Start Free

Privacy Policy

Last updated: February 27, 2026

Overview

BrandStudio (“we”, “us”, or “our”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our platform.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and company name. We store a hashed version of your password — we never store passwords in plain text.

Event & Photo Data

Photos uploaded to BrandStudio are stored securely in cloud storage (Cloudflare R2). Event data includes event names, dates, locations, and associated guest information that you provide.

Face Recognition Data

When face recognition is enabled, we process photos to detect faces and generate mathematical representations (embeddings) used for matching. Face embeddings are encrypted at rest using Fernet symmetric encryption. Face data is:

  • Only processed when you explicitly enable face recognition for an event
  • Never shared with third parties
  • Never used for surveillance or identification outside your events
  • Deletable at any time through your dashboard or by contacting us

Guest Information

Guest data (names, emails, phone numbers) is provided by you or self-registered by guests. This data is used solely for photo delivery and event management within your account.

How We Use Your Information

  • Provide and improve the BrandStudio platform
  • Send transactional emails (verification, password reset, team invites)
  • Send onboarding emails to help you get started (opt-out available)
  • Deliver photo notifications to your event guests on your behalf
  • Process payments through Stripe (we never store card numbers)
  • Monitor platform health and prevent abuse

Data Storage & Security

Your data is stored on secure infrastructure:

  • Application and database hosted on Railway (US data centers)
  • Photos stored on Cloudflare R2 (encrypted at rest)
  • Face embeddings encrypted with Fernet (AES-128-CBC)
  • All API communication over HTTPS with HSTS
  • Passwords hashed with bcrypt
  • Sensitive credentials encrypted in the database

Data Sharing

We do not sell your data. We share data only with:

  • Stripe — for payment processing
  • Postmark — for transactional email delivery
  • Twilio — for SMS notifications (when configured by you)
  • Cloudflare — for photo storage and CDN

Each provider processes data solely to deliver their service and is bound by their own privacy policies.

Your Rights

You have the right to:

  • Access all data associated with your account
  • Export your data at any time
  • Delete your account and all associated data
  • Opt out of marketing communications
  • Request deletion of face recognition data

To exercise any of these rights, contact us at privacy@brandstudiohq.com.

Cookies

We use essential cookies for authentication (session token). We do not use third-party tracking cookies or analytics cookies on the application. The marketing website may use anonymous analytics in the future, with clear consent.

Contact

Questions about this policy? Contact us at privacy@brandstudiohq.com.