Privacy Policy

Last updated: July 2, 2026

This Privacy Policy describes how Krifl("the App", "we", "us") collects, uses, and protects your personal information when you use our photographer-booking platform, available as a mobile application and a web application at https://krifl.com.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Phone number (optional)
  • Password (stored in hashed form only — never in plain text)
  • Profile photo (optional)

Photographer Profile Information

Users who set up a photographer profile may additionally provide a bio, specialties, equipment details, hourly rate, service radius, weekly availability, a business location, and portfolio photos. This profile information is visible to clients searching for photographers.

Location Information

Location is central to how the App works, and we collect precise location data with your permission:

  • Clients: your device location (or a location you enter) is used to find photographers near you and to set the meeting location for a session.
  • Photographers: your profile location is used so clients can discover you. While a booked session is accepted or in progress, the App shares your live GPS position with the client of that session so they can see you en route. Live location sharing runs only while the app is in the foreground and stops when the session ends.

You can decline location permissions in your device settings, but core features such as photographer discovery and live tracking will not work without them.

Camera, Photos, and Videos

With your permission, photographers use the device camera to capture session photos and videos, which are uploaded to our media hosting provider (Cloudinary) and delivered to the client of that session. Photographers may also upload portfolio images. We store media files along with basic metadata such as dimensions, file size, captions, and tags.

Payment Information

Payments are processed by Stripe. We never see or store your full card number — card details go directly to Stripe. We store payment records (session price, tip, platform fee, payout amounts, and Stripe transaction identifiers) to operate the marketplace. Photographers who receive payouts onboard with Stripe Connect, which collects identity and banking information directly under Stripe's own privacy policy.

Device and Usage Data

  • Push notifications: if you enable them on mobile, we store an Expo push token (and your device platform) to deliver notifications about your sessions.
  • Analytics: we use PostHog on our web app to understand how the App is used and to improve it.
  • Cookies and sessions: the web app uses cookies to keep you signed in (a JWT session cookie). We do not use advertising cookies or third-party tracking pixels. On mobile, your sign-in token is stored in encrypted device storage (iOS Keychain / Android Keystore).

Other Content You Provide

We store reviews and ratings you leave after sessions, session notes, photo likes, and any feedback or support messages you send us through the App.

2. How We Use Your Information

We use your information to:

  • Operate the photographer-booking marketplace
  • Match clients with nearby photographers and manage the session lifecycle (booking, acceptance, live tracking, delivery)
  • Deliver session photos and videos to clients
  • Process payments, tips, and photographer payouts
  • Send notifications about your sessions via push, email, and in-app messages
  • Verify your email address and secure your account
  • Display reviews and ratings to help users choose
  • Respond to feedback and support requests
  • Improve the App through usage analytics

3. Information Shared With Other Users

Between session participants:when a session is booked, the client and photographer can see each other's name and profile photo, the session location, and the photos and videos captured for that session. Clients see the photographer's live location while they are en route or shooting.

Photographer profiles: photographer profile details (name, bio, specialties, rates, location area, portfolio, ratings, and reviews) are visible to users searching for photographers.

Public gallery:photographers can mark individual session photos as public, which makes them visible in the App's public gallery along with the photographer's name and the session's location name. If a photo of you appears in the public gallery and you want it removed, contact us at support@krifl.com and we will address it.

Reviews:reviews you write are shown with your name on the reviewed user's profile.

4. Third-Party Service Providers

We share data with a small number of service providers, only as needed to run the App:

  • Stripe — payment processing, storage subscriptions, and photographer payouts (Stripe Connect).
  • Cloudinary — hosting and optimization of session media and portfolio photos.
  • PostHog — usage analytics on the web app.
  • Expo — delivery of push notifications to mobile devices.
  • Email delivery provider (SMTP) — transactional emails such as verification links, password resets, and session updates.

We do not sell your personal information, and we do not share it with advertisers.

5. Data Storage and Retention

Your data is stored in a secure PostgreSQL database. Passwords are hashed with industry-standard algorithms (bcrypt), and all data is transmitted over HTTPS.

Session media: after your photos are delivered, clients have a free access window (currently 30 days by default) to view and download them. After the free window, continued access to session media requires an active cloud-storage subscription (billed monthly through Stripe). When the free window ends without a subscription, media access is locked rather than immediately deleted; you can regain access by subscribing.

We retain account data for as long as your account is active, and payment records as required for accounting and legal purposes.

6. Your Rights

You have the right to:

  • Access and update your personal data — your name, phone number, profile photo, and photographer profile can be edited in the App at any time
  • Download the photos and videos from your sessions
  • Disable push notifications and location access at any time
  • Delete your account and associated personal data at any time from Settings in the App, or by contacting us at support@krifl.com. Deletion anonymizes your personal information immediately, subject to records we must keep by law (such as payment records)

7. Children's Privacy

The App is not directed at children. You must be at least 17 years old (or the age of majority in your jurisdiction) to create an account. We do not knowingly collect personal information from children; if we learn that we have, we will delete it.

8. Security

We take reasonable measures to protect your data, including password hashing, encrypted token storage on mobile devices, HTTPS for all data in transit, and role-based access controls. However, no method of electronic transmission or storage is 100% secure.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the "Last updated" date above. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@krifl.com.