Request to Join

Privacy Policy

Last updated: April 8, 2026

Quick answers

Do you sell my data?
No. Never have, never will.
Do you use cookies?
Our website uses zero cookies. The app uses one login cookie and one analytics cookie to help us improve the product. No tracking, no banners.
Do you share my data with advertisers?
No. We don't work with advertisers at all.
Can I delete my data?
Yes. Email privacy@brandstudiohq.com and we'll take care of it.
Do you use face recognition?
Yes, but only for matching photos to guests at your events. You can opt out anytime.

What we collect

Account info

When you sign up, we collect your name, email, and company name. Your password is hashed with bcrypt before it's stored — we never see or store your actual password.

Photos and event data

Photos you upload are stored securely on Cloudflare R2. We also store the event details you enter: names, dates, locations, and any guest information you provide.

Guest information

Guest names, emails, and phone numbers come from you or from guests who register themselves. We use this data only for delivering photos and managing your events.

Analytics

We use privacy-friendly analytics to understand how people use BrandStudio. On our marketing site, analytics are completely cookie-free — we see general patterns (like which pages are popular) without tracking individual visitors.

Inside our app and desktop/mobile tools, we collect anonymous usage data like which features you use and how often. This helps us build a better product for you — we invest engineering time in the features you actually use, and fix the ones that aren't working well. We never use this data for advertising or share it with third parties.

How we use it

We use your information to:

  • Run the platform and keep improving it
  • Send you important emails (verification, password resets, team invites)
  • Send onboarding tips when you're getting started (you can opt out)
  • Deliver photo notifications to your event guests on your behalf
  • Process payments through Stripe (we never see or store your card number)
  • Keep the platform secure and prevent abuse

Face recognition

This deserves its own section because we know it's sensitive.

When you turn on face recognition for an event, we scan uploaded photos to detect faces and create mathematical representations called “embeddings.” These embeddings let us match a guest's face to their photos so they can find their pictures quickly.

Here's what you should know:

  • Face recognition is off by default. You have to turn it on for each event.
  • Embeddings are encrypted at rest using Fernet encryption (AES-128-CBC).
  • We never share face data with anyone outside your account.
  • We never use face data for surveillance or identification outside your events.
  • Embeddings are math, not images — you can't reverse-engineer a face from them.
  • Guests can opt out of face matching at any time.
  • You can delete all face data from your dashboard or by emailing us.

Where your data lives

Your data is stored on infrastructure we trust:

  • Application and database: Railway (US data centers)
  • Photos: Cloudflare R2 (encrypted at rest, global edge network)
  • Face embeddings: Encrypted with Fernet in our database
  • All connections: HTTPS with TLS 1.2+ and HSTS
  • Passwords: Hashed with bcrypt (never stored in plain text)
  • API keys and credentials: Encrypted in the database

Who else touches your data

We don't sell your data. We share it only with services that help us run the platform:

  • Stripe — processes your payments
  • Postmark — sends emails on our behalf
  • Twilio — sends SMS notifications (only when you set it up)
  • Cloudflare — stores and delivers your photos
  • PostHog — privacy-friendly product analytics (helps us understand which features to improve)
  • Sentry — error monitoring (helps us find and fix crashes fast)

Each of these companies processes data only to provide their service. None of them use your data for advertising or anything else.

How long we keep it

We keep your data as long as your account is active. If you delete your account, we delete all your data within 30 days. If you need your data exported before deletion, just ask.

Face recognition data for a specific event can be deleted anytime from your dashboard without deleting your whole account.

Your rights

You can:

  • Access all data associated with your account
  • Export your data at any time
  • Delete your account and everything associated with it
  • Opt out of marketing emails
  • Request deletion of face recognition data
  • Ask us anything about how your data is handled

To exercise any of these rights, email privacy@brandstudiohq.com.

Cookies

We keep it simple. Our marketing website uses no cookies at all — analytics run entirely in-memory. Inside the app, we use one essential cookie to keep you logged in and one analytics cookie to remember your session so we can improve the product. No tracking cookies, no advertising cookies, no third-party cookies. That's why you don't see a cookie consent banner — there's nothing intrusive to consent to.

Contact

Questions about how we handle your data? Email privacy@brandstudiohq.com. We'll give you a straight answer.