What we keep.

Photographer accounts: email, hashed password, name, optional profile photo + bio + social handles. Optional 2FA secret + recovery codes (hashed).

Studio data: studio name, slug, brand assets (logo, colors, fonts), custom domain configuration, plan + Stripe customer ID, vocabulary preferences.

Photos: originals + generated variants stored on Cloudflare R2. EXIF metadata, perceptual hashes, capture time, dimensions stored in Postgres.

Client interactions: per-gallery email when a client identifies (to save favorites or comment). Tamper-evident audit log of every view, download, share, post-match, comment.

We don't sell your photos, your client list, or your activity data. To anyone. Ever. The platform is paid by photographers, not advertisers.

We don't train AI models on your images. Sharp's variant pipeline is deterministic image processing; nothing about your photos enters a learning system.

Delete a gallery → soft-archive for 30 days, then permanent purge of database rows and stored files. Delete your studio → ask us; we hard-delete the entire tree.

Export everything: every gallery has a bulk-zip endpoint (zip of every photo at the size you pick), and the audit log is queryable per gallery from the Stats tab. Need a studio-wide archive? Email hello@encore.photo and we'll deliver one.

Application: Vercel (US). Database: Neon Postgres (US East). Storage: Cloudflare R2 (auto). Email: Resend. Payments: Stripe. Each is GDPR / SOC 2 compatible.

Email hello@encore.photo. We answer within a working day.