Privacy Policy

Effective date: May 20, 2026
Last updated: May 20, 2026

This Privacy Policy explains how Vista Studios Ltd (“we,” “us,” “our”) collects, uses, and shares information when you use PhotoShark (the “Service”) available at https://photoshark.io (the “Website”).

By using the Service, you agree to the practices described in this Privacy Policy.

1) Who we are (Controller)

Controller: Vista Studios Ltd
Address: 85 Portland Street, First Floor, London, W1W 7LT, UK
Privacy contact: [email protected]

2) Scope

This Privacy Policy applies to personal data processed through the Service, including:

  • User accounts, profiles, and authentication on the Website
  • Contact and support requests you send us
  • PhotoShark software that backs up photos and videos from your phone to storage you control
  • Website analytics and measurement

When you use PhotoShark to back up your library, your photos and videos are primarily stored on your computer or drive. This policy focuses on data we process through the Website and related online services.

3) Information we collect

We collect information in three main ways: (a) you provide it, (b) we collect it automatically, and (c) we receive it from third parties.

A. Information you provide

  • Account information: email, password (stored as hashed credentials via our authentication system), and profile details you choose to add
  • Support and contact communications: messages you send through our contact form or email, and attachments you provide
  • Preferences: settings and communication preferences

B. Information collected automatically

  • Device and usage: IP address, device identifiers, browser type, pages viewed, timestamps, referring URLs, approximate location derived from IP, and feature usage on the Website
  • Logs: error logs, performance data, and audit/security logs (e.g., sign-in attempts)
  • Cookies and similar technologies: used for authentication, preferences, security, and analytics (see Section 8)

C. Information from third parties

  • Sign-in providers: if you authenticate with Apple, Google, or Facebook, we receive information needed to create and maintain your account (such as email and provider identifiers)
  • Analytics/measurement providers (if used): aggregated metrics and attribution data

4) How we use information

  • Create and manage your account and profile
  • Authenticate users and maintain account security
  • Respond to contact and support requests
  • Operate the Website, including account features and downloads information
  • Monitor performance, measure traffic, and improve user experience
  • Comply with legal obligations and enforce our terms and policies

5) Legal bases (EEA/UK and similar jurisdictions)

Where required, we rely on one or more of these legal bases:

  • Contract: to provide the Service you request (accounts, authentication, and support)
  • Legitimate interests: to secure the platform, prevent fraud/abuse, improve features, and measure performance (balanced against your rights)
  • Consent: where required for certain cookies, marketing communications, or specific processing choices
  • Legal obligation: compliance requests and lawful disclosures

For Brazil (LGPD), we process personal data based on applicable legal hypotheses such as performance of contract, legitimate interest, consent (when required), and legal/regulatory obligations.

6) Photo backups and your media

PhotoShark is designed to back up your photos and videos to storage you control (such as your computer or an external drive). We do not use your personal photos or videos to train AI models.

  • Backup operations run between your devices and destinations you choose; we do not receive your full photo library through the Website for storage on our servers
  • If you contact support and voluntarily share files or screenshots, we use them only to help resolve your request
  • We may process limited technical metadata (such as library scan summaries) when needed to provide features you use, depending on the product version and settings

7) Sharing and disclosures

We share information only as needed to run the Service, comply with law, or protect rights.

  • Infrastructure providers: hosting, databases, monitoring, and error tracking
  • Authentication/user management: we currently use a self-hosted Supabase stack for database and authentication, but our infrastructure may change over time
  • Email delivery: to send transactional messages and respond to contact requests
  • Sign-in providers: Apple, Google, and Facebook when you choose those sign-in options
  • Professional advisers: legal, accounting, and auditors
  • Authorities: if required by law or to protect rights, safety, and security
  • Business transfers: in a merger, acquisition, financing, or sale of assets, information may be transferred subject to appropriate safeguards

Current vendors:

  • Email provider(s): Resend
  • Analytics provider(s): Google Analytics 4

8) Cookies, analytics, and measurement

  • Keep you signed in and maintain sessions
  • Remember preferences
  • Help prevent fraud/abuse and improve reliability
  • Understand traffic sources and measure site usage

Cookie choices: Where required by law, we present a cookie banner/consent tool for non-essential cookies.

Optional cookie policy link: https://photoshark.io/cookie-policy

9) Data retention

  • Account: retained while your account is active; after deletion, we may retain limited records as required for legal, security, or operational purposes
  • Backups and media: Account data is retained while your account is active; after deletion, limited records may be kept as required for legal, security, or operational purposes. Photos and videos you back up are stored on devices and drives you control.
  • Logs and security records: retained for a limited period to maintain security and investigate incidents

Backups may persist for a limited time even after deletion, and data may remain in logs in minimized form.

10) Security

We implement administrative, technical, and organizational safeguards designed to protect information. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

11) International data transfers

We serve users globally, so information may be processed in countries other than your own. Where required, we use recognized transfer mechanisms and contractual safeguards to help protect cross-border transfers.

12) Your privacy rights

Depending on your location, you may have rights such as access, correction, deletion (subject to exceptions), portability, objection/restriction, withdrawal of consent, and opting out of marketing.

To exercise rights, contact [email protected]. We may need to verify your identity. You can also review our Data Deletion Policy.

13) Children’s privacy

The Service is not intended for children under 18. If you believe a child has provided personal data, contact us and we will take appropriate steps.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and change the “Last updated” date. If changes are material, we may provide additional notice.

15) Contact us

Email: [email protected]
Address: 85 Portland Street, First Floor, London, W1W 7LT, UK