1. Introduction

RetroTagr ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our photo geotagging service. By using RetroTagr, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address
Name (if provided through OAuth)
Profile picture (if provided through OAuth)
Authentication provider (Google, etc.)

2.2 Photo Data

When you upload and process photos, we collect:

Uploaded photo files (temporarily stored)
GPS coordinates you assign to photos
Original photo metadata (EXIF data)
Photo captions (if provided)
Upload and processing timestamps

2.3 Usage Information

We automatically collect:

Photo processing count (for billing and quota management)
Account activity and usage patterns
Browser type and version
Device information
IP address
Access times and dates

2.4 Payment Information

We use Stripe for payment processing. We do not store your credit card details on our servers. Stripe collects and processes payment information according to their Privacy Policy.

3. How We Use Your Information

We use collected information to:

Provide and maintain our photo geotagging service
Process your photos and embed GPS metadata
Manage your account and authentication
Process payments and manage subscriptions
Enforce usage limits based on your subscription tier
Respond to support requests and communicate with you
Monitor and analyze usage patterns to improve our service
Detect and prevent fraud and abuse
Comply with legal obligations

4. Data Storage and Retention

4.1 Photo Storage

All photos uploaded by registered users are saved to your account and remain available until you delete them or close your account. Photos count towards your storage quota.

4.2 Account Data

Account information is retained as long as your account is active. Upon account deletion, we delete or anonymize your data within 30 days, except where we are required to retain it for legal or compliance purposes.

5. Third-Party Services

We use the following third-party services:

5.1 Supabase

Database and file storage provider. Photos and metadata are stored on Supabase's infrastructure.

Supabase Privacy Policy

5.2 Stripe

Payment processing for subscriptions and usage-based billing. Stripe handles all payment data.

Stripe Privacy Policy

5.3 Google OAuth

Authentication via Google Sign-In. Google may collect data according to their privacy policy.

Google Privacy Policy

5.4 Mapbox

Interactive map service for GPS coordinate selection. Mapbox may collect usage analytics.

Mapbox Privacy Policy

6. Data Security

We implement industry-standard security measures including:

HTTPS encryption for all data transmission
Encrypted storage for photos and metadata
Secure authentication via Better Auth
Regular security audits and updates
Access controls and user authentication

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure.

8. Cookies

We use the following cookies:

Essential cookies: Required for authentication and service functionality
Analytics cookies: Track usage patterns to improve our service (if enabled)

You can control cookies through your browser settings.

9. Children's Privacy

RetroTagr is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international data transfers.

11. Business Customers

If you are using RetroTagr on behalf of a business or organization, additional terms may apply. Our Data Processing Agreement (DPA) provides detailed information about how we process data as a data processor, including sub-processors, security measures, and Standard Contractual Clauses for international transfers.

View our Data Processing Agreement →

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

7. Your Rights (GDPR)

If you are in the European Union, you have the right to:

Access: Request a copy of your personal data
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your data ("right to be forgotten")
Data portability: Request a copy of your data in a machine-readable format
Object: Object to processing of your data
Withdraw consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@retrotagr.com.

13. Contact Us

If you have questions about this Privacy Policy, please contact us:

Privacy: privacy@retrotagr.com
General inquiries: legal@retrotagr.com