a breach affecting you, we'll tell you within 72 hours of becoming aware.

8. Cookies and tracking

We use a small number of cookies — see the Cookie Policy.

9. Children

Fotofolio is for working photographers. We don't intentionally collect data from anyone under 16. If we learn we have, we delete it.

10. Changes to this policy

We'll post material changes here with a new "Last updated" date, and email account-holders for anything significant. Continued use after the change means you've accepted it.

11. Contact

Questions, complaints, requests: privacy@nanoappstudio.com
Operating entity: NanoApp Studio (India)