Privacy Policy

Last updated: 2026-04-05

1. Information We Collect

OAuth profile data: name, email address, and profile picture (from Google or Facebook) when you sign in as a photographer
Photos you upload: thumbnail and display-size JPEG images
Session data: a session cookie (uo_session) for authentication

2. How We Store Your Data

OAuth sessions are stored in Cloudflare KV with a 7-day TTL
Photographer records (name, email, approval status) are stored in Cloudflare KV
Photos and profile avatars are stored in Cloudflare R2 object storage
All data is hosted on Cloudflare's global network; no third-party databases are used

3. Who Has Access

Site administrators can view photographer records and manage photos
Gallery viewers can see uploaded photos (each sport gallery is password-protected)
No data is sold or shared with third parties

4. Data Retention

Sessions expire after 7 days of inactivity
Photographer records persist until account deletion is requested
Photos persist until archived or deleted by an administrator
Profile avatars persist until account deletion

5. Your Rights

Request a copy of your data by contacting the administrator
Request deletion of your account and all associated data
Facebook users can request automatic data deletion through their Facebook settings

6. Data Deletion

Facebook users: Meta can trigger automatic deletion of your data via our callback endpoint
All users: contact christopher.bibbs@gmail.com to request manual deletion
Deletion removes: your photographer record, profile avatar, and session data
Uploaded photos may be retained in the gallery unless separately requested for removal

7. Cookies

uo_session: HttpOnly session cookie for authenticated areas (7-day expiry)
Sport password cookies: SHA-256 hash, 30-day expiry, per-sport gallery access
No analytics cookies, no tracking pixels, no third-party cookies

8. Contact

Data controller: Christopher Bibbs
Email: christopher.bibbs@gmail.com