How PhotoBrief handles customer photo intake data.

PhotoBrief.ai is operated by Patrick Ryan Berthiaume ("PhotoBrief", "we", "us", "our"). For the personal data described in this policy, Patrick Ryan Berthiaume acts as the data controller and decides how and why personal data is processed.

You can contact us at hello@photobrief.ai for any privacy-related question, including requests to access, correct, export, or delete your data.

PhotoBrief.ai helps businesses create guided photo requests and receive customer submissions in a structured brief. That means we handle account information, business workspace information, customer contact details entered by a business, request links, uploaded photos, answers, notes, and related activity records.

We use this information to provide the product, secure accounts, route requests, support customers, improve the service, and communicate about PhotoBrief.

Account and workspace information, such as name, email address, business name, workspace settings, plan information, and team membership.

Request and recipient information, such as customer names, email addresses, phone numbers, request messages, PhotoBrief links, guide templates, uploaded photos, answers, and submission metadata.

Usage and device information, such as pages viewed, actions taken, browser/device details, approximate location derived from IP address, log data, and diagnostic information.

Payment information (card details, billing address, tax identifiers) is collected and processed directly by our Merchant of Record, Paddle.com Market Limited ("Paddle"). PhotoBrief does not store full payment card numbers — we only receive limited transaction metadata (such as plan, status, last four digits, and country) needed to provision your subscription.

To create, send, display, organize, and review PhotoBrief requests and submissions.

To operate account login, workspace access, billing, support, analytics, abuse prevention, and security monitoring.

To improve templates, onboarding, product flows, and reliability. When we use examples for internal improvement, we aim to limit access and avoid unnecessary exposure of customer content.

To send transactional messages, product updates, support responses, security notices, and billing notices.

Businesses are responsible for choosing what they request from their customers and for having the rights, permissions, or consent needed to collect that information.

Recipients should not upload sensitive information unless the business has specifically requested it and has a lawful reason to collect it. PhotoBrief is designed for practical photo intake, not for collecting highly sensitive personal records.

We may process uploaded photos, answers, and request context to generate simple checks, summaries, or review signals for the business. These outputs are meant to assist review, not replace human judgment.

Where applicable law (such as UK/EU GDPR) requires a legal basis to process personal data, we rely on: (a) performance of a contract — to provide PhotoBrief to you and your workspace; (b) legitimate interests — to secure, improve, support, and market the service in a proportionate way; (c) consent — where you have given it (for example, optional marketing emails or non-essential cookies); and (d) legal obligation — to meet tax, accounting, security, and law-enforcement requirements.

You can withdraw consent at any time where consent is the legal basis, without affecting the lawfulness of prior processing.

We share information with service providers (sub-processors) that help us host, secure, analyze, support, and communicate for PhotoBrief — including cloud hosting, database, email/SMS delivery, analytics, and customer support tooling.

We share order, billing, tax, and contact information with our Merchant of Record, Paddle.com Market Limited ("Paddle"), so that Paddle can process payments, handle subscription billing, calculate and remit sales tax/VAT, issue invoices, and manage refunds and chargebacks. Paddle acts as an independent controller for the personal data it processes for these purposes. Paddle's privacy notice is available at https://www.paddle.com/legal/privacy.

We may share information with professional advisers (legal, accounting), and when required by law, to protect rights and safety, to prevent abuse, or as part of a business transaction such as a merger, financing, acquisition, or sale of assets.

We do not sell customer conversations, request content, or uploaded photos to advertisers.

We keep information for as long as needed to provide PhotoBrief, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business needs.

Businesses may delete or archive requests, customers, and submissions through the product where supported. Some records may remain in backups, logs, billing records, or audit trails for a limited period.

We use reasonable administrative, technical, and organizational safeguards designed to protect PhotoBrief data. No internet service can guarantee perfect security, so businesses should use strong passwords, limit team access, and avoid requesting unnecessary sensitive information.

You can update account and workspace information in the product, unsubscribe from non-essential emails where available, and contact us about access, correction, export, deletion, or privacy questions.

Some requests may need to be handled by the business that collected the information, especially where PhotoBrief acts as a service provider for that business.

We may update this Privacy Policy as PhotoBrief changes. If changes are material, we will take reasonable steps to notify users, such as updating the effective date or providing an in-app or email notice.