Privacy Policy
Last Updated: October 23, 2025
We take your privacy seriously. This policy explains how we collect, use, and protect your personal information.
1. Information We Collect
1.1 Photographer Information
When you create a photographer account, we collect:
- Account Information: Name, email address, phone number, password
- Business Information: Business name, photography specialization
- Payment Information: Square account connection (OAuth tokens)
- Subscription Data: Plan type, billing history, subscription status
1.2 Client Booking Information
When clients book sessions through MiniShoots, we collect:
- Contact Information: Name, email address, phone number
- Booking Details: Session date, time, location preferences
- Payment Information: Processed and stored by Square (we do not store credit card numbers)
- Communication Preferences: SMS consent, email preferences
1.3 Automatically Collected Information
- Device Information: Device type, operating system, app version
- Usage Data: Features used, booking activity, session duration
- Error Logs: Crash reports and error tracking via Sentry
- IP Address: For security and fraud prevention
2. How We Use Your Information
2.1 To Provide the Service
- Create and manage photographer accounts
- Process bookings and payments
- Send booking confirmations and reminders
- Enable communication between photographers and clients
- Manage subscriptions and billing
2.2 To Improve the Service
- Analyze usage patterns to improve features
- Monitor and fix technical issues
- Develop new features based on user needs
- Conduct research and analytics
2.3 To Communicate With You
- Send service-related notifications
- Respond to support requests
- Send important updates about the service
- Provide marketing communications (with your consent)
2.4 For Legal and Security Purposes
- Prevent fraud and abuse
- Comply with legal obligations
- Enforce our Terms of Service
- Protect user safety and security
3. Information Sharing
3.1 With Service Providers
We share data with trusted third-party providers who help us operate the service:
| Service |
Purpose |
Data Shared |
| Square |
Payment processing |
Payment details, booking information |
| Twilio |
SMS notifications |
Phone numbers, message content |
| Resend |
Email delivery |
Email addresses, message content |
| Sentry |
Error tracking |
Error logs, device information |
| Neon (PostgreSQL) |
Database hosting |
All application data |
| Apple |
In-app subscriptions |
Subscription status, purchase receipts |
3.2 With Photographers
Client booking information is shared with the photographer who is providing the service. This includes name, contact information, and booking details.
3.3 Legal Requirements
We may disclose information if required by law, subpoena, or to protect our rights and safety.
3.4 Business Transfers
If MiniShoots is acquired or merged, your information may be transferred to the new owner.
4. Data Security
We implement industry-standard security measures:
- Encryption: Data in transit uses TLS/SSL encryption
- Authentication: Secure password hashing with bcrypt
- Access Controls: Limited employee access to personal data
- Regular Monitoring: Security audits and vulnerability scanning
- Database Security: PostgreSQL with encrypted connections
5. Data Retention
- Active Accounts: Data retained while account is active
- Deleted Accounts: Data deleted within 90 days of account deletion
- Legal Requirements: Some data retained longer for legal/tax purposes
- Backups: Backup data retained for up to 30 days
6. Your Rights
6.1 Access and Control
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your data
- Portability: Export your data in a portable format
- Opt-Out: Unsubscribe from marketing communications
6.2 SMS Opt-Out
Clients can opt out of SMS notifications at any time by replying "STOP" to any SMS from MiniShoots. This will not affect email notifications or the ability to book sessions.
6.3 Do Not Track
Our service does not currently respond to Do Not Track browser signals.
7. Children's Privacy
MiniShoots is not intended for users under 13 years old. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.
8. International Users
MiniShoots is based in the United States. By using the service, you consent to the transfer and processing of your data in the United States.
9. California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of sale of personal information (we do not sell data)
- Right to deletion of personal information
- Right to non-discrimination for exercising privacy rights
10. GDPR Rights (European Users)
If you are in the European Economic Area, you have rights under GDPR:
- Right to access personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
11. Cookies and Tracking
We use minimal cookies and tracking:
- Essential Cookies: Required for authentication and security
- Analytics: Sentry for error tracking and performance monitoring
- No Advertising Cookies: We do not use advertising or marketing cookies
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.
13. Contact Us
For privacy-related questions or to exercise your rights, contact us at:
Questions about your privacy? We're here to help. Contact us anytime at privacy@minishoots.com