← Back to Home

Privacy Policy

Last updated: 11/2/2025

1. Introduction

RetroTagr ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our photo geotagging service.

By using RetroTagr, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided through OAuth)
  • Profile picture (if provided through OAuth)
  • Authentication provider (Google, etc.)

2.2 Photo Data

When you upload and process photos, we collect:

  • Uploaded photo files (temporarily stored)
  • GPS coordinates you assign to photos
  • Original photo metadata (EXIF data)
  • Photo captions (if provided)
  • Upload and processing timestamps

2.3 Usage Information

We automatically collect:

  • Photo processing count (for billing and quota management)
  • Account activity and usage patterns
  • Browser type and version
  • Device information
  • IP address
  • Access times and dates

2.4 Payment Information

We use Stripe for payment processing. We do not store your credit card details on our servers. Stripe collects and processes payment information according to their Privacy Policy.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our photo geotagging service
  • Process your photos and embed GPS metadata
  • Manage your account and authentication
  • Process payments and manage subscriptions
  • Enforce usage limits based on your subscription tier (Free, Starter, Pro)
  • Automatically delete expired photos per retention policies
  • Respond to support requests and communicate with you
  • Monitor and analyze usage patterns to improve our service
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

4. Data Storage and Retention

4.1 Photo Storage

  • Anonymous users: Photos are automatically deleted after 1 hour
  • Authenticated users (temporary): Processed photos are deleted after 24 hours unless saved to your collection
  • Saved collections: Photos remain in your collection until you delete them or close your account

4.2 Account Data

Account information is retained as long as your account is active. Upon account deletion, we delete or anonymize your data within 30 days, except where we are required to retain it for legal or compliance purposes.

5. Third-Party Services

We use the following third-party services:

5.1 Supabase

Database and file storage provider. Photos and metadata are stored on Supabase's infrastructure.

Supabase Privacy Policy

5.2 Stripe

Payment processing for subscriptions and usage-based billing. Stripe handles all payment data.

Stripe Privacy Policy

5.3 Google OAuth

Authentication via Google Sign-In. Google may collect data according to their privacy policy.

Google Privacy Policy

5.4 Mapbox

Interactive map service for GPS coordinate selection. Mapbox may collect usage analytics.

Mapbox Privacy Policy

6. Data Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data transmission
  • Encrypted storage for photos and metadata
  • Secure authentication via Better Auth
  • Regular security audits and updates
  • Access controls and user authentication

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights (GDPR)

If you are in the European Union, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Data portability: Request a copy of your data in a machine-readable format
  • Object: Object to processing of your data
  • Withdraw consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@retrotagr.com.

8. Cookies

We use the following cookies:

  • Essential cookies: Required for authentication and service functionality (session management via Better Auth)
  • Analytics cookies: Track usage patterns to improve our service (if analytics are enabled)

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features.

9. Children's Privacy

RetroTagr is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our service, you consent to such transfers.

We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) where required.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted.

12. Contact Us

If you have questions about this Privacy Policy, please contact us: