Privacy Policy
Last updated: 17 July 2026
This Privacy Policy explains how LensQuay (“we”, “us”, “our”) collects, uses and protects your personal data when you use lensquay.com and our services. We are the data controller for the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018).
1. Data we collect
- Account & profile: name, email, password (stored hashed), role (photographer or client), and profile details you add (bio, location, specialties, avatar, portfolio images).
- Content you upload: photographs, client galleries, job posts, messages, and social posts.
- Transactions: orders, subscriptions, token purchases and print orders. Card payments are processed by our payment provider (Stripe) — we do not store full card details.
- Usage & technical: log data, device/browser information, and cookies (see our Cookie Policy).
- Communications: emails and support messages you send us.
2. How and why we use your data
- To provide the platform — accounts, galleries, the jobs marketplace, messaging and sales (lawful basis: performance of a contract).
- To take payment and manage subscriptions (contract).
- To send service and transactional emails, and — where you have opted in — occasional product updates (legitimate interests / consent).
- To keep the platform secure, prevent fraud and abuse, and comply with law (legitimate interests / legal obligation).
- To understand and improve how the platform is used (legitimate interests).
3. Who we share it with
We use trusted service providers who process data on our behalf under appropriate agreements:
- Supabase — database, authentication and file storage
- Vercel — website hosting
- Cloudflare — content delivery and image storage
- Stripe — payment processing
- Resend — transactional email
- Print partners — to fulfil physical print orders you place
We do not sell your personal data. Photographers and clients only see the information necessary to work together (for example, a photographer sees a client’s job details when the client posts a job).
4. International transfers
Some providers may process data outside the UK/EEA. Where they do, we rely on appropriate safeguards such as UK-approved Standard Contractual Clauses or adequacy decisions.
5. Retention
We keep personal data for as long as your account is active and as needed to provide the service, then for a reasonable period to meet legal, accounting and dispute-resolution requirements. You can ask us to delete your account at any time.
6. Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing of your data, and to data portability. To exercise any of these, email privacy@lensquay.com. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
7. Security
We use industry-standard measures including encryption in transit, hashed passwords, row-level access controls and access-gated downloads. No system is completely secure, but we work to protect your data and to notify you and the regulator of any breach where required.
8. Children
LensQuay is not intended for anyone under 16. We do not knowingly collect data from children.
9. Changes
We may update this policy from time to time. We’ll post any changes here and update the date above.
10. Contact
Questions about this policy or your data? Email privacy@lensquay.com.