graindevue.com ("Platform," "Service," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our professional photography platform as a photographer.
By using our Platform, you consent to the data practices described in this Privacy Policy.
2. Data Controller Information
Data Controller:
graindevue.com is operated by a company registered in France.
For any questions regarding the processing of your personal data or to exercise your rights under GDPR, please contact us at the email address above.
As our organization does not meet the thresholds requiring a mandatory Data Protection Officer under Article 37 of the GDPR, we have not appointed a DPO. However, you may contact us directly for any privacy-related inquiries.
3. Information We Collect
3.1 Personal Information
Account Information:
Name, email address, and phone number
Profile information (location, bio, preferences)
Profile images and portfolio content
Account credentials and authentication data
Professional Information:
Business details and professional credentials
SIRET number (for French photographers)
Portfolio images and work samples
Service packages and pricing information
Availability calendar and booking preferences
Financial Information:
Stripe Connect account identifier for payouts (we do not store your bank account details - these are managed securely by Stripe)
Displaying your profile and portfolio to potential clients
Facilitating bookings and contracts
Processing payments and payouts via Stripe Connect
Enabling communication with clients
Providing customer support
Platform Features:
Managing your packages and availability
Tracking project progress and delivery
Managing client galleries and storage
Processing subscription payments
Generating analytics and insights for your business
4.2 Communication
User Communications:
Sending booking notifications and updates
Delivering contract notifications
Providing payment and payout status updates
Sending subscription reminders
Responding to support requests
Marketing Communications:
Platform updates and new features (with consent)
Photography industry tips and best practices (with consent)
Special offers and promotions (with consent)
4.3 Security and Compliance
Security Measures:
Preventing fraud and abuse
Monitoring for suspicious activity
Protecting against unauthorized access
Maintaining platform integrity
Legal Compliance:
Meeting regulatory requirements (GDPR, French data protection laws)
Tax reporting compliance
Financial regulation requirements
Responding to legal requests
5. Information Sharing and Disclosure
5.1 Sharing with Clients
Profile Information:
Your profile is visible to potential clients
Portfolio images are displayed publicly
Contact information is shared with clients who book you
Booking details are shared between parties
Communication:
Messages are shared between conversation participants
Booking updates are visible to both parties
Contract information is accessible to signatories
5.2 Service Providers (Sub-processors)
We share your data with the following categories of service providers. For detailed information about international transfers, see Section 9.
Payment Processing:
Stripe (including Stripe Connect) for payment processing and payouts
Platform Infrastructure:
Convex for real-time database services
Cloudflare for content delivery, security, and gallery storage (R2)
Communication Services:
Email service providers for transactional emails
5.3 Legal Requirements
Law Enforcement:
Responding to valid legal requests
Complying with court orders
Reporting suspected illegal activity
Regulatory Compliance:
Tax reporting and compliance
French and EU data protection law compliance
Financial regulation requirements
6. Data Security
6.1 Security Measures
Technical Safeguards:
Encryption of data in transit (TLS/SSL) and at rest
Secure authentication and access controls
Regular security audits (SOC 2 Type II certified infrastructure)
Backup and disaster recovery systems
Operational Safeguards:
Access controls and role-based permissions
Incident response and breach notification procedures
Regular security reviews and updates
6.2 Data Retention
Account Data:
Active account data is retained while account is active
Inactive accounts are archived after 2 years
Account deletion requests are processed within 30 days
Some data may be retained for legal compliance
Transaction Data:
Payment and payout records are retained for 10 years (French tax compliance requirement)
Booking records are retained for 5 years
Communication logs are retained for 3 years
Gallery Data:
Gallery photos are retained until you archive the booking
Archived bookings have photos permanently deleted
Storage quota is freed upon archiving
7. Your Rights and Choices
7.1 Access and Control
Account Management:
View and update your profile information
Manage your packages and availability
Control privacy settings and visibility
Download your data (data portability)
Request account deletion
Gallery Management:
Upload and manage client galleries
Archive completed bookings to free storage
Control gallery access for clients
Communication Preferences:
Opt out of marketing communications
Choose notification delivery methods
Manage email and SMS preferences
7.2 Data Rights (GDPR)
As a user in France or the EU, you have the following rights under the General Data Protection Regulation:
Right to access your personal data (Article 15)
Right to rectification of inaccurate data (Article 16)
Right to erasure ("right to be forgotten") (Article 17)
Right to data portability (Article 20)
Right to object to processing (Article 21)
Right to restrict processing (Article 18)
Right to withdraw consent at any time for consent-based processing
Right to lodge a complaint with the CNIL (see Section 13)
To exercise these rights, contact us at tony@graindevue.com. We will respond within 30 days as required by GDPR.
7.3 Opt-Out Options
Marketing Communications:
Unsubscribe from marketing emails
Opt out of SMS marketing messages
Disable push notifications
Data Collection:
Disable analytics cookies
Request data deletion
Limit data sharing
8. Subscription and Billing
8.1 Subscription Data
Billing Information:
We collect payment information for your monthly subscription (€29/month)
Payment is processed securely through Stripe
Subscription history is retained for accounting purposes
We do not store your full credit card number - this is handled securely by Stripe
Subscription Management:
You can cancel your subscription at any time
Cancellation takes effect immediately
Non-paying accounts become invisible to clients but retain data
9. International Data Transfers
Important: Your personal data is stored and processed primarily within the European Union. We are transparent about where your data is stored and the safeguards in place.
9.1 Data Storage Locations
Data Type
Service Provider
Storage Location
Legal Safeguard
Account data, bookings, contracts, messages
Convex
European Union (Ireland, AWS)
Data remains in EU
Gallery photos
Cloudflare R2
European Union (EU jurisdiction)
Data remains in EU
Payment data
Stripe
Ireland (EU) with potential US transfers
EU-US Data Privacy Framework + SCCs
Emails
Email service provider
European Union
Data remains in EU
9.2 Legal Basis for Transfers
Your data is stored primarily within the European Union. For payment processing, some data may be transferred to the United States by Stripe. We rely on the following legal mechanisms for such transfers:
EU-US Data Privacy Framework (DPF): Stripe participates in and has certified its compliance with the EU-US Data Privacy Framework, which was adopted by the European Commission on July 10, 2023, providing an adequate level of protection for personal data transferred from the EU.
Standard Contractual Clauses (SCCs): In addition to the DPF, we have entered into the European Commission's Standard Contractual Clauses with our service providers, providing additional safeguards for your data.
9.3 Sub-processors
Our primary sub-processors and their locations:
Convex (Database Services) - European Union (Ireland)
Purpose: Real-time database for account data, bookings, contracts, and messaging
Safeguards: SOC 2 Type II certified, GDPR compliant
Response time: Within 30 days for GDPR-related requests.
13.2 Regulatory Authorities
If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the supervisory authority:
France (Lead Supervisory Authority):
CNIL (Commission Nationale de l'Informatique et des Libertés)
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
We have conducted a balancing test to ensure our legitimate interests do not override your rights and freedoms.
Consent (Article 6(1)(a)):
Marketing communications
Optional analytics cookies
Optional features and services
You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Legal Obligations (Article 6(1)(c)):
Tax and financial reporting (10-year retention for French law)
Regulatory compliance
Responding to legal requests
15. Data Breach Response
15.1 Notification Requirements
User Notification:
Notification without undue delay and within 72 hours of becoming aware of a breach (GDPR Article 33)
Clear description of the incident
Potential impact on your data
Recommended protective measures
Contact details for further information
Regulatory Notification:
CNIL notification within 72 hours as required by GDPR and French law
Cooperation with regulatory authorities
16. Cookies and Tracking Technologies
16.1 Cookie Types
Strictly Necessary Cookies (No consent required):
Authentication and session management
Security and fraud prevention
Platform functionality
Load balancing
Analytics Cookies (Consent required):
Usage statistics and trends
Performance monitoring
User experience improvement
16.2 Cookie Management
User Controls:
Cookie consent banner on first visit
Browser cookie settings
Platform privacy preferences
Withdraw consent at any time via cookie settings
For detailed information about cookies, see our Cookie Policy.
By using graindevue.com Studio, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.
Effective Date: January 2025
Graindevue
Studio
The platform built for professional photographers.