Privacy Policy

Introduction

Book Proofs, LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our desktop application, or use our online services including Client Proofing. Book Proofs, LLC is based in New York, United States.

This policy applies to all users of our services, including photographers who hold a Software license, and clients who interact with proofing pages shared by photographers.

Information We Collect

Website Analytics

We use Google Analytics to understand how visitors interact with our website. This service collects information such as your IP address (anonymized), browser type, pages visited, and time spent on our site. This data helps us improve our website and user experience.

Desktop Application

Our desktop application contacts our servers for license validation purposes only. We do not collect analytics, crash reports, telemetry, or any data about how you use the application. Your projects, images, and designs remain entirely on your computer.

The Software includes subject detection technology that analyzes your images to determine optimal focal points for intelligent image placement and cropping. This processing runs entirely on your local device using machine learning models bundled with the Software. No images, image data, or detection results are transmitted to our servers or any third party. Subject detection identifies areas of visual interest for compositional purposes only — it is not a facial recognition system and does not identify, name, or match individuals. The only data derived from this process is a set of normalized coordinates stored within your local project files. These coordinates do not contain visual information and cannot be used to identify the contents of your images.

Purchase Information

When you purchase a license, payment is processed by Stripe. We do not store your credit card information. We retain only the transaction record and your email address for license delivery, customer support, and order history.

Email Communications

If you subscribe to our newsletter or marketing emails, we collect your email address. You can unsubscribe at any time using the link provided in each email.

Account Authentication

When you create an account or sign in, authentication is handled through AWS Cognito. We collect and store your email address and account credentials (securely hashed). For photographers, authentication uses an OAuth 2.0 flow, and the desktop application authenticates via JSON Web Tokens (JWT). We do not have access to your password in plain text.

Client Proofing — Photographer Data

When you use the Client Proofing service to upload and share photo book proofs, we collect and process the following information:

• Photographs and images you upload for proofing
• Client information you provide (names, email addresses)
• Proofing session metadata (upload dates, revision history, approval status)
• Brand customization settings (logo, colors) for paid subscribers
• Subscription and billing status for proofing access

This data is stored securely on our servers and used solely to provide the proofing service. We do not use, share, or sell your images or client data for any other purpose. You retain all rights to your uploaded content. For the purposes of data protection law, you are the data controller for content you upload, and we act as a data processor on your behalf. Data processing terms are set forth in Section 10.8 of our Terms of Service.

Client Proofing — Client Data

If you are a client who has received a proofing link from a photographer, the following information is collected when you interact with a proofing page:

• Your name and email address (as provided by the photographer who invited you)
• Comments and feedback you submit on proofing pages
• Approval or revision decisions you make
• Basic technical information required for authentication and session management (IP address, browser type)

Your data is processed solely to provide the proofing service requested by the photographer who shared the proof with you. We do not use your information for marketing, advertising, or any purpose unrelated to the proofing service. We do not sell or share your data with third parties beyond what is necessary to operate the service. The photographer who invited you is the data controller for your information; we process it on their behalf. If you have questions about how your data is used, we encourage you to contact the photographer directly, or reach out to us at support@bookproofs.com.

How We Use Your Information

• To validate and manage your software license
• To process transactions and send purchase confirmations
• To authenticate your account and maintain session security
• To provide customer support
• To send product updates and marketing communications (with your consent)
• To improve our website and services
• To provide and operate the Client Proofing service, including storing and displaying proofs, delivering magic link emails, and processing client comments and approvals
• To send transactional emails related to proofing (magic links, approval notifications, revision alerts)
• To enforce our Terms of Service, including monitoring for abuse of our services

Cookies

We use the following types of cookies:

• Essential cookies – Required for basic website functionality and security (CSRF protection).
• Authentication cookies – When photographers sign in to the proofing dashboard via OAuth, or when clients open a magic link, a session cookie is set to maintain your authenticated state. These cookies are necessary to provide the proofing service and persist for the duration of your session.
• Analytics cookies – Google Analytics may set cookies to distinguish users and track sessions on our marketing website. These are not used on proofing pages.

You can control non-essential cookies through your browser settings. Disabling essential or authentication cookies may prevent you from using certain features of our services.

Third-Party Services

We use the following third-party services that may process your data:

• Google Analytics – Website analytics and traffic analysis (marketing website only)
• Stripe – Secure payment processing for license purchases and proofing subscriptions
• Amazon Web Services (AWS) – Cloud hosting, infrastructure, and proofing content storage (S3)
• Amazon Cognito – Account authentication and identity management
• Amazon Simple Email Service (SES) – Delivery of transactional emails including magic links, proofing notifications, and approval alerts

Each of these services has their own privacy policy governing their use of your data. We select service providers that maintain appropriate security and data protection standards. A current list of sub-processors used for Client Proofing data is available upon request.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS (Transport Layer Security)
• Encryption of stored data at rest using AES-256 encryption
• Secure hashing of authentication credentials and magic link tokens (SHA-256)
• Access controls limiting data access to authorized personnel and systems
• Regular security reviews of our infrastructure and practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

We retain your data for the following periods:

• Purchase and license information – Retained for as long as necessary to provide license support and comply with legal and tax obligations.
• Proofing content (active subscribers) – Retained for as long as your proofing subscription is active. Content associated with inactive clients (no activity for 12 continuous months) may be deleted after we notify you at least 30 days in advance.
• Proofing content (after cancellation) – Retained for a grace period of up to 12 months following subscription cancellation. After the grace period, content exceeding your current access level may be permanently deleted. We will notify you before any such deletion.
• Client data (proofing clients) – Comments, approvals, and session data associated with a proofing client are retained for as long as the photographer maintains that client's proofing session. When a photographer deletes a client or their proofing data is removed, associated client data is also deleted.
• Account information – Retained until you request account deletion or your account is terminated pursuant to our Terms of Service.

You may request deletion of your personal data at any time by contacting us. Upon receiving a verified deletion request, we will delete your data within thirty (30) days, except where retention is required by applicable law.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability
• Withdraw consent at any time

If you are a proofing client (someone who received a proofing link from a photographer), you may exercise your rights by contacting the photographer who shared the proof with you, or by contacting us directly at support@bookproofs.com. We will coordinate with the relevant photographer to fulfill your request.

To exercise any of these rights, please contact us at support@bookproofs.com.

For European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). We process your data based on the following legal bases:

• Contractual necessity – License validation, purchase fulfillment, and providing the Client Proofing service you have subscribed to.
• Legitimate interests – Improving our services, ensuring security, and preventing abuse. We balance our interests against your rights and do not use this basis where your interests override ours.
• Consent – Marketing emails and non-essential communications. You may withdraw consent at any time.

For Client Proofing data, the photographer who uploads content acts as the data controller, and Book Proofs, LLC acts as the data processor. Our obligations as processor are detailed in Section 10.8 of our Terms of Service. If you are a photographer processing personal data of individuals in the EEA through the proofing service, you are responsible for ensuring you have a lawful basis for that processing and for providing appropriate privacy notices to your clients.

You have the right to lodge a complaint with your local data protection authority.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately at support@bookproofs.com and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes that affect how we process your data, we will also notify you by email or through the Software.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Book Proofs, LLC
Email: support@bookproofs.com