Privacy Policy

Effective date: May 25, 2026 · Last updated: May 25, 2026

PhotoSell, operated by ITViet s.r.o. (“we,” “our,” or “us”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at photosell.app and all associated services (the “Platform”).

By using the Platform, you consent to the data practices described in this Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: name, email address, password, studio name, phone number, city, and profile details when you create an account.
  • Profile information: biography, social media links, logo, brand colors, and other customization settings.
  • Payment information: billing address, bank account details (for payouts), and payment credentials processed through our payment partners (Stripe, VietQR, ZaloPay, Momo). We do not store credit card numbers on our servers.
  • Content: photos, album descriptions, metadata, and other materials you upload to the Platform.
  • Communications: messages you send to us through support channels, email, or contact forms.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, time spent on the Platform, and interaction patterns.
  • Device information: browser type, operating system, device type, screen resolution, and language preferences.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Cookies and similar technologies: session cookies for authentication, preference cookies, and analytics cookies. See Section 7 for details.

1.3 Information from Third Parties

  • OAuth providers: if you sign up via Google, Facebook, TikTok, or Zalo, we receive your name, email, and profile picture from the provider.
  • Payment processors: transaction status, payout confirmations, and dispute information from Stripe, VietQR, and other processors.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Platform and its features;
  • Process transactions, payments, and send related information (confirmations, invoices, download links);
  • Create and manage your account, authenticate your identity, and maintain security;
  • Send technical notices, updates, security alerts, and support messages;
  • Respond to your comments, questions, and customer service requests;
  • Monitor and analyze usage trends to improve user experience and develop new features;
  • Detect, prevent, and address fraud, abuse, security issues, and technical problems;
  • Process photos using AI technologies (face detection, image analysis, auto-tagging) to enhance Platform features;
  • Personalize your experience, including content recommendations;
  • Comply with legal obligations and enforce our Terms of Service.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Payment processors: transaction data shared with Stripe, VietQR, ZaloPay, and Momo to process payments securely.
  • Infrastructure providers: we use third-party cloud services for hosting, storage, content delivery, and email delivery. These providers process data on our behalf under contractual obligations.
  • Between Users: when a Customer purchases photos, the Photographer receives the Customer's name and email for order fulfillment. Photographers' public profile information (studio name, bio, social links) is visible to all visitors.
  • Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
  • Protection of rights: we may disclose information to protect PhotoSell's rights, property, or safety, or the rights, property, or safety of our Users or others.
  • Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Storage and Security

Your data is stored on globally distributed, enterprise-grade infrastructure with encryption at rest and in transit. We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data transmitted between your device and our servers;
  • Strong cryptographic hashing for passwords (your password is never stored in readable form);
  • Token-based authentication with short-lived access tokens and secure refresh mechanisms;
  • Regular security audits and vulnerability assessments;
  • Access controls limiting employee access to personal data on a need-to-know basis;
  • Automated monitoring for suspicious activity and unauthorized access attempts.

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. You acknowledge and accept this inherent risk.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data, subject to legal retention requirements and ongoing contractual obligations.
  • Portability: request your data in a structured, commonly used, machine-readable format.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Objection: object to the processing of your personal data for specific purposes, including direct marketing.
  • Withdrawal of consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or the period required by applicable law). We may ask you to verify your identity before processing your request.

EU/EEA residents: you have the right to lodge a complaint with your local data protection authority if you believe your data protection rights have been violated.

6. Data Retention

  • Active accounts: we retain your personal data for as long as your account is active and as needed to provide our services.
  • After account deletion: we retain certain data for up to 90 days for backup and recovery purposes, after which it is permanently deleted.
  • Transaction records: we retain payment and order records for up to 7 years as required by tax and accounting regulations.
  • Legal obligations: we may retain data longer where required by law, regulation, or to resolve disputes and enforce agreements.
  • Aggregated data: anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

  • Essential cookies: required for authentication, security, and basic Platform functionality. Cannot be disabled.
  • Preference cookies: remember your settings, language preferences, and display options.
  • Analytics cookies: help us understand how Users interact with the Platform to improve our services.

7.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may impair Platform functionality. We do not use third-party advertising cookies or cross-site tracking.

8. International Data Transfers

Your information may be processed on servers located outside your country of residence, including in the European Union and other jurisdictions. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions by relevant authorities;
  • Contractual obligations with our service providers requiring equivalent data protection standards.

9. Children's Privacy

The Platform is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take prompt steps to delete it. If you believe a child has provided us with personal data, please contact us at [email protected].

10. Third-Party Links and Services

The Platform may contain links to third-party websites or services (e.g., payment processors, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a prominent notice on the Platform at least 30 days before they take effect. The “Last updated” date at the top of this page indicates when the Policy was last revised. Your continued use of the Platform after changes become effective constitutes your acceptance of the revised Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ITViet s.r.o.
Czech Republic
photosell.app

Privacy Policy — PhotoSell | PhotoSell