Privacy Policy
Last updated: January 24, 2025
Amp10 Limited ("Company," "we," "us," or "our") operates the Shuttershow platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using the Service, you consent to the data practices described in this policy.
1. Introduction
We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy applies to all users of Shuttershow, including:
- Studio Owners (Photographers) - Users who create accounts to host galleries
- Gallery Visitors (Clients) - Individuals who access galleries to view, favorite, or download photos
- Website Visitors - Individuals who browse our public website
2. Information We Collect
2.1 Information You Provide Directly
For Studio Owners (Photographers):
- Account Information: Email address, name, password (encrypted by Firebase), profile photo
- Studio Profile: Studio name, biography, website, contact email, phone number, physical address, social media links (Instagram, Facebook, Twitter, WhatsApp)
- Business Information: Services offered, pricing, availability schedule
- Content: Photos and images you upload, gallery titles, descriptions, captions
- Payment Information: Billing details processed through Paystack (we do not store full payment card details)
For Gallery Visitors (Clients):
- Identification: Email address OR phone number (required to access protected galleries)
- Proofing Data: Photo selections (favorites), notes and comments on photos
- Booking Information: Name, email, phone number, event details, special requests
- Download Preferences: Quality selection (HD/SD) for photo downloads
2.2 Information Collected Automatically
- Usage Data: Gallery views, page visits, feature usage, timestamps of activities
- Activity Logs: Views, favorites, downloads, notes (associated with your email or phone identifier)
- Device Information: Browser type, operating system, device type
- Log Data: IP addresses, access times, referring URLs
2.3 Information from Third Parties
If you sign in using Google OAuth, we receive your name, email address, and profile photo from Google as authorized by you during the sign-in process.
3. How We Use Your Information
We use the information we collect to:
3.1 Provide and Maintain the Service
- Create and manage your account
- Host and deliver photo galleries
- Process photo uploads and generate optimized versions
- Enable client proofing features (favorites, notes)
- Facilitate bookings between photographers and clients
- Process payments and subscriptions
3.2 Communicate With You
- Send transactional emails (account verification, password reset, gallery notifications)
- Notify photographers of client activity (new favorites, notes, downloads)
- Send booking confirmations and reminders
- Provide customer support
- Send service updates and announcements
3.3 Improve and Protect the Service
- Analyze usage patterns to improve features
- Detect and prevent fraud, abuse, and security incidents
- Debug and fix technical issues
- Enforce our Terms of Service
3.4 Analytics for Photographers
We provide photographers with analytics about their galleries, including view counts, client activity summaries, and download statistics. This helps photographers understand how clients interact with their work.
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: When you voluntarily provide your email/phone to access a gallery or create an account
- Contract Performance: To fulfill our obligations under our Terms of Service and provide the requested services
- Legitimate Interests: For analytics, security, fraud prevention, and service improvement, where such interests are not overridden by your privacy rights
- Legal Obligations: To comply with applicable laws, regulations, and legal processes
6. Third-Party Services
We use the following third-party services to operate Shuttershow:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication | Email, password (encrypted), name, profile photo |
| Cloudflare | Storage, CDN, image processing | Photos, files, IP addresses |
| Resend | Email delivery | Email addresses, names, email content |
| Paystack | Payment processing | Email, payment details, transaction amounts |
Each of these services has its own privacy policy. We encourage you to review their policies:
7. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:
- Account Data: Retained while your account is active and for 30 days after account deletion to allow for recovery
- Activity Logs: Retained for 2 years for analytics and dispute resolution
- Photos and Content: Retained while your account is active; deleted within 30 days of account termination
- Payment Records: Retained for 7 years as required by financial regulations
- Download Links: Expire and are deleted after 24 hours
- Booking Records: Retained for 2 years after the booking date
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: Sensitive data (gallery passwords, PINs) encrypted using AES-256-GCM
- Secure Transmission: All data transmitted over HTTPS/TLS
- Session Security: HTTP-only secure cookies with limited duration (7 days)
- Password Security: Passwords managed by Firebase with industry-standard hashing
- Access Controls: Role-based access to systems and data
- Regular Updates: Security patches and updates applied regularly
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. Our service providers, including Cloudflare and Firebase, operate globally and may process data in various jurisdictions.
When we transfer data outside your jurisdiction, we ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant authorities and reliance on adequacy decisions where applicable.
10. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
10.1 Access
You can request a copy of the personal data we hold about you.
10.2 Correction
You can update or correct inaccurate information through your account settings or by contacting us.
10.3 Deletion
You can request deletion of your account and associated data. Some data may be retained as required by law or legitimate business purposes.
10.4 Data Portability
You can request your data in a commonly used, machine-readable format.
10.5 Objection and Restriction
You can object to certain processing activities or request restriction of processing in certain circumstances.
10.6 Withdraw Consent
Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
12. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly.
If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected].
13. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request details about the categories and specific pieces of personal information we collect
- Right to Delete: You can request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise your CCPA rights, contact us at [email protected].
14. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
- All rights listed in Section 10 (access, correction, deletion, portability, objection)
- Right to Lodge a Complaint: You can file a complaint with your local data protection authority
- Automated Decision-Making: We do not make decisions based solely on automated processing that significantly affects you
For GDPR inquiries, contact our Data Protection contact at [email protected].
15. Nigerian Privacy Rights (NDPR)
If you are located in Nigeria, you have rights under the Nigeria Data Protection Regulation (NDPR):
- Right to be Informed: You have the right to know what data we collect and why
- Right of Access: You can request access to your personal data
- Right to Rectification: You can request correction of inaccurate data
- Right to Erasure: You can request deletion of your data in certain circumstances
- Right to Data Portability: You can receive your data in a portable format
- Right to Object: You can object to processing based on legitimate interests
- Right to Withdraw Consent: You can withdraw consent at any time
To exercise your NDPR rights or file a complaint, contact us at [email protected]or contact the Nigeria Data Protection Commission (NDPC).
16. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
- Posting the updated policy on this page with a new "Last updated" date
- Sending an email notification to registered users
- Displaying a prominent notice in the Service
Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.
17. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: