Privacy Policy
Last updated: March 7, 2026
Lensdrop ("we", "us", "our") operates the lensdrop.app platform. This policy explains how we collect, use, and protect your personal data when you use our service. It applies to all users worldwide, including those in the European Economic Area (EEA), United Kingdom (UK), and India.
Data Controller
Lensdrop is the data controller responsible for your personal data. If you have questions about how your data is processed, contact us at hello@lensdrop.app.
Information We Collect
Sign-in with Google
When you sign in with Google, we receive your name, email address, and (optionally) profile picture solely to create and manage your Lensdrop account. We do not access your Gmail messages, Google Drive files, contacts, or any other Google data. You can revoke access at any time from your Google account settings.
Account Information
When you create a studio account, we collect your name, email address, studio name, and phone number. This information is necessary to provide our services.
Photos and Event Data
We store photos you upload, event details you create, and client selection data. This content belongs to you and is stored securely on our servers.
Usage Data
We automatically collect basic usage information such as pages visited, features used, browser type, and device information to improve our service. This data is collected in aggregate and is not used to identify individual users.
Legal Basis for Processing (GDPR)
If you are in the EEA or UK, we process your personal data under the following legal bases:
- Contractual necessity — To provide the Lensdrop service, manage your account, process payments, and deliver photos (Article 6(1)(b) GDPR)
- Legitimate interest — To improve our service, prevent fraud, and ensure security (Article 6(1)(f) GDPR)
- Consent — For optional analytics cookies and marketing communications, which you can withdraw at any time (Article 6(1)(a) GDPR)
- Legal obligation — To comply with applicable laws, such as tax and accounting requirements (Article 6(1)(c) GDPR)
How We Use Your Information
- To provide and maintain the Lensdrop platform
- To manage your account and subscriptions
- To send service-related notifications (event updates, client selections)
- To improve our product based on aggregated usage patterns
- To respond to support requests
- To comply with legal obligations
Data Storage, Security, and International Transfers
Your data is stored on servers provided by Supabase (US), Vercel (US/Global CDN), and Upstash (US). Photos are stored in encrypted cloud storage. We use industry-standard security practices including encryption in transit (TLS) and at rest, row-level security policies, and regular security reviews.
If you are located in the EEA, UK, or other regions with data transfer restrictions, your personal data may be transferred to and processed in countries outside your jurisdiction (including the United States). We ensure appropriate safeguards are in place for these transfers, including reliance on the service providers' Standard Contractual Clauses (SCCs) and other approved transfer mechanisms.
Sub-processors
We use the following third-party service providers to operate Lensdrop:
- Supabase — Database, authentication, and file storage (US)
- Vercel — Application hosting and CDN (US/Global)
- Upstash — Rate limiting and caching (US)
- Razorpay — Payment processing (India)
- Resend — Transactional email delivery (US)
Each provider processes data only as necessary to deliver their service and is bound by their own privacy and security commitments.
Data Sharing
We do not sell, rent, or trade your personal data. We share information only with the sub-processors listed above as necessary to operate the platform, and when required by law or to protect our legal rights.
Data Retention
Photos and event data are retained according to your plan's retention period (14 to 90 days after event archival). Account information is retained as long as your account is active. After account deletion, we remove your personal data within 30 days, except where we are required by law to retain it (e.g. billing records for tax purposes, which may be retained for up to 7 years).
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate or incomplete data
- Erasure — Request deletion of your personal data ("right to be forgotten")
- Restriction — Request that we limit the processing of your data
- Portability — Request your data in a structured, machine-readable format
- Objection — Object to processing based on legitimate interests
- Withdraw consent — Withdraw consent for optional data processing at any time, without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, contact us at hello@lensdrop.app. We will respond within 30 days (or within the timeframe required by applicable law).
Right to Lodge a Complaint
If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully. If you are in India, you may contact the Data Protection Board of India.
Children's Privacy
Lensdrop is not intended for use by individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email and update the "Last updated" date above. Continued use of the service after changes constitutes acceptance, except where consent is required by law.
Contact
For questions about this policy or to exercise your data rights, contact us at hello@lensdrop.app.