Privacy Policy - ImageFeedback

Last updated: August 2025

Learn how ImageFeedback protects your image data and feedback with EU hosting, GDPR compliance, and transparent data practices for photographers, designers, and creative teams.

Overview

ImageFeedback ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our visual feedback platform. We aim to comply with the General Data Protection Regulation (GDPR) and host all data within the European Union.

Lawful Basis for Processing

  • Contract (Art. 6(1)(b) GDPR): to provide the service, authenticate users, store projects/images, and deliver collaboration features.
  • Legitimate Interests (Art. 6(1)(f) GDPR): to improve the platform, prevent abuse, and ensure security.
  • Consent (Art. 6(1)(a) GDPR): for optional communications (e.g., product updates/marketing) where applicable; consent can be withdrawn at any time.

Information We Collect

Personal Information

  • Email address (for account creation and authentication)
  • Name (if provided in feedback comments)
  • IP address and basic device information (for security and abuse prevention)
  • Usage data (e.g., basic event logs) to operate and secure the service

Content Data

  • Images you upload to our platform
  • Project names and descriptions
  • Comments and feedback provided on images
  • Pin locations and associated metadata

How We Use Your Information

  • Provide, operate, and maintain the service
  • Authenticate users and manage accounts
  • Enable sharing and collaboration features
  • Protect against abuse and ensure platform security
  • Improve our platform and user experience
  • Communicate important service updates
  • Comply with legal obligations

Data Storage and Security

EU Hosting

Your data is stored within the European Union. We select EU regions for hosting and storage to support GDPR compliance and data sovereignty.

  • Encryption in transit and at rest
  • Access controls and authentication measures
  • Regular backups stored securely
  • Security monitoring and vulnerability remediation

Data Processors & International Transfers

We use carefully selected service providers acting as data processors. Each processor is bound by a Data Processing Agreement (DPA).

  • Supabase (EU region, e.g., Frankfurt): authentication, database, and storage for user data and uploaded content; covered by a signed DPA.
  • Email service provider (for magic links/notifications): EU-based or protected by Standard Contractual Clauses (SCCs).
  • Hosting/CDN for the web app: EU region where available or protected by SCCs.

If data is accessed from outside the EU/EEA, we rely on appropriate safeguards such as SCCs to ensure an adequate level of protection.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data
  • Object: Object to processing based on legitimate interests

Exercising Your Rights, Deletion & Export

  • You can request account deletion or data export via in‑app settings (if available) or by emailing support@imagefeedback.com.
  • We will respond within 30 days as required by GDPR.

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We may share information only in the following cases:

  • With your explicit consent
  • To comply with legal obligations
  • With service providers operating under DPAs (see above)
  • In case of a business transfer or merger (with prior notice)

Data Retention

We retain personal data only as long as necessary to provide the service and meet legal obligations. Account data is kept until you request deletion. Content data (images, comments) is retained while the associated project exists or until you delete it.

Cookies and Tracking

We use essential cookies (e.g., for authentication and security). We do not use third‑party advertising cookies. You can control cookie settings through your browser.

Contact

Email: support@imagefeedback.com
Data Protection Officer: support@imagefeedback.com
Data Processing Agreement (DPA): For business customers, contact support@imagefeedback.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.