Privacy Policy

1. Introduction

Protecting your personal data is important to us. This Privacy Policy explains how we collect, use, and protect your personal data when you use Photoglacier.

2. Data Controller

The data controller responsible for processing your data under the General Data Protection Regulation (GDPR) is:

Franz Kuben nord3 digital e.U. Rottal 33 3874 Haugschlag Austria

Email: hello@photoglacier.com Phone: +43 664 5031505

3. Data We Collect

3.1 Account Data

When you register and use Photoglacier, we collect:

• Name
• Email address

3.2 Payment Data

For paid subscriptions, we additionally collect:

• Billing address
• Payment information (processed directly by our payment provider Stripe)

3.3 Usage Data

When using our platform, the following data is processed:

• Uploaded photos and associated metadata
• Gallery settings and configurations
• Interactions between photographers and clients within the platform

3.4 Technical Data

Each time you access our website, the following data is automatically collected:

• IP address (anonymized)
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL

4. Legal Basis for Processing

We process your data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): To provide our services and process payments
• Legitimate Interests (Art. 6(1)(f) GDPR): To ensure the security and functionality of our platform
• Consent (Art. 6(1)(a) GDPR): For optional analytics to improve our services
• Legal Obligation (Art. 6(1)(c) GDPR): To retain invoices and payment data in compliance with Austrian tax law

5. Data Processors and Third Parties

We use the following service providers to deliver our services:

5.1 Stripe (Payment Processing)

We use Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to process payments. Stripe processes your payment data directly and acts as an independent data controller for this data. For more information, see Stripe’s Privacy Policy.

5.2 PostHog (Analytics)

We use PostHog for product analytics to improve our services. PostHog is only activated with your explicit consent. PostHog EU hosts data within the European Union. For more information, see PostHog’s Privacy Policy.

5.3 Hetzner (Hosting and File Storage)

Our platform is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Your uploaded photos are also stored on Hetzner Object Storage within the European Union. Hetzner processes data exclusively within the European Union. For more information, see Hetzner’s Privacy Policy.

5.4 Sentry (Error Monitoring)

We use Sentry (Functional Software, Inc.) to detect and fix technical errors. Sentry processes technical error data that does not contain direct personal information, to improve the stability of our platform. For more information, see Sentry’s Privacy Policy.

5.5 Let’s Encrypt (SSL Certificates)

For encryption of custom domains, we use SSL certificates from Let’s Encrypt (Internet Security Research Group). When certificates are issued, domain names are logged in public Certificate Transparency Logs. For more information, see Let’s Encrypt’s Privacy Policy.

5.6 Mailjet (Email Delivery)

We use Mailjet (Mailgun Technologies, Inc. / Sinch), a service of Sinch, to send transactional emails such as account confirmations, password resets, and notifications. Mailjet processes your email address and the content of the email on our behalf. Data is processed within the European Union. For more information, see Mailjet’s Privacy Policy.

6. Gallery Visitors

6.1 Data Controller

When you visit a photo gallery that a photographer provides through Photoglacier, the photographer is the data controller responsible for processing your data. Photoglacier acts as a data processor on behalf of the photographer.

6.2 Photographer’s Legal Notice and Privacy Policy

Photographers can add their own legal notice (Impressum) and privacy policy in their account settings. These are displayed in the footer of their galleries. For questions about data processing in connection with a specific gallery, please contact the respective photographer via the contact information provided there.

6.3 Data Collected from Gallery Visitors

When visiting a gallery, the following data is processed:

• Technical data: IP address (anonymized), browser type, access time
• Analytical data: Page views and interactions (anonymized, only with photographer’s opt-in)

6.4 Data on Download or Registration

If you download photos or register with a gallery, your email address is collected and provided to the photographer. The photographer is responsible for any further processing of this data.

7. Data Retention and Deletion

7.1 Account Data and Content

When you cancel your paid plan, your account reverts to the Free plan. If your content is within the Free plan limit (currently 5 GB), your data is retained and your galleries remain fully functional. Content exceeding the Free plan limit may be deleted after a prolonged period of inactivity — you will be notified multiple times by email before any deletion. When you explicitly delete your account via the account settings, a 7-day grace period begins during which you can reverse the deletion. After the grace period, all account data and uploaded content are permanently deleted, and you receive a confirmation email.

7.2 Payment and Invoice Data

Invoices and related payment data are retained for seven years after the end of the fiscal year in accordance with Austrian tax law retention requirements (§ 132 BAO).

8. Your Rights

Under the GDPR, you have the following rights:

• Right of Access (Art. 15 GDPR): You can request information about your data stored with us.
• Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate data.
• Right to Erasure (Art. 17 GDPR): You can request deletion of your data, unless legal retention obligations apply.
• Right to Restriction of Processing (Art. 18 GDPR): You can request restriction of processing under certain conditions.
• Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, commonly used format.
• Right to Object (Art. 21 GDPR): You can object to the processing of your data.
• Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw any given consent at any time.

To exercise your rights, please contact us at hello@photoglacier.com.

Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde) Barichgasse 40-42 1030 Vienna, Austria Email: dsb@dsb.gv.at Website: https://www.dsb.gv.at

9. Cookies

9.1 Essential Cookies

We use technically necessary cookies required for the operation of the website (e.g., session cookies for login). These cookies are set based on our legitimate interest (Art. 6(1)(f) GDPR).

9.2 Analytics Cookies

Analytics cookies (PostHog) are only set with your explicit consent. You can withdraw your consent at any time in the cookie settings.

10. Data Security

We implement technical and organizational measures to protect your data from unauthorized access, loss, or misuse. Data transmission is encrypted via HTTPS.

11. International Data Transfers

All service providers we use process your data within the European Union. No transfers to third countries take place.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as needed to reflect changes in legal requirements or our services. The current version is always available on our website.

13. Contact

For questions about data protection, please contact us at:

Email: hello@photoglacier.com