Privacy Policy

1. Introduction

This Privacy Policy describes how BorstPhoto, LLC (“we,” “us,” or “our”) collects, uses, and protects your information when you use the BPapp mobile application (the “App”). By using the App, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

• Account information: Your name, email address, and phone number, collected during account creation via Google or Apple Sign-In.
• Authentication data: OAuth tokens from Google or Apple used to verify your identity. We do not store your Google or Apple password.
• Booking and scheduling data: Shoot dates, times, locations, pricing, and deposit information related to photography bookings.
• Payment information: Invoice amounts, payment status, and transaction references processed through Stripe or PayPal. We do not store full credit card numbers.
• Push notification tokens: Device tokens used to deliver booking confirmations, payment alerts, and other notifications you have opted into.
• Photo metadata: File names, thumbnail references, and collection organization data. Photos themselves are stored in the photographer’s Dropbox account, not on our servers.
• Device information: Device type and operating system version, collected automatically for compatibility purposes.

3. How We Use Your Information

We use the information we collect to:

• Authenticate your identity and manage your account
• Deliver photo collections and manage shoot bookings
• Process and track payments and invoices
• Send push notifications for booking updates, payment reminders, and delivery alerts
• Sync data between the photographer and client devices via our cloud bridge
• Maintain and improve the App’s functionality

4. Data Storage and Security

The App uses a local-first architecture. Your data is stored primarily on your device using an on-device SQLite database. A cloud bridge (powered by Supabase) syncs data between the photographer and client devices. All data transmitted to and from the cloud bridge is encrypted in transit using TLS and encrypted at rest.

Photos are stored in the photographer’s personal Dropbox account and are accessed through secure, authenticated connections. We do not host photos on our own servers.

Authentication tokens and sensitive credentials are stored in your device’s secure storage (Keychain on iOS, Keystore on Android).

5. Third-Party Services

The App integrates with the following third-party services, each governed by their own privacy policies:

• Google Sign-In / Apple Sign-In: For authentication. We receive only your name, email, and a unique identifier.
• Dropbox: For photo storage and delivery. Access is limited to folders the photographer has explicitly selected.
• Stripe / PayPal: For payment processing. Payment credentials are handled entirely by these providers.
• Supabase: For secure data synchronization between devices. Data is encrypted in transit and at rest.
• Expo Push Notifications: For delivering push notifications to your device.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Your data is shared only in the following circumstances:

• With the third-party services listed above, solely to provide App functionality
• Between the photographer and client within the App, as required for photo delivery, booking management, and payment processing
• When required by law, regulation, or legal process

7. Content Reports and Moderation

The App allows you to report photos, collections, or photographers that you believe violate our Terms of Service. When you submit a report, the following information is sent by email to our moderation team so we can investigate:

• The reason category you selected and any free-text details you provided
• Identifiers for the reported content (photo, collection, or photographer ID)
• Your name, email address, and authentication identifiers, so we can follow up if needed
• The timestamp at which the report was filed

Reports are reviewed within twenty-four (24) hours. We may remove reported content, suspend or terminate offending accounts, and take any other action we deem appropriate. Report records are retained for as long as necessary to investigate and act on the issue, and for any reasonable period thereafter for audit and safety purposes.

You may also block a photographer at any time from the App’s Settings screen. Blocks are stored locally on your device and hide the blocked photographer’s content from your account; this information is not transmitted to our servers.

8. Your Rights and Choices

You have the following rights regarding your data:

• Access: You can view your account information within the App’s Settings screen.
• Deletion: You can delete your account and all associated data at any time from the App’s Settings screen. This permanently removes your data from both the device and the cloud bridge.
• Notifications: You can manage push notification preferences through your device’s system settings. Opting out of notifications does not affect your access to the App.
• Withdraw consent: You may stop using the App at any time. Deleting the App from your device removes all locally stored data.

9. Children’s Privacy

The App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

10. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data is permanently removed from the cloud bridge within 30 days. Local data is removed immediately upon account deletion or app uninstallation.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective upon posting to this page with an updated “Last updated” date. Your continued use of the App after any changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at: