Privacy Policy

LocateShoot ("we", "us") operates locateshoot.com (the "Service"). This Privacy Policy explains what information we collect when you use the Service, how we use that information, and the choices you have. By using the Service you agree to this Policy.

When you create an account, we collect the email address and password you sign up with. If you choose to fill out your photographer profile, we also collect the name, studio name, photo (logo), bio, and contact links you provide.

When you build your portfolio of locations, you may add: location names, addresses, descriptions, tags, photos, permit notes, and other details about each location. When you create a Location Guide, you may add: the guide name, a message to your client, and your selection of which portfolio locations to include.

When a client opens a Location Guide you sent them and submits a pick, the client provides: their first name, last name, and email address, plus the location(s) they chose. That information is associated with your account so we can email you the result and you can follow up with the client.

If you upgrade to a paid plan, payment is processed by Stripe. Stripe collects your payment information directly — we do not see or store your full card number. We do receive a Stripe customer ID, your subscription status, and your billing email so that we can apply the correct plan to your account.

When you use the Service, our servers automatically log standard request information: your IP address, browser user-agent, the pages you visit, timestamps, and (for clients viewing a Location Guide) approximate session length. We use this for security, debugging, abuse prevention, and to power the "views and time spent" analytics shown to photographers on paid plans.

We use first-party cookies to keep you signed in and to remember your preferences. We do not use third-party advertising or tracking cookies.

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Authenticate you, secure your account, and detect abuse.
• Send transactional emails — sign-up confirmations, password resets, client-pick notifications, billing receipts.
• Show you analytics about how clients are interacting with your Location Guides (paid plans only).
• Respond to support requests and follow up on feedback you submit.
• Process payments and manage subscriptions through Stripe.
• Comply with legal obligations and enforce our Terms of Use.

We do not sell your personal information. We do not use your data to train machine-learning models.

To operate the Service, we share limited data with third-party providers who process it on our behalf:

• Supabase — database and authentication. Stores your account, profile, portfolio, Location Guides, and client picks.
• Vercel — application hosting. Processes web requests and serves the Service.
• Stripe — payments. Receives only the payment data you submit during checkout, plus the customer-billing-email and subscription metadata needed to keep your plan in sync.
• Resend — transactional email delivery. Receives recipient addresses and email content for the messages we send on your behalf.
• Cloudflare / Vercel CDN — caching and DDoS mitigation. May log request metadata (IP, user-agent, URL) for security purposes.

Each of these providers has its own privacy practices and is bound by its own data-processing terms. We use commercially reasonable efforts to choose providers with strong security postures.

Some content you create is intended to be shared publicly. Specifically: when you generate a Location Guide link and share it with a client, anyone with that link can view the locations on that guide. If you have a custom domain configured, the guide is also reachable from that domain. Do not share Location Guide links on public channels (social media, blog posts) unless you intend the contents to be public.

Locations you contribute to the public "Explore" map are visible to all signed-in photographers. Locations you keep in your private portfolio are visible only to you and to clients you specifically share with.

We keep your account data for as long as your account is active. If you delete your account, we delete your profile, portfolio, Location Guides, client-pick records, and uploaded photos within 30 days, except where we are required by law to retain certain records (for example, payment records for tax purposes).

Server logs are kept for up to 90 days for security and debugging. Backups may persist for up to 30 days after deletion before being overwritten.

Depending on where you live, you may have rights under privacy laws like the GDPR (Europe), CCPA / CPRA (California), and similar regulations. These typically include the right to:

• Access the personal information we hold about you.
• Correct or update inaccurate information.
• Delete your information (subject to legal-retention obligations).
• Object to or restrict certain processing.
• Receive a portable copy of your data.
• Withdraw consent for processing that relies on consent.

To exercise any of these rights, email privacy@locateshoot.com. We'll respond within 30 days. We may need to verify your identity before fulfilling certain requests.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

We use industry-standard practices to protect your information — encrypted connections (HTTPS), at-rest encryption with our database provider, scoped access controls, and routine security audits. No system is perfectly secure, however, and we cannot guarantee that unauthorized access will never occur. You are responsible for keeping your password confidential.

Our service providers may process and store your information in the United States or other countries that may have different data-protection laws than your home country. By using the Service you consent to those transfers.

The Service is currently in beta testing. During the beta, we may collect additional diagnostic information (error logs, feature usage) to identify and fix issues. We may also contact you for follow-up about feedback you submit. Anything submitted through the Feedback button may be used to improve the Service. The Service's features, pricing, and data-handling practices may change as we move out of beta — we will update this Policy and notify you of material changes.

We may update this Policy from time to time. If we make material changes, we will notify you via email or via a prominent notice on the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

Questions about this Policy or about how we handle your data: privacy@locateshoot.com.