Privacy Policy

Privacy Policy

1. Introduction

graindevue.com ("Platform," "Service," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our professional photography platform as a client.

By using our Platform, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

Account Information:

• Name, email address, and phone number
• Profile information (location, preferences)
• Account credentials and authentication data

Booking Information:

• Booking preferences and requirements
• Event details and location information
• Communication preferences and history
• Payment and billing information

2.2 Booking and Transaction Information

Booking Details:

• Package selections and specifications
• Event dates, times, and locations
• Contract terms and agreements
• Communication records and messages
• Progress updates and delivery status

Payment Information:

• Payment method details (processed securely through Stripe)
• Transaction amounts and currency
• Deposit and balance payment records
• Refund records

2.3 Communication Data

Messages and Notifications:

• In-app messages with photographers
• System notifications and updates
• Email communications
• SMS notifications (if enabled)
• Push notifications (if enabled)

2.4 Technical Information

Usage Data:

• Platform access logs and analytics
• Feature usage and interaction patterns
• Device information and browser data
• IP addresses and location data
• Performance and error logs

Cookies and Tracking:

• Session cookies for authentication
• Analytics cookies for service improvement
• Preference cookies for user experience
• Security cookies for fraud prevention

3. How We Use Your Information

3.1 Platform Operations

Service Provision:

• Creating and managing your account
• Facilitating bookings and contracts with photographers
• Processing payments (deposit and balance)
• Enabling communication with photographers
• Providing customer support

Platform Features:

• Displaying photographer profiles and portfolios
• Enabling search and filtering functionality
• Tracking project progress and delivery
• Managing gallery access and downloads

3.2 Communication

User Communications:

• Sending booking confirmations and updates
• Delivering contract notifications
• Providing payment and delivery status updates
• Sending system announcements
• Responding to support requests

Marketing Communications:

• Platform updates and new features (with consent)
• Special offers and promotions (with consent)
• Newsletter and educational content (with consent)

3.3 Security and Compliance

Security Measures:

• Preventing fraud and abuse
• Monitoring for suspicious activity
• Protecting against unauthorized access
• Maintaining platform integrity

Legal Compliance:

• Meeting regulatory requirements (GDPR, French data protection laws)
• Responding to legal requests
• Maintaining business records
• Ensuring tax compliance

4. Information Sharing and Disclosure

4.1 Sharing with Photographers

Booking Information:

• Your contact information is shared with photographers you book
• Booking details and requirements are shared for service delivery
• Communication history is accessible to both parties
• Contract information is accessible to signatories

4.2 Service Providers

Payment Processing:

• Stripe for payment processing
• Banking partners for financial transactions

Platform Services:

• Cloud hosting and infrastructure providers (Convex, Cloudflare)
• Email and communication services
• Analytics and monitoring tools

4.3 Legal Requirements

Law Enforcement:

• Responding to valid legal requests
• Complying with court orders
• Reporting suspected illegal activity

Regulatory Compliance:

• Tax reporting and compliance
• French and EU data protection law compliance

5. Data Security

5.1 Security Measures

Technical Safeguards:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits
• Backup and disaster recovery systems

Operational Safeguards:

• Access controls and role-based permissions
• Incident response and breach notification procedures
• Regular security reviews and updates

5.2 Data Retention

Account Data:

• Active account data is retained while account is active
• Inactive accounts are archived after 2 years
• Account deletion requests are processed within 30 days
• Some data may be retained for legal compliance

Transaction Data:

• Payment records are retained for 7 years (tax compliance)
• Booking records are retained for 5 years
• Communication logs are retained for 3 years

6. Your Rights and Choices

6.1 Access and Control

Account Management:

• View and update your profile information
• Manage communication preferences
• Control privacy settings
• Download your data (data portability)
• Request account deletion

Communication Preferences:

• Opt out of marketing communications
• Choose notification delivery methods
• Manage email and SMS preferences

6.2 Data Rights (GDPR)

As a user in France or the EU, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to restrict processing

To exercise these rights, contact us at tony@graindevue.com.

6.3 Opt-Out Options

Marketing Communications:

• Unsubscribe from marketing emails
• Opt out of SMS marketing messages
• Disable push notifications

Data Collection:

• Disable analytics cookies
• Request data deletion
• Limit data sharing

7. International Data Transfers

7.1 Data Processing

• Our platform operates primarily in France and the EU
• Your data is stored in the European Union (Ireland) via Convex and Cloudflare
• For payment processing, some data may be transferred outside the EU by Stripe, with adequate safeguards
• Compliance with GDPR requirements for international transfers

7.2 Transfer Safeguards

• EU-US Data Privacy Framework for Stripe payment processing
• Standard contractual clauses for any transfers outside the EU

8. Children's Privacy

8.1 Age Restrictions

• Our Platform is not intended for children under 18
• We do not knowingly collect personal information from children
• Accounts must be created by individuals 18 years or older

9. Third-Party Services

9.1 Integrated Services

Payment Processing:

• Stripe for secure payment processing

Platform Infrastructure:

• Convex for real-time database services (European Union - Ireland)
• Cloudflare for content delivery and security (European Union)

9.2 External Links

• Our Platform may contain links to external sites
• We are not responsible for third-party privacy practices
• Users should review third-party privacy policies

10. Changes to This Privacy Policy

10.1 Policy Updates

• We will notify users of significant changes
• Updates will be posted on our Platform
• Email notifications for major changes
• Continued use constitutes acceptance

10.2 Review Schedule

• Annual review of privacy practices
• Updates based on legal requirements
• Changes based on user feedback

11. Contact Information

11.1 Privacy Inquiries

Data Protection Contact:

• Email: tony@graindevue.com
• Website: https://graindevue.com

11.2 Regulatory Authorities

France:

• CNIL (Commission Nationale de l'Informatique et des Libertés)
• Website: https://www.cnil.fr

European Union:

• Contact your local data protection authority
• European Data Protection Board (EDPB)

12. Legal Basis for Processing (EU Users)

12.1 Processing Grounds

Contract Performance:

• Providing Platform services
• Processing bookings and payments
• Managing your account
• Facilitating communication with photographers

Legitimate Interests:

• Platform security and fraud prevention
• Service improvement and analytics

Consent:

• Marketing communications
• Optional features and services

Legal Obligations:

• Tax and financial reporting
• Regulatory compliance

13. Data Breach Response

13.1 Notification Requirements

User Notification:

• Notification within 72 hours of becoming aware of a breach (GDPR requirement)
• Clear description of the incident
• Potential impact on your data
• Recommended protective measures

Regulatory Notification:

• CNIL notification as required by French law
• Cooperation with regulatory authorities

14. Cookies and Tracking Technologies

14.1 Cookie Types

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Platform functionality

Analytics Cookies:

• Usage statistics and trends
• Performance monitoring
• User experience improvement

14.2 Cookie Management

User Controls:

• Browser cookie settings
• Platform privacy preferences
• Cookie consent management

By using graindevue.com, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.