StudioCMS

Legal Documents > Privacy Policy (version 1.0.0)

StudioCMS: Privacy Policy

Policy last updated: 9/23/24

1. Introduction

Your information is your own, and having control over that information is your right. We at StudioCMS (“Service”) are committed to protecting your information and to using it in compliance with data privacy laws.

This privacy policy (“Policy”) details what information is collected when you use the Service and how that information might be used or shared. By using the Service, you acknowledge to have read and agree to the terms stipulated in this policy agreement.

We may change the Policy from time to time to maintain legal compliance and keep pace with technological advances. Whenever a change is made, we revise the date at the top of the policy, and if the change is significant, notify you by email.

2. Information We Collect

We collect personal information and data (“Information”) in order to provide you with the Service in a reliable and secure manner and for legitimate business needs such as responding to customer service inquiries and complying with international data protection laws.

This includes information that you provide directly to us such as:

  • Personal information you provide when subscribing to our service
  • Photos that you upload, including any embedded photo metadata
  • Transaction details on purchases you make and on items you sell
  • Information and narratives you provide about your photos
  • Information you record about your customers
  • Communications with other subscribers and with Studio CMS staff

We may also receive updated information about you, such as an updated billing address, from the financial institution issuing your credit card in connection with our billing for the Service.

In addition, we may collect information related to how you use the Service, including actions you take such as sharing, editing, viewing, and creating content, and navigating the StudioCMS site.

We may also collect information from and about the devices you use to access the Service such as the type of browser you use and your IP address.

3. Why and How We Share Your Information

Excepting the Law Enforcement terms specified below, we do not share your personal information or data with anyone.

When you purchase a product using our Service, you interact directly with either a third-party, such as White House Custom Color, or a studio owner for both payment and fulfillment. The Information you share with the provider is then protected in accordance with the provider’s privacy policy.

Law Enforcement

In accordance with local data protection laws, we disclose information when required by law or under the good-faith belief that such disclosure is necessary in order to conform to applicable law, comply with subpoenas, court orders or legal process served on StudioCMS, to establish or exercise our legal rights or defend against legal claims, and to protect the property or interests of the Service, its agents and employees, personal safety, or the public. Under these circumstances, we may be prohibited by law, court order, or other legal process from providing notice of the disclosure, and we reserve the right under those conditions not to provide notice.

If any illegal images or content are discovered on our site, we reserve the right to disclose your identifying information without providing notice.

Social Media

Our Service includes features that enable you to post web links entailing images and text to social media. You are solely responsible for information that you share in this manner. We do not claim responsibility for social media practices or policies, and our policies do not apply to third party websites.

4. Data Protection Measures Against AI Scraping

We are committed to safeguarding our users’ content and intellectual property from Artificial Intelligence / Machine Learning (AI/ML) exploitation. We employ advanced security measures to prevent the scraping of data for purposes of AI/ML. This includes, but is not limited to, the implementation of technical barriers and monitoring systems designed to detect and block attempts to harvest data for AI/ML development.

5. Data Privacy Controls

StudioCMS offers customizable privacy settings, allowing you to control the visibility of your studio and its galleries, photos, and photo metadata.  As a Studio Owner, you also control the admin powers you  grant to your studio staff.  You control whether a photo may be downloaded and by whom.  By default, everything is private to you and your full resolution photos cannot be downloaded except by you.  Web browser features for downloading your publicly displayed images by right-click are disabled. However as with all images on the internet, a low-resolution copy of a publicly displayed image can be obtained by screen capture.

The Service enables you to grant limited time viewing and/or download privileges to specified individuals for a photo, gallery, or photoshoot via a temporary link. You are solely responsible for information you share in this manner. While clicking on a link enables us to view certain information about the user, we do not collect personal identifying information, and only use this data to improve the functionality of the service.

6. Where We Store Your Information and Data Transfers

To provide you with the Service, we may store, process, and transmit data in the United States and locations around the world—including those outside your country. Data may also be stored locally on the devices you use to access the Service.

Data Transfers and European Transfers

To provide the Service, we may transfer your information to servers operated by our cloud service provider, in the United States or other countries. StudioCMS complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. StudioCMS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF StudioCMS has been certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Our affiliates and service providers who store or process your Information on our behalf are each contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.

If you are located in Europe, when we transfer your personal information to the United States or anywhere outside Europe, we ensure that (i) there is a level of protection deemed adequate by the European Commission or (ii) that the relevant Model Standard Contractual Clauses are in place.

7. Cookies

The only cookie we set is one that allows you to remain logged in for 60 days, when you check the “keep me logged in” box. 

When you purchase a product using our Service, you interact directly with either a third-party service or a studio owner for both payment and fulfillment.  Such third-party services may set cookies in accordance with their policies. 

8. Data Retention, Permanent Deletion, and Legacy

We retain your personal information and data for as long as your account exists, or as long as we need it to provide you the Service. If you delete your account, we will initiate permanent deletion of your information and data after 30 days. Note however: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

When you sign up for an account with us, you are asked to specify a legacy policy stipulating how your information and data are to be handled should you discontinue your subscription or in the event of your death. For example, you may choose to transfer your account to a beneficiary or donate your photos and narrative content to a public archive. In fulfilling your legacy wishes, we make no claim on your photos or other content and continue to protect your Information in accord with the terms of this policy.

9. Security

We have implemented security measures designed to protect the Information you share with us, including physical, electronic and procedural measures. Communications between your browser and StudioCMS servers, including sensitive payment information, are encrypted using industry standard TLS 3.1 and we rotate server certificates every 30 days. We maintain a PCI DSS (Payment Card Industry Data Security Standards) certification. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and third-party services for further enhancing the security of our Service and protection of our visitors’ and users’ privacy.

Regardless of the measures and efforts taken by us, we cannot and do not guarantee the absolute protection and security of your information, or any other content you upload, publish or otherwise share with us or anyone else. Therefore, we encourage you to set strong passwords, and not to share personal, revealing, or otherwise sensitive content or information with anyone, including us.

10. Additional Privacy Details for Residents of Various States

Supplemental Notice to Residents of California

The sections below apply to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (CCPA), and they supplement the information in the rest of our Privacy Policy above. These sections also do not apply to Photographer Personal Data (defined further above as user-uploaded images, videos and certain content relating to such images and videos), even when such data is about a resident of California, because StudioCMS is a “service provider” for such data under the CCPA.

CCPA categories of California personal information we collect: In the main part of our Privacy Policy, we describe the specific pieces of personal information we collect from and about California residents. This information generally falls into the following CCPA categories, to the extent that any of the following are personally identifiable: identifiers (such as name, address, email address and other contact information); commercial information (such as transaction data, and information about an individual’s interactions with us); categories of personal information described in California Civil Code 1798.80(e) (such as name); characteristics of protected classifications under California or federal law (such as gender); internet or other network or device activity, and other information described in the Information Collected by Cookies and Other Tracking Technologies section of our Privacy Policy; geolocation information; professional or employment related data (such as title); and other information that identifies or can be reasonably associated with you.

CCPA description of uses of California personal information: In CCPA terms, we have used and disclosed (and in the past 12 months have used and disclosed) all of the categories of California personal information that we collect for the purposes described above, though some uses and disclosures were more indirect than others. The extent to which our service providers engage in the uses and disclosures described above varies from provider to provider.

Supplemental Notice to Residents of Nevada

Nevada law gives Nevada consumers the right to request that a company not sell their personal information for monetary consideration to certain other parties.  This right applies even if their personal information is not currently being sold.  If you are a Nevada consumer and wish to exercise this right, please send an email with the subject line “Nevada Resident Do Not Sell Request” to legal@syswork.io.

Supplemental Notice to Residents of CA, CO, CT, UT or VA

Depending on where you reside, you may also have additional legal rights with respect to your information. While some of these rights apply generally, certain rights apply in limited cases. Consistent with applicable laws, this Supplemental Notice provides a way to exercise such rights for residents of California, Colorado, Connecticut, Utah or Virginia.

The laws of California, Colorado, Connecticut, Utah, or Virginia grant some or all of the following rights to consumers who reside in those states:

  • The right to request information about personal information that we have collected about that customer in the 12 months preceding the customer’s request (including the categories of information collected, the source of that information, the business purpose of that collection, the categories of third parties with whom that information is shared, and the specific pieces of personal information collected about that particular customer).
  • The right to receive requested information in a readily-usable format if provided electronically.
  • The right to request that we delete any personal information about the consumer that we have collected (although we may be entitled to retain some information for certain purposes).
  • The right to opt-out of “sales” of personal information to third parties, the sharing of personal information with third parties for targeted advertising purposes, and/or the processing of personal information for targeted advertising purposes.
  • The right to update or correct any personal information which is out of date or incorrect; and
  • The right to be free from discrimination based on your exercise of your privacy rights.

Supplemental Notice to Visitors from outside of the United States

Our Sites and Apps are hosted in the United States. By using our Sites and Apps, you acknowledge that your information may be transferred to, stored or processed in the United States in accordance with this Privacy Notice and applicable United States laws. Please be aware that U.S. privacy laws, including the rights of authorities to access your personal information, may differ from those that apply in the country in which you reside.

Additional Information

To exercise your rights pursuant to the Supplemental Notice above, please contact us at legal@studiocms.io