Privacy Policy

Account information: When you register, we collect your name, email address, and (if using email/password auth) a hashed password. If you sign in via Google or Apple OAuth, we receive your name, email, and profile picture from those providers.

Content you upload: Photos, videos, and associated metadata (EXIF data including GPS coordinates, camera model, capture time). We store this content securely on your behalf.

Trip and context data: Flight itineraries, hotel stays, restaurant visits, lounge visits, and event details that you manually add to the Context Builder.

Usage data: Log files, feature usage, search queries (including NLP queries and resolved query chips), session duration, and error reports. This data is used to improve the Service and is not linked to specific content items.

Payment information: If you subscribe to a paid plan, payment is processed by our payment provider (Stripe). We do not store full card numbers. We receive and store the last four digits, card brand, and expiry date for display purposes.

Device and technical data: IP address, browser type, operating system, and device identifiers, collected automatically when you use the Service.

We use the information we collect to:

• Provide, operate, and improve the Service, including AI quality scoring, duplicate detection, and NLP search
• Process payments and manage your subscription
• Send transactional emails (account verification, password resets, billing receipts)
• Send product updates and announcements — you can unsubscribe at any time
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service
• Respond to your support requests

We do not: sell your personal data to third parties, use your photos to train AI models without your explicit opt-in consent, or serve you advertisements based on your content.

Fotante uses AI to provide features including quality scoring, duplicate detection, face recognition, natural language search, and content safety scanning. Here is how each feature uses your data:

• AI Quality Scoring: Images are processed locally in a background worker that extracts sharpness, exposure, noise, and resolution metrics. The image pixel data is not sent to external AI providers for this feature.
• Natural Language Search: Your search query text (not the images themselves) is sent to an AI language model API (e.g., Anthropic Claude or OpenAI) to extract structured search filters. Query text may be retained by those providers per their own data retention policies. We recommend reviewing Anthropic's Privacy Policy and OpenAI's Privacy Policy.
• Duplicate Detection: Perceptual hashes (compact numeric fingerprints) are computed from your images and compared. Raw pixel data is not shared or stored for this purpose.
• Face Recognition (Pro plan): When you enable face recognition, we compute face embedding vectors (compact numeric representations) from photos in your library and store them alongside your content in your private library. These embeddings are used solely to cluster photos by person within your account. Face embeddings are never shared with other users or sold to third parties. You can delete all face data from Account Settings at any time, which removes all stored embeddings from our systems within 24 hours.
• Content Safety Scanning: All uploaded content is checked against known Child Sexual Abuse Material (CSAM) hash databases (including NCMEC's PhotoDNA database). This scanning is mandatory and cannot be disabled. No images are transmitted to third parties for this purpose — only cryptographic hashes derived from your images are compared. Matches are reported to NCMEC as required by law. Additionally, AI classifiers run locally to detect potentially illegal content involving minors.
• Trip Auto-grouping and Memories: Timestamps, GPS coordinates, and contextual data are processed on our servers to cluster photos into trips and generate memory highlights. This processing stays within your account and is not used to train shared models without your explicit opt-in consent.

We share personal information only in the following circumstances:

• Service providers: We work with third-party vendors (cloud hosting, payment processing, email delivery, error monitoring) under data processing agreements that restrict how they may use your data.
• Shared exports: When you create a shared trip link, the watermarked content is accessible to anyone with that link. PIN-protected downloads are accessible to recipients who enter the correct PIN. You control who receives these links.
• Legal requirements: We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Fotante, our users, or the public.
• Business transfers: If Fotante is acquired or merged, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We do not share, sell, rent, or trade your personal information with third parties for their commercial purposes.

We retain your personal information and content for as long as your account is active. If you close your account:

• Your content (photos, videos) is deleted from our systems within 30 days
• Your account data (name, email, preferences) is deleted within 30 days
• Billing records are retained for 7 years to comply with financial regulations
• Anonymised aggregate usage analytics may be retained indefinitely

You may export all your content and data at any time from Account Settings before closing your account.

We implement the following security measures to protect your data:

• Encryption in transit (TLS 1.3) for all data transferred between your device and our servers
• Encryption at rest for stored content and database records
• Bcrypt hashing (cost factor 12) for passwords; we cannot recover your password
• PIN hashing for secure export PINs; Fotante staff cannot view your PINs
• Access controls limiting employee access to personal data to those who need it
• Regular security reviews and dependency audits

Despite these measures, no method of electronic storage or transmission is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

We use the following types of cookies and similar technologies:

• Essential cookies: Session tokens and authentication cookies required to operate the Service. You cannot opt out of these while using the Service.
• Preference cookies: Store your UI preferences (theme, view mode, sort order).
• Analytics cookies: We may use privacy-respecting analytics (e.g., Plausible Analytics or self-hosted Umami) to understand how the Service is used. These do not track you across other websites.

We do not use advertising or cross-site tracking cookies. We do not integrate third-party advertising networks.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request that we limit how we process your data
• Objection: Object to processing of your data for certain purposes

To exercise any of these rights, contact us at privacy@fotante.com. We will respond within 30 days. Most actions (data export, account deletion) can be performed directly from Account Settings.

If you are located in the European Economic Area (EEA), UK, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively. We are committed to compliance with these regulations.

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16 without parental consent, we will delete it promptly. If you believe we may have collected such information, contact us at privacy@fotante.com.

Fotante has a zero-tolerance policy for Child Sexual Abuse Material (CSAM). All uploaded content is automatically scanned using cryptographic hash-matching against known CSAM databases, including NCMEC's PhotoDNA database. No image data is transmitted to third parties for this scanning — only mathematical fingerprints derived from images are compared against known illegal content hashes. Confirmed CSAM is removed immediately, the account is permanently terminated, and a report is filed with NCMEC's CyberTipline as required by 18 U.S.C. § 2258A.

To report suspected CSAM or child exploitation content, email trust@fotante.com or report directly to NCMEC's CyberTipline.

Fotante is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For users in the EEA and UK, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms when transferring personal data outside the EEA/UK.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those services and encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the Service at least 30 days before changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.

For questions, concerns, or to exercise your privacy rights: