Introduction
Folio is built by We Are Constellation Pte. Ltd. ("Constellation," "we," "us," or "our"). This policy explains what data we collect, how we use it, and the choices you have. We wrote it to be read, not skimmed.
Your Photos, Your Work
This is the part most photographers look for first, so we put it first.
- Your photos are yours. You retain all ownership rights to everything you upload. We never claim any intellectual property over your work.
- Your photos are never used for AI training. We do not use your photos, albums, or any content you upload to train, fine-tune, or evaluate AI or machine learning models — ours or anyone else's. They are never fed into training pipelines, shared with model providers, or used in any way beyond providing the service to you.
- Your photos are encrypted. Your uploaded images are encrypted before they are written to storage and are not stored in plaintext.
- CDN delivery. Your images are delivered through our CDN (Cloudflare) for performance and security, including images that are not publicly shared. Cloudflare may cache image data as part of this delivery.
- Limited license. By uploading content, you grant Folio a limited, non-exclusive license to store, process, deliver, and display your photos — solely to provide the service, including delivery through our CDN.
Information We Collect
Information You Provide
- Account information: Email address, display name, and password
- Payment information: Billing details processed by Stripe — we never see or store your full card number
- Profile information: Optional settings, preferences, and profile details
- Your content: Photos, images, and associated metadata (EXIF data, captions, tags, album names)
Information Collected Automatically
- Usage data: Features used, pages visited, how you interact with the service
- Device information: Browser type, operating system, IP address
- Error and diagnostic data: When something goes wrong, we may capture error details such as the page you were on, technical device and browser information, and related diagnostic information. This helps us identify and fix bugs. We use Sentry for this (see below).
- Cookies: Used for authentication and service functionality (see Cookies section below)
How We Use Your Information
- To run Folio: Store, organize, and display your photos. Enable gallery sharing.
- To improve Folio: Understand usage patterns, develop features, fix bugs, optimize performance.
- To communicate with you: Service updates, security alerts, billing notifications, support responses.
- To keep things secure: Detect fraud, prevent abuse, protect accounts.
- To meet legal obligations: Where required by law.
Who We Share Data With
We do not sell your personal information or photos. We share data only with the providers we need to run the service:
- Hetzner: Server hosting (Germany)
- Backblaze: Encrypted image storage (EU)
- Stripe: Payment processing — they handle billing information under their own privacy policy
- Cloudflare: CDN for image delivery and performance
- Sentry: Error monitoring — when an unhandled error occurs in the app, error details such as stack traces, page URLs, and technical browser or device information may be sent to Sentry to help us diagnose and fix bugs. We configure our error reporting to avoid intentionally sending sensitive personal information, but some technical data may be processed as part of diagnosing issues. Sentry is operated by Functional Software, Inc. and processes data under their Privacy Policy.
Each provider is contractually required to protect your data and use it only for the purpose we've engaged them for.
Legal Requirements
We may disclose information if required by law, legal process, or governmental request, or to protect the rights, safety, or property of our users or the public.
Business Transfers
If Constellation is acquired or merged with another company, your information may be transferred as part of that transaction. We would notify you before your data becomes subject to a different privacy policy.
Data Retention
- Active accounts: Your data is retained while your account is active.
- Trash: Photos moved to trash are kept for 30 days, giving you time to recover them.
- Permanent deletion: After you permanently delete photos (or after the 30-day trash period), they are purged from our servers within 30 days.
- Account deletion: When you delete your account, we permanently remove your personal information within 30 days, except where we're required to retain it by law.
- Backups: Deleted data may persist in encrypted backups for up to 90 days before being cleared.
Security
We take specific, concrete steps to protect your data:
- Encryption at rest: Images are encrypted in storage
- Encryption in transit: All connections over TLS/HTTPS
- Password security: Passwords are securely hashed — we never store them in plaintext
- Access controls: Authentication and authorization enforced at every layer
We take every reasonable measure to protect your work, though no system can guarantee absolute security. You are responsible for keeping your account credentials safe.
Cookies
Folio uses cookies for:
- Essential: Authentication, security, keeping the service functional
- Preferences: Remembering your settings and choices
You can manage cookies through your browser settings. Disabling essential cookies may affect your ability to use Folio.
Your Rights
All Users
- Access: Request a copy of your personal data
- Correction: Update or correct your information
- Deletion: Delete your account and all associated data
- Export: Download your photos and data in standard formats
- Opt-out: Unsubscribe from marketing communications
GDPR (EU/EEA Users)
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
California Privacy Rights
- Right to know what personal information is collected
- Right to know whether personal information is sold, shared, or disclosed (we do not sell your personal information)
- Right to request deletion of personal information, subject to legal exceptions
- Right to request correction of inaccurate personal information
- Right to opt-out of the sale or sharing of personal information
- Right to limit the use and disclosure of sensitive personal information where applicable
- Right to non-discrimination for exercising your rights
To exercise any of these rights, email us at [email protected]. We respond within 30 days.
Legal Basis for Processing (GDPR)
- Contract: To provide the service you signed up for
- Legitimate interest: To improve the service, prevent fraud, ensure security
- Consent: For optional features (you may withdraw consent at any time)
- Legal obligation: To comply with applicable laws
International Data Transfers
Our servers and storage are located in the EU — Germany (Hetzner) and the EU (Backblaze). Image data may be temporarily cached at Cloudflare edge locations worldwide for delivery performance. If you access Folio from outside the EU, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers.
Children's Privacy
Folio is not intended for children under 16. We do not knowingly collect information from children under 16. If we learn we have, we will delete it promptly.
Changes to This Policy
We may update this policy from time to time. When we do:
- We'll update the "Last Updated" date at the top
- For significant changes, we'll notify you by email
- If a change materially affects your rights, we'll give you the option to accept or close your account
Third-Party Links
Folio may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review their policies.
Contact
Questions about this policy, or a data request? Reach us at:
This Privacy Policy is effective as of the date stated above and governs your use of Folio.