Privacy Policy

Effective Date: February 6, 2026 (Updated to reflect third-party integrations and app launches)

This Privacy Policy describes how OPTX ("we," "us," or "our") collects, uses, and protects your information when you use our website, mobile apps (on Google Play Store and Apple App Store), and services.

Information We Collect

We collect:

• Account data: name, email, phone number, and password
• Transaction data: booking and payment information
• Communications: messages or feedback sent through the platform, including reviews
• Optional data: location or notification permissions (if you enable them)
• Automatically collected data: IP addresses, device info, and usage logs from cookies and similar technologies
• Third-Party Data: When using integrations like Google Sign-In, Google Calendar, Google Pay, Apple Pay, Stripe for payments, Twilio for SMS notifications, or Resend for email communications, we may collect limited data (e.g., email, profile, calendar events, or payment tokens) with your consent.
• App-Specific Data: For mobile apps, we may collect device IDs, push notification tokens, or crash reports to improve performance.
• Location Data: For features like "photographers near you" or booking locations, we collect GPS or address data with your consent.

Google User Data

OPTX's mobile app and platform use Google APIs and services, including Google Sign-In, Google Calendar, and Google Pay. We access Google user data only with your explicit consent through OAuth scopes and strictly in accordance with the Google API Services User Data Policy and our Limited Use requirements.

Data Accessed

• Google Sign-In (People API): Name, email address, and profile picture.
• Google Calendar API: Calendar events and free/busy information (only for booking synchronization if you enable the feature).
• Google Pay: Tokenized payment credentials (we never receive or store full payment card details).

We do not request or access any other Google user data.

Data Usage

We use this Google user data exclusively to:

• Authenticate and create your OPTX account.
• Sync bookings and availability with your Google Calendar (if connected).
• Enable fast, secure checkout via Google Pay.
• Provide a personalized experience on the platform.

We do not use Google user data for advertising, user profiling, or any purpose unrelated to delivering the services you requested.

Data Sharing

We do not sell, rent, or share Google user data with any third parties for their own purposes.

Google user data is shared only with:

• Our vetted service providers (e.g., hosting and backend services) who are contractually obligated to use it solely on our behalf and delete it when no longer needed.
• Legal authorities when required by law.

All sharing complies with Google's Limited Use requirements.

Data Storage & Protection

Google user data is stored on secure, encrypted servers (AES-256 encryption at rest, TLS 1.3 in transit). Access is limited to authorized personnel on a need-to-know basis. We follow Google's security best practices and perform regular audits and penetration testing.

Data Retention & Deletion

We retain Google user data only as long as your account is active and the data is needed for the purposes above.

• Authentication tokens and calendar sync data are automatically revoked when you disconnect the integration or delete your account.
• You may request deletion of any Google-linked data at any time by:

1. Revoking OPTX's access directly in your Google Account settings at myaccount.google.com.
2. Deleting your OPTX account in the app or website settings.
3. Emailing legal@optx.photo.

We will permanently delete or anonymize the data within 30 days (or as soon as technically feasible), except where we are legally required to retain it.

2. How We Use Information

We use your information to:

• Operate and improve our Platform
• Facilitate payments and bookings
• Communicate with users (e.g., via email with Resend or SMS with Twilio)
• Enforce our Terms of Service
• Respond to legal requests where required
• Analyze usage for enhancements
• Sync bookings with third-party services like Google Calendar
• Process payments securely via Stripe, Google Pay, and Apple Pay
• Send push notifications for app updates or booking alerts (with your permission)
• Provide location-based features, such as showing "photographers near you"

3. Data Security

We retain information only as long as necessary for business or legal reasons, such as account data for up to 7 years post-termination for tax purposes. We implement reasonable safeguards, including encryption and access controls, to protect your data from unauthorized access or misuse. For third-party data (e.g., from Google or Apple), we follow their security guidelines and delete it upon revocation or when no longer needed. Photo storage via Cloudinary uses secure, optimized processing.

4. Your Rights

You may:

• Access or correct your account information
• Request deletion of your account
• Withdraw consent for optional permissions (like location or notifications)
• Revoke access to third-party integrations (e.g., Google via myaccount.google.com or Apple Pay via device settings)

To exercise these rights, email us; we will respond within 30 days as required by applicable laws (e.g., CCPA).

4.1 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have the right to know what data we collect, request deletion, opt-out of data sales (we do not sell data), and non-discrimination for exercising rights. Submit requests to legal@optx.photo. We verify requests using your account information.

5. Cookies and Tracking Technologies

We use cookies, pixels, and similar tools for functionality, analytics (e.g., Google Analytics), and performance. You can manage preferences via browser settings.

6. Data Sharing and Third Parties

We share data with service providers under strict confidentiality agreements, including:

• Stripe for payment processing — Stripe Privacy Policy
• Google for authentication, calendar sync, and payments (our use of Google API data complies with the Google API Services User Data Policy, including Limited Use requirements) — Google Privacy Policy
• Apple for Apple Pay — Apple Privacy Policy
• Twilio for SMS notifications — Twilio Privacy Policy
• Resend for email communications — Resend Privacy Policy
• App stores (Google Play, Apple App Store) for distribution and analytics
• AWS, Cloudinary, Supabase, Vercel for hosting and backend services

We may disclose data to comply with laws or protect rights. No sharing for marketing without consent.

7. Sources of Data and Automated Processing

Data is collected directly from you, automatically via tools, or from third parties (e.g., payment processors like Stripe or auth providers like Google). We may use automated decision-making for features like user matching, with options to request human review.

8. Retention Periods

We retain account and transaction data while active and for up to 7 years afterward for legal compliance. Communications are kept for 2 years or as needed for disputes. Third-party data (e.g., Google tokens) is deleted upon revocation. Location data is retained only for the duration of the booking or matching process.

9. Children's Privacy

We do not knowingly collect data from users under 16. If discovered, we will delete it promptly. This complies with laws like COPPA.

10. International Data Transfers

If you are outside the U.S., your data may be transferred to U.S. servers. We use safeguards like Standard Contractual Clauses for international transfers. For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or other approved mechanisms. You have additional rights under GDPR, such as data portability—contact us to exercise them.

11. Changes to Policy

We may update this Policy; changes will be posted here with a new effective date. Continued use constitutes acceptance.

12. Contact

For questions about privacy or data requests:

Go to OPTX | Terms of Service