Start your album
Privacy Policy

Your memories should stay under your control.

Effective May 13, 2026. This policy explains what data we collect, why, and how you can control it.

1. What We Collect

  • Account data: email address and authentication information when you sign in.
  • Photos and content: images, text prompts, captions, and other content you upload to create albums.
  • Payment data: billing address and last-4 card digits for receipts. Full card details are handled exclusively by Stripe and never stored on our servers.
  • Usage data: pages visited, features used, AI credit consumption, error logs, and performance metrics β€” used to operate and improve the service.
  • Cookies and local storage: session tokens to keep you logged in, and preference flags (e.g. theme). We do not use advertising cookies.

2. How We Use Your Data

  • To create and display your albums and AI-generated content.
  • To process payments and send receipts via Stripe.
  • To send transactional emails (account confirmation, subscription receipts, security alerts). We do not send marketing emails without your consent.
  • To detect and prevent abuse, fraud, and unauthorised access.
  • To improve product reliability and AI output quality using aggregated, anonymised signals.

3. AI Processing

Photos and prompts you provide are sent to AI model APIs to generate story plans, captions, and layouts. These requests are made under service agreements that prohibit the provider from using your data to train public models. We do not share your private photos with other users or in public marketing without your explicit permission.

4. Sharing Your Data

We share data only with:

  • Stripe β€” payment processing.
  • AI model providers β€” to generate album content (under data processing agreements).
  • Infrastructure providers (Cloudflare, cloud storage) β€” to host and serve the platform.
  • Law enforcement β€” only when legally required.

We do not sell your personal data to third parties.

5. Data Retention

  • Albums and photos: retained as long as your account is active. Deleted albums are removed within 30 days.
  • Account data: retained for 90 days after account deletion to allow for support and dispute resolution, then permanently deleted.
  • Payment records: retained for 7 years for tax and legal compliance.
  • Usage logs: retained for up to 12 months in aggregated form.

6. Your Rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, or to object to certain processing. To exercise any of these rights, email support@photobooklab.com with the subject "Privacy Request". We will respond within 30 days.

7. Sharing Links and Visibility

Albums are private by default. If you create a share link, anyone who has the link (and password, if set) can view the album. You can revoke share links at any time. We are not responsible for content shared via links you distribute.

8. Children

PhotoBookLab is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has created an account, please contact us for immediate removal.

9. Security

We use industry-standard measures including HTTPS, encrypted storage, and access controls to protect your data. No system is 100% secure; we encourage you to use a strong password and avoid uploading highly sensitive content.

10. Changes to This Policy

We may update this policy. For material changes we will notify you by email or in-app notice at least 14 days before they take effect.