Privacy Policy
Effective July 10, 2026
This policy explains what Focal Click collects, why, and the choices you have. The short version: your photos are private by default, we read their metadata to power recipes, we don't sell your data, and public means public.
1. What we collect
- Account data — email address, username, optional bio and profile photo, sign-in identifiers (Google account ID, password hash, passkey public keys).
- Your photographs — the image files you upload (JPEG, RAW and derivatives we generate), stored privately by default.
- Photo metadata (EXIF) — camera, lens, exposure settings, capture time, film-simulation recipe settings, and — if your camera wrote it — GPS location. Metadata powers recipes, filters, and photo pages. If you don't want location stored, disable GPS tagging in your camera before uploading.
- Activity — recipes you save or follow, photographers you follow, likes, reports you file, waitlist signup, notification state.
- Usage data — we use Google Analytics on the website (cookies, approximate location, pages viewed) and standard server logs (IP, user agent) for security and debugging.
2. What's public
Nothing you upload is public until you share it. When you share a photo to the community, the photo and its metadata (including recipe settings, camera info and any location data in the file) appear on your profile, on Explore, on the recipe's page, in followers' feeds, and in recipe embeds on third-party websites. Your username, profile photo, bio, public saves (with the names you chose and any source links), follows, and likes are visible to others. Search engines can index public content.
3. How we use data
- To run the service: store photos, extract recipes, render pages and feeds;
- To send transactional email: waitlist confirmations, invites, account emails (password resets);
- To keep the community safe: reviewing reported content, preventing abuse;
- To understand aggregate usage and improve the product.
We do not sell your personal data, use your photographs to train machine-learning models, or share your private library with anyone.
4. Who processes it
Focal Click runs on infrastructure providers who process data on our behalf:
- Supabase — database and authentication;
- Cloudflare — photo storage (R2), image processing, queues;
- Vercel — application hosting;
- Resend — email delivery;
- Google — optional sign-in, and website analytics.
5. Retention and deletion
Photos you delete are removed from storage promptly, including originals and derivatives (embedded or cached public copies may persist briefly). You can delete all your photos from Settings. To delete your account entirely, email us — we remove your account data within 30 days; community aggregates (recipe name vote counts) persist in anonymized form. Waitlist emails are kept until you're invited or ask to be removed.
6. Security
Traffic is encrypted in transit; storage is access-controlled with row-level security; passwords are hashed; passkeys never leave your device. No system is perfect — if we learn of a breach affecting you, we'll notify you without undue delay.
7. Your rights
Depending on where you live (e.g. GDPR, PIPEDA, CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Email us and we'll honor them. You can also use the service's built-in tools: edit your profile, download your originals, delete photos, or leave entirely.
8. Children
Focal Click is not for children under 16, and we don't knowingly collect their data.
9. Changes and contact
We'll announce material changes in the app or by email before they take effect. Questions or requests: hello@email.focal.click. See also our Terms of Use.