Legal

Privacy Policy

Last updated July 2, 2026

This policy explains what Lensdrop collects, why, and your choices. In plain terms: we are a delivery tool. We store the galleries you upload so your clients can view and download them. We don't sell your data and we never handle your clients' payments.

What we collect

  • Account data: your email and, optionally, your studio name, used to sign you in and brand your galleries.
  • Gallery content: the photos you upload and gallery settings (name, PIN, delivery state).
  • Usage data: basic, optional analytics to improve the product (you control this; see our Cookie Policy).

How we use it

To run the service: store and deliver galleries, authenticate you, send essential emails (sign-in codes, expiry reminders), and improve Lensdrop. We do not sell personal data.

Third-party services we use

We rely on a small set of trusted providers to run Lensdrop. They process data only to provide their service to us, under agreements that limit how it can be used:

  • Supabase: authentication and database (your account and gallery settings).
  • Cloudflare: gallery storage, delivery (CDN), email forwarding, and the AI processing that powers Auto clean-up and Find my photos (see "AI features" below). Photos are processed only to provide these features and are not used to train any AI models.
  • Vercel: application hosting.
  • Upstash: a background job queue and a fast cache that keep gallery processing and delivery responsive (they hold gallery and job data briefly, never your photos).
  • Resend: sending essential and transactional emails.
  • Razorpay: payment processing for customers in India.
  • Polar: our Merchant of Record, which processes payments and billing for customers outside India.
  • PostHog: product analytics and session replay to understand usage and improve Lensdrop. Session replay records your interactions and on-screen content, including images, with form inputs (such as PINs and payment details) masked. It can run anywhere in Lensdrop, including shared gallery pages (where we record only a sample), and loads only if you opt in (see our Cookie Policy).

Some of these providers are based outside your country, so your data may be processed internationally under appropriate safeguards.

Clients

Clients view galleries via a shared link without creating an account. We don't collect client payment information. Lensdrop is never part of the payment between you and your clients.

AI features

Lensdrop includes optional AI tools that process the photos in a gallery to help photographers work faster. This processing runs on our infrastructure (see the providers above). Your photos are not used to train AI models and are never sold.

  • Auto clean-up: an optional tool that scans a gallery's photos to flag shots the photographer would probably drop (blurry, closed eyes, over- or under-exposed, and near-duplicates) so the photographer can review them. It only flags photos; nothing is deleted without the photographer's action.
  • Find my photos: an optional face-search feature, described in the next section.

Find my photos and face data

Find my photos is an optional feature that is off by default and that a photographer turns on for a specific gallery. When it is on, Lensdrop creates a numeric representation (a "face embedding") of the faces in that gallery's photos so a guest can find the photos they appear in. A guest who chooses to use it takes a selfie; we create a temporary embedding of that selfie, compare it only to that gallery, and return the matching photos. Face data is biometric data, and we handle it with care:

  • Consent: the feature is off unless a photographer enables it, and by enabling it the photographer confirms they have the consent of the people in the gallery. A guest uses it only by actively choosing to take a selfie.
  • The selfie is never stored: it is used only to compute a match and is discarded immediately afterwards.
  • Used only within one gallery: embeddings are matched only within the gallery they came from. We do not build a face database across galleries, identify anyone by name, or sell or share face data.
  • Retention: a gallery's face embeddings are deleted as soon as the photographer turns the feature off, and otherwise when the gallery expires or is deleted, along with its photos.
  • Where it's available: because biometric laws differ by region, Find my photos is offered only to gallery visitors in supported regions; elsewhere it appears as coming soon.

If you appear in a gallery that uses this feature and want your face data removed, ask the photographer to turn it off or delete the gallery, or contact us at privacy@lensdrop.app.

Retention

Galleries stay active for their window (currently 6 months), then are archived and permanently deleted 7 days later unless you extend them. You can delete a gallery, and its photos, at any time, which begins purging the stored files right away. Any face embeddings created for Find my photos are deleted at the same time.

Contact

Questions about your data? Email privacy@lensdrop.app.