Privacy Policy

ProStudios Image ("we," "our," or "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard data when you visit prostudiosimage.com or use our client gallery services. It applies to visitors from all regions, including the European Union (GDPR) and California (CCPA).

1. Information We Collect

We collect information you provide directly:

• Contact & booking forms: name, email address, phone number, event details, and any message you submit.
• Client galleries: your name and email address used to create and access your private photo gallery.

We also collect limited technical data automatically:

• Hashed IP address (for unique visitor counting in client galleries — stored as a one-way hash; the original IP is never retained).
• Standard web server logs (access times, browser type, referring URL) retained for up to 30 days.
• Session cookies necessary for secure authentication to client galleries and our admin portal.

2. How We Use Your Information

• To respond to your inquiries and booking requests.
• To create and manage your private client gallery.
• To send booking confirmation and administrative emails.
• To count unique visitors to a gallery (for the photographer's records only).
• To protect against unauthorized access via session-based authentication.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your personal data under the following legal bases:

• Consent — where you have given clear consent by checking the consent box on our forms.
• Contractual necessity — to fulfil a booking or service agreement.
• Legitimate interests — for security, fraud prevention, and basic site analytics, where these interests are not overridden by your rights.

4. Cookies

We use only essential cookies necessary to operate the site:

• Session cookie — keeps you authenticated while accessing your gallery or the admin portal. Expires when you close your browser or after 2 hours of inactivity.
• Cookie consent cookie — records your cookie preference so we don't ask again. Expires after 365 days.

We do not use any third-party advertising, tracking, or analytics cookies.

5. Your Rights

All users may contact us at any time to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.

EU/EEA residents (GDPR) additionally have the right to data portability, the right to restrict processing, and the right to object to processing based on legitimate interests. You also have the right to lodge a complaint with your local data protection authority.

California residents (CCPA) have the right to know what personal information is collected, the right to deletion, and the right to non-discrimination for exercising these rights. We do not sell personal information, so the right to opt-out of sale does not apply.

To exercise any of these rights, contact us at: jackie@prostudiosimage.com

6. Data Retention Policy

We retain personal data only as long as necessary for the purposes described above:

• Contact & booking submissions — retained for 3 years to support follow-up communications and booking records, then permanently deleted.
• Client gallery data (name, email, gallery password) — retained for the lifetime of the gallery plus 1 year after the gallery is deactivated, then permanently deleted.
• Gallery photos — retained according to the delivery agreement with the client. Photos are deleted upon client request or after the retention period agreed at booking.
• Hashed visitor IPs — retained for the lifetime of the associated gallery, then deleted with the gallery.
• Web server logs — automatically purged after 30 days.
• Session data — expires after 2 hours of inactivity and is purged automatically by the server.

You may request early deletion of your data at any time by emailing us.

7. Data Security

We protect your data using industry-standard measures:

• All data is transmitted over HTTPS/TLS.
• Gallery passwords are stored using bcrypt hashing; a reversible encrypted copy (AES-256-CBC) is maintained solely to allow the photographer to share the password with the client.
• Uploaded photos are stored in a directory outside the public web root and are served only through authenticated file endpoints.
• Sessions use secure, HTTP-only, SameSite cookies with strict-mode enforcement.
• CSRF tokens protect all form submissions.

8. Third-Party Services

We use Google Fonts for typography. Google may collect limited data (IP address and browser information) when your browser fetches fonts. Please refer to Google's Privacy Policy for details. No other third-party services are loaded on this site.

9. Children's Privacy

This site is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has submitted data through this site, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. The "Last updated" date at the top of this page will reflect any changes. Continued use of our services after an update constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions, requests, or concerns:

ProStudios Image
12828 Willow Centre Dr, Unit C
Houston, TX 77066
jackie@prostudiosimage.com