PassportPhoto

Privacy Policy

Last updated: March 2026

1. Who We Are

PassportPhoto ("we", "us", "our") operates the website passportphoto.cc. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

We collect the following personal data:

  • Account data: Email address, name (optional), password hash
  • Payment data: Processed by Stripe — we never store card details
  • Photo data: Uploaded photos stored in our secure cloud storage
  • Usage data: Pages visited, features used, device information

3. Photo Processing

Important: Photo processing (background removal, cropping, compression) happens entirely in your browser using WebAssembly technology. During the processing step, your photo is never uploaded to our servers.

Photos are only uploaded to our secure storage after you choose to save them to your account or proceed with a purchase.

4. How We Use Your Data

  • To provide our passport photo service
  • To process payments via Stripe
  • To send transactional emails (order confirmations, expiry warnings)
  • To store your photos for the duration specified by your package

5. Data Storage & Security

  • Database: Supabase (EU region — London)
  • File storage: Supabase Storage (EU region)
  • Payments: Stripe (PCI-DSS Level 1 certified)
  • Email: Resend (data processor)

All data is encrypted in transit (TLS) and at rest.

6. Data Retention

  • Photos: Automatically deleted after your package's storage period (0-90 days)
  • Order records: Retained for 7 years (legal/financial requirement)
  • Account data: Retained until you delete your account

7. Your Rights (UK GDPR)

You have the right to:

  • Access: Download your data from Account Settings
  • Rectification: Update your profile information
  • Erasure: Delete your account and all associated data
  • Portability: Export your data as JSON
  • Object: Contact us to object to data processing

8. Cookies

We use essential cookies only for authentication and session management. See our Cookie Policy for details.

9. Third-Party Services

  • Stripe: Payment processing (Stripe Privacy)
  • Supabase: Database and authentication
  • Resend: Transactional email delivery
  • Cloudflare: DNS, CDN, and bot protection

10. Contact

For privacy-related enquiries, contact us at privacy@passportphoto.cc