What we keep.

Photographer accounts: email, hashed password, name, optional profile photo + bio + social handles. Optional 2FA secret + recovery codes (hashed).

Studio data: studio name, slug, brand assets (logo, colors, fonts), custom domain configuration, plan + Stripe customer ID, vocabulary preferences.

Photos: originals + generated variants stored on Cloudflare R2. EXIF metadata, perceptual hashes, capture time, dimensions stored in Postgres.

Client interactions: per-gallery email when a client identifies (to save favorites or comment). Tamper-evident audit log of every view, download, share, post-match, comment.

We don't sell your photos, your client list, or your activity data — to anyone. Ever. The platform is paid by photographers, not advertisers.

We don't train AI models on your images. Sharp's variant pipeline is deterministic image processing; nothing about your photos enters a learning system.

Delete a gallery → soft-archive for 30 days, then permanent purge of DB rows and R2 objects. Delete your studio → ask us; we hard-delete the entire tree.

Export everything: every gallery has a bulk-zip endpoint (zip of every photo at the size you pick), and the audit log is queryable per gallery from the Stats tab. Need a studio-wide archive? Email hello@encore.photo and we'll deliver one.

Application: Vercel (US). Database: Neon Postgres (US East). Storage: Cloudflare R2 (auto). Email: Resend. Payments: Stripe. Each is GDPR / SOC 2 compatible.

Email hello@encore.photo. We answer within a working day.