Privacy Policy

Your privacy is our foundation. Here's exactly how we protect your photos and personal information.

Last Updated: June 15, 2025

The Short Version

We don't look at your photos

Your photos are stored securely and only accessed when you or people you authorize view them.

We don't sell your data

We make money from subscriptions, not by selling your information to advertisers.

No AI training on your photos

We never use your photos to train AI models or for any automated analysis.

Automatic deletion works

When you set expiry dates or delete content, it's immediately and permanently removed.

Quick Navigation

1. Information We Collect

Account Information

When you sign in with Google, we collect:

  • Basic profile information: Your name, email address, and profile picture from your Google account
  • Google account ID: A unique identifier to link your account
  • Authentication tokens: Secure tokens to verify your identity
Note: We only request access to basic profile information. We cannot access your Gmail, Google Drive, or other Google services.

Photos and Media

When you upload content to Guarded Gallery:

  • Original files: Photos and videos you choose to upload
  • Metadata: File size, format, and upload date (we strip location data and other sensitive metadata)
  • Thumbnails: Automatically generated preview images for faster loading

Usage Information

To improve our service and ensure security:

  • Access logs: When albums are viewed and by whom (for sharing analytics)
  • Device information: Browser type and version for compatibility
  • IP addresses: For security monitoring and abuse prevention
  • Session data: To keep you logged in securely

2. How We Use Your Information

Service Operation

  • Display your photos to you and people you authorize
  • Generate thumbnails for faster loading
  • Manage album sharing and permissions
  • Enforce expiry dates and access controls

Security & Safety

  • Monitor for unauthorized access attempts
  • Prevent spam and abuse
  • Maintain system security and integrity
  • Comply with legal requirements when necessary

Communication

  • Send album sharing invitations
  • Notify you of important account changes
  • Provide customer support
  • Send service updates (you can opt out of non-essential emails)

What We DON'T Do

  • We don't analyze your photos for content or objects
  • We don't use your photos to train AI or machine learning models
  • We don't sell your information to advertisers or third parties
  • We don't show you advertisements based on your photos
  • We don't share your photos with anyone except people you explicitly authorize

3. Photo Storage & Security

Storage Infrastructure

Your photos are stored on Amazon Web Services (AWS) S3, which provides:

  • Encryption at rest: All files encrypted using AES-256
  • Encryption in transit: All data transfers use TLS/SSL
  • Private buckets: Your original photos are never publicly accessible
  • Geographic redundancy: Multiple backup copies for reliability

Access Controls

We implement multiple layers of security:

  • Signed URLs: Temporary, secure links that expire automatically
  • Token-based access: Unique tokens for each sharing session
  • Permission verification: Every access request is verified against your settings
  • Audit logging: Complete records of who accessed what and when

Application Security

Our platform is built with security best practices:

  • Regular security updates: All systems kept current with security patches
  • Secure coding practices: Input validation, SQL injection prevention, XSS protection
  • Limited access: Only essential personnel have access to production systems
  • Security monitoring: 24/7 monitoring for suspicious activity

4. Sharing & Permissions

Privacy Isolation Guarantee

We guarantee that:

  • Viewers cannot see who else has access to an album
  • Viewers cannot see photos uploaded by other viewers (unless you specifically allow it)
  • Album access tokens are unique and cannot be shared or transferred
  • Expired or revoked access is immediately and permanently blocked

5. Data Retention & Deletion

Your Photos

  • Active albums: Stored as long as your account is active
  • Deleted albums: Permanently deleted within 30 days
  • Expired shares: Access immediately revoked, but photos remain in your account
  • Account deletion: All photos permanently deleted within 30 days

Account Information

  • Profile data: Kept as long as your account is active
  • Access logs: Retained for 90 days for security purposes
  • Billing information: Retained for 7 years for tax and legal compliance
  • Support communications: Retained for 2 years to improve service

How Deletion Works

When you delete content or close your account:

  1. Immediate removal: Content becomes immediately inaccessible
  2. Backup purging: All backup copies are identified and queued for deletion
  3. Complete erasure: All copies are permanently overwritten within 30 days
  4. Verification: We verify complete deletion and can provide confirmation

6. Third-Party Services

Google OAuth

Purpose: User authentication and account creation

Data shared: Basic profile information (name, email, profile picture)

Their privacy policy: Google Privacy Policy

Amazon Web Services (AWS)

Purpose: Secure photo storage and content delivery

Data shared: Your uploaded photos and generated thumbnails

Their privacy policy: AWS Privacy Notice

Resend (Email Service)

Purpose: Sending album sharing invitations and notifications

Data shared: Email addresses and basic message content

Their privacy policy: Resend Privacy Policy

Important: We carefully select service providers that meet our privacy and security standards. We never share your photos or personal information for advertising or marketing purposes.

7. Your Rights & Controls

Access Your Data

You can download all your photos and account information at any time through your account settings.

Correct Information

Update your profile information, album details, and sharing settings whenever you want.

Delete Your Data

Delete individual photos, entire albums, or your complete account. Deletion is permanent and immediate.

Restrict Processing

You can limit how we use your information, though this may affect service functionality.

Data Portability

Export your photos and data in standard formats to use with other services.

Object to Processing

Object to specific uses of your information, subject to legal and contractual obligations.

How to Exercise Your Rights

To exercise any of these rights, you can:

  • Use the controls in your account settings
  • Email us at privacy@guardedgallery.com
  • Contact our support team through the app

We'll respond to your request within 30 days and verify your identity before taking action.

8. Contact Information

If you have questions about this privacy policy or how we handle your information:

Privacy Questions:

privacy@guardedgallery.com

General Support:

support@guardedgallery.com

Security Concerns:

security@guardedgallery.com

Response Time: We typically respond to privacy inquiries within 24-48 hours and will resolve your request within 30 days as required by law.

9. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Handle Updates

  • Minor changes: Updated policy posted with new "Last Updated" date
  • Significant changes: Email notification to all users 30 days before changes take effect
  • Material changes: Require explicit consent before continuing to use the service

We encourage you to review this policy periodically to stay informed about how we protect your privacy.