Privacy Policy

Last updated: June 23, 2026

This Privacy Policy explains how Filmroll ("Filmroll", "we", "us") collects, uses, and protects information when you use our website and services (the "Service"). By using the Service you agree to this policy.

Information we collect

• Account information. When you sign in, we collect your email address. We do not use passwords; sign-in is done through a one-time link sent to your email.
• Content you upload. The photos you upload and the metadata embedded in them (such as EXIF data, which can include the capture date, camera or device, and GPS location). We keep your original file and generate display versions.
• Usage and device data. Your IP address, browser and device information, and basic log data, collected automatically when you use the Service.
• Cookies. We use a single essential cookie to keep you signed in (an HttpOnly session cookie), and Cloudflare Turnstile to protect the sign-in form from automated abuse. We do not use advertising or cross-site tracking cookies.

How we use information

• To provide the Service — create and display your galleries, convert images to HDR, and serve them to the people you share links with.
• To authenticate sign-in and maintain your session.
• To send you sign-in links and essential service messages.
• To secure the Service and prevent abuse.

How information is shared

We do not sell your personal information. We use Cloudflare, Inc. as our infrastructure provider to host the website, store images, run the database, send sign-in emails, and provide bot protection. Your data is processed on Cloudflare's global network. We may disclose information if required by law, or to protect the Service, our users, or the public.

Your galleries and sharing

Each gallery has a private, unguessable link. Anyone who has that link can view the gallery, and any collaborator link you create can upload to it. You control who you share links with. We do not list galleries publicly or allow search engines to index them.

Data retention

We keep your galleries and photos until you delete them or delete the gallery. Sign-in links expire after 15 minutes; sessions last up to 90 days. Deleting a gallery removes its images from our storage, although copies that viewers have already downloaded or that remain in their browser cache are outside our control.

Your choices and rights

You can edit or delete your galleries and the images in them at any time. If you are a California resident, the CCPA/CPRA gives you the right to know what personal information we hold about you, to request its deletion, and not to be discriminated against for exercising these rights. We do not sell or "share" personal information for cross-context behavioral advertising. To make a request, contact us at legal@filmroll.io.

Security

Data is encrypted in transit (HTTPS). We store only hashed values of session identifiers and sign-in tokens, so a database leak cannot reveal them. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with information, contact us and we will delete it.

Changes

We may update this policy from time to time. We will revise the "Last updated" date above when we do.

Contact

Questions about this policy? Email legal@filmroll.io.