Privacy Policy

We collect the following categories of personal information:

Contact & identity data

• Your name, email address, and phone number — provided when you submit an inquiry, complete a booking, fill out an intake form, or create a client portal account.
• Session type, preferred shoot date, location, and package selection — provided when inquiring or booking a session.

Account credentials

• Email address and password used to log in to the client portal. Passwords are hashed and never stored in plain text.

Project & session data

• Shoot dates, notes, questionnaire responses, package details, and other information you share with us in connection with your photography session.

Photos & media

• Images associated with your photography session, uploaded and stored on your behalf.
• Photos you favorite or flag within your gallery.

Communications

• Messages sent through the client portal inbox.
• SMS messages sent to and received from you (if you have opted in to text notifications).
• Re-edit requests, including notes and photo selections you submit.
• Visitor name, email, and messages submitted through the live chat widget on our website (no account required).

Contract & signature data

• Signed agreements including your typed or drawn signature, signer name, the timestamp of signing, and your IP address at the time of signing.

Payment & print order data

• Invoice amounts, payment status, and payment history. Card numbers are processed directly by Stripe and are never stored on our servers.
• Print order details including product selections, quantities, finishes, and shipping address — transmitted to our print lab partner (WHCC) to fulfill your order.

SMS consent data

• Whether you have opted in to SMS notifications, the date and method of consent, and your opt-out status.

Usage & technical data

• Basic technical information such as browser type, device type, and pages visited, collected automatically to ensure our services function correctly.

We use the information we collect to:

• Deliver photography services and provide you with access to your galleries, contracts, invoices, and session materials.
• Communicate with you about your session, gallery delivery, re-edit requests, and project status via email and SMS (where consented).
• Process payments and print orders securely.
• Send transactional emails such as gallery notifications, contract confirmations, invoice notices, and booking confirmations. You cannot opt out of strictly necessary service emails.
• Fulfill print orders by sharing necessary order details with our print lab partner (WHCC).
• Respond to inquiries submitted via our booking page, inquiry forms, or live chat.
• Maintain accurate business records as required by law.
• Improve our portal and overall client experience.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

With your explicit consent, Jeron Osg Media may send you text message (SMS) notifications about your photography session, gallery delivery, re-edit requests, appointment reminders, and other service-related updates. Participation in our SMS program is entirely optional and is not a condition of booking services.

• How to opt in: Check the SMS opt-in box on our intake form, or enable SMS notifications in your client portal profile.
• Message frequency: Message frequency varies. You may receive up to a few messages per month depending on your session activity.
• Rates: Message and data rates may apply depending on your mobile carrier and plan.
• To opt out: Reply STOP to any text message at any time. You will receive a one-time confirmation and no further messages will be sent. You may also disable SMS in your client portal profile.
• For help: Reply HELP to any text message or contact us at contact@jeronosg.com.
• Your phone number is used solely to deliver session-related notifications and is never sold or shared with third parties for marketing.

We use Bird (formerly MessageBird) to deliver SMS messages on our behalf. Bird Privacy Policy.

We send transactional and service-related emails through Resend. These include gallery delivery notifications, invoice reminders, contract confirmations, booking confirmations, and occasional announcements about your project.

Some emails we send — particularly broadcast announcements — may include a standard tracking pixel that tells us whether the email was opened and approximately when. This helps us understand whether important communications are reaching you. We do not use email tracking for advertising or share open data with third parties.

You cannot opt out of transactional service emails (e.g., invoice sent, gallery ready), as these are necessary to deliver the services you have engaged us for.

Photos from your session are stored securely in Cloudflare R2 and are accessible only via short-lived, signed URLs. Your gallery is private by default and accessible only to you (and anyone you share the gallery link or password with).

If you and we have agreed that photos from your session may be used for portfolio purposes, selected images may be displayed on our public portfolio page. We will not display your photos publicly without your consent.

Photo delivery links expire after the retention period agreed upon at the time of your session. You will be notified in advance before a gallery is removed.

We use a limited set of trusted third-party providers to operate our services. Each provider is bound by its own privacy policy and applicable data protection law:

• Supabase — database, authentication, and file storage infrastructure. All client data is stored in secured, encrypted databases. Supabase Privacy Policy.
• Stripe — payment processing for invoices and print orders. We never see or store your full card number. Stripe Privacy Policy.
• Resend — transactional and broadcast email delivery. Resend Privacy Policy.
• Cloudflare R2 — secure cloud storage for your photos and media files. Files are not publicly accessible without a signed URL. Cloudflare Privacy Policy.
• Bird (MessageBird) — SMS message delivery and inbound message handling for text notifications. Bird Privacy Policy.
• WHCC (White House Custom Colour) — print lab that fulfills physical print orders. Your shipping address and order details are shared with WHCC solely to process and ship your order. WHCC Privacy Policy.
• Dropbox Sign — electronic signature platform used to send and collect signatures on photography contracts (where applicable). Dropbox Sign Privacy Policy.

No other third parties have access to your personal data unless required by law.

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Specifically:

• Client account data and project history are retained for the duration of our business relationship and for a reasonable period thereafter for record-keeping purposes.
• Photos are retained according to the delivery terms agreed upon at the time of your session. You will be notified before any gallery is removed.
• Payment and invoice records are retained as required by tax and accounting law (typically 7 years).
• Signed contracts are retained for the period required by applicable law or for the duration of any warranty or dispute window.
• SMS consent records are retained to demonstrate compliance with applicable messaging regulations.
• You may request deletion of your account and personal data at any time (see Section 9).

We use cookies and session storage only as required to operate our services:

• Authentication cookies — set by our authentication provider (Supabase) to keep you securely logged in to the client portal. These are session cookies and expire when you log out or close your browser.
• OAuth state cookie — a short-lived security cookie (15 minutes) used during the Adobe Lightroom connection flow to prevent cross-site request forgery. This is an internal, admin-only process.
• Chat session storage — a temporary browser session identifier used by the live chat widget to associate your messages within a single browsing session. This is stored in your browser's session storage and is deleted when you close the tab.

We do not use advertising cookies, tracking pixels (outside of transactional email opens described in Section 4), or cross-site analytics. Disabling cookies will prevent you from logging in to the client portal.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that inaccurate data be corrected. You can update your name and phone number directly in your client portal profile.
• Deletion — request that your personal data be deleted. Note that we may be required to retain certain records (e.g., signed contracts, payment records) for legal or accounting purposes.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to certain types of processing of your personal data.
• SMS opt-out — reply STOP to any text message or disable SMS in your portal profile at any time.

To exercise any of these rights, contact us at contact@jeronosg.com. We will respond within 30 days.

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. These include:

• Encrypted data storage and secure HTTPS connections on all pages.
• Hashed passwords — we never store your password in plain text.
• Short-lived, signed URLs for all photo access — photos are not publicly browseable.
• Row-level security policies on the database — client data is isolated per account.
• Access controls that limit which staff can view client data.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Our portal and services are not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information without parental consent, please contact us at contact@jeronosg.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal requirements. When we do, we will revise the “Last updated” date at the top of this page. Continued use of our services after changes are posted constitutes your acceptance of the updated policy. For material changes, we will notify you by email.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Jeron Osg Media
contact@jeronosg.com

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.