← darkroom collective

Privacy Policy

Effective date: March 17, 2026

1. Introduction

Darkroom Collective ("we," "us," or "our") operates the Darkroom Collective website and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Darkroom Collective is operated as a sole proprietorship. References to "we," "us," or "our" refer to the owner and operator of Darkroom Collective.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, password (stored as a secure hash — we never store plaintext passwords), and optional profile details such as username, bio, location, and links.
  • Content you upload: photographs, walk data (GPS coordinates, routes, elevation), gallery descriptions, captions, and comments.
  • Payment information: when you subscribe to Darkroom Collective Pro, payment is processed by our third-party payment processors (Stripe, RevenueCat). We do not store full card numbers or banking details.
  • Communications: messages you send to other users through the platform.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, session duration, and error logs (via Sentry).
  • Device & technical data: IP address, browser type, operating system, and device identifiers.
  • Analytics events: we use PostHog to collect anonymized analytics about how users interact with the Service.
  • Location data (mobile): GPS coordinates collected only while you are actively recording a walk, and only when you grant location permission. We do not track your location in the background.
  • Photo metadata (EXIF): when you upload a photo, we may read embedded EXIF data (camera model, lens, settings) to display alongside your work. No precise GPS coordinates are extracted from EXIF without your knowledge.

2.3 Third-Party Authentication

You may sign in using Google OAuth. When you do, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Create and manage your account.
  • Process transactions and manage subscriptions.
  • Send transactional emails (account verification, password reset, billing receipts).
  • Respond to support requests.
  • Monitor and analyze usage to improve the Service.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your personal data to serve targeted third-party advertising.

4. How We Share Your Information

4.1 Public Profile Data

Information you choose to include in your public profile (name, username, bio, location, photographs) is visible to all visitors of the Service.

4.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

  • Cloudflare R2 — cloud object storage for uploaded photos.
  • Stripe — payment processing (web subscriptions and preset marketplace).
  • RevenueCat — mobile in-app purchase management.
  • PostHog — product analytics.
  • Sentry — error monitoring.
  • Resend — transactional email delivery.

Each provider is contractually required to use your data only for the purpose of providing services to us, consistent with this policy.

4.3 Legal Requirements

We may disclose your information if required by applicable law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of users.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law or for legitimate business purposes (e.g., outstanding payment disputes).

Aggregated, anonymized analytics data that cannot reasonably be used to identify you may be retained indefinitely.

6. Cookies & Tracking Technologies

We use session cookies to keep you signed in. We do not use persistent third-party tracking cookies for advertising. Our analytics provider (PostHog) may set first-party cookies to distinguish unique visitors.

You can configure your browser to refuse cookies, but this may affect your ability to use parts of the Service.

7. Security

We implement industry-standard security measures including encrypted data transmission (TLS/HTTPS), hashed passwords (bcrypt), and role-based access controls. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your account credentials. Please use a strong, unique password and notify us immediately if you suspect unauthorized access to your account.

8. Your Rights & Choices

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information via your account settings.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Object to certain processing of your data.

To exercise these rights, email us at privacy@darkroomcollective.app. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.

10. International Data Transfers

Your information may be stored and processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an email to the address on your account and/or by displaying a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Darkroom Collective
Email: privacy@darkroomcollective.app