Name That Foto ("we," "us," or "our") operates the website at namethatfoto.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.
Summary: We collect only what we need to run the Service. We never sell your data. Your uploaded images are processed temporarily and automatically deleted. Payment processing is handled securely by Stripe.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address — used for login, account recovery, and important service notifications
- First and last name (optional) — for personalization
- Password (email signup only) — stored using industry-standard bcrypt hashing; we never store or have access to your plain-text password
- Profile image URL (Google sign-in only) — from your Google account
- Authentication provider — whether you signed up via email or Google
1.2 Images You Upload
When you upload images for analysis:
- Images are stored temporarily in server memory for processing
- Images are automatically deleted after 1 hour or when you close your session
- We do not retain, archive, or back up your uploaded images
- Images are sent to third-party APIs (see Section 3) solely for the purpose of generating metadata
1.3 Google Drive Data
If you connect your Google Drive (available on Pro and Agency plans):
- We store an OAuth access token and refresh token to access your Drive on your behalf
- We access only the specific folders you select for analysis
- We read image files from your selected folder and can rename files at your request
- We upload a CSV metadata file to your analyzed folder
- We do not access, read, or modify any other files or folders in your Drive
- You can disconnect your Google Drive at any time, which immediately deletes your stored tokens
1.4 Payment Information
When you subscribe to a paid plan or purchase credits:
- All payment processing is handled by Stripe
- We never see, store, or have access to your credit card number, CVV, or full payment details
- We store only your Stripe customer ID and subscription ID to manage your account
1.5 Usage Data
We track:
- Image analysis counts — daily and monthly totals to enforce plan quotas
- Credits balance — purchased credits remaining
- Page view events — anonymized analytics for improving the Service (e.g., pricing page views)
1.6 Cookies
We use minimal, essential cookies:
| Cookie | Purpose | Duration |
|---|---|---|
session_id |
Maintains your login session | 30 days |
google_oauth_state |
Security token during Google sign-in (prevents CSRF) | 10 minutes |
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process your image uploads and generate metadata (filenames, titles, descriptions, keywords)
- Manage your account, subscription, and billing
- Enforce usage quotas and rate limits
- Communicate with you about your account or service changes
- Detect and prevent abuse, fraud, or security threats
- Track affiliate referrals (if applicable)
3. Third-Party Services
We share data with the following third-party services, solely for the purpose of providing the Service:
| Service | Data Shared | Purpose |
|---|---|---|
| Google Cloud Vision API | Image content (pixel data) | Landmark detection, label detection, safe-search analysis |
| Oxylabs (Google Lens) | Temporary image URLs | Fallback landmark and place identification |
| OpenAI | Image analysis results (labels, landmarks, text descriptions — not the images themselves) | Generating SEO-friendly filenames, titles, descriptions, and keywords |
| Google OAuth / Drive API | Authentication credentials, selected folder contents | User login, Google Drive file access and renaming |
| Stripe | Email, plan selection | Payment processing, subscription management |
Each of these services has its own privacy policy. We encourage you to review them:
4. Data Storage and Security
- Account data is stored in a PostgreSQL database hosted on secure, managed infrastructure
- Passwords are hashed using bcrypt with per-password salt
- Session cookies are HttpOnly, Secure, and SameSite=Lax
- Google Drive tokens are stored encrypted and are automatically refreshed
- All connections use HTTPS/TLS encryption in transit
- API endpoints are rate-limited to prevent abuse
- Internal error details are never exposed to users — only generic error messages are returned
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Uploaded images | Automatically deleted after 1 hour |
| Analysis results (metadata) | Stored during session, cleared on new batch |
| Account information | Until you delete your account |
| Google Drive tokens | Until you disconnect your Drive |
| Payment records | As required by law and Stripe's policies |
| Session cookies | 30 days (or until logout) |
6. Your Rights and Choices
You have the right to:
- Access your data — view your account information, plan, and usage statistics
- Disconnect Google Drive — revoke access at any time from the app; tokens are deleted immediately
- Manage your subscription — upgrade, downgrade, or cancel via the Stripe Customer Portal
- Delete your account — contact us to request full account deletion, including all associated data
- Export your data — download your analysis results as CSV at any time
7. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will delete it promptly.
8. NSFW Content Detection
Our image analysis includes safe-search detection (provided by Google Cloud Vision) that flags potentially adult, violent, or racy content. This is for informational labeling only and does not result in any content being shared, reported, or stored beyond the analysis session.
9. International Data Transfers
Your data may be processed in the United States and other countries where our third-party service providers operate. By using the Service, you consent to the transfer of your information to these locations, which may have different data protection laws than your country of residence.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or your data, please contact us at:
Email: balidaytrips@gmail.com