Privacy Policy

Last updated: April 14, 2026

Humanframe is a private photography journal. This policy explains what personal data we collect, why we collect it, and your rights over it.

Who we are

Humanframe is operated by PX7 Digital. If you have questions about this policy, contact us at [email protected].

Data we collect

Account data — your email address, display name, and a URL handle you choose. Required to create and maintain your account.
Photography journal content — sessions, frame counts, written intent and reflection notes, keeper selections, and session type. This is the core content of the product.
Photos you upload — images are stored in Cloudflare R2 (object storage) and linked to your sessions. We do not share your photos with third parties.
Community feedback — notes you write on others' work, and notes others write on yours, when you choose to participate in the community feature.
Profile photo — optionally uploaded via Settings.
Technical data — standard server logs (IP address, request timestamps) retained by our infrastructure provider (Cloudflare) for security purposes.

Why we collect it

To provide the journal, tracking, and community features of the product.
To send transactional emails — password resets, invite links, feedback notifications — via Resend.
To enforce rate limits and protect against abuse.

We do not sell your data, run advertising, or share personal data with third parties except as described here.

Third-party services

Cloudflare — hosting, CDN, database (D1), and object storage (R2). Data is processed under Cloudflare's privacy policy.
Resend — transactional email delivery. Your email address is passed to Resend only to send emails you triggered (password reset, invites, feedback notifications).
Google Fonts — font files loaded from Google's CDN. Google may log your IP when fonts are fetched.

Data retention

We retain your account data and content for as long as your account is active. If you delete your account, all personal data associated with it — including your sessions, frames, photos, and notes — is permanently deleted within 30 days. Cloudflare server logs are retained per Cloudflare's policy (typically 7–30 days).

Your rights (GDPR)

If you are located in the EU or EEA, you have the following rights:

Right of access — request a copy of the personal data we hold about you.
Right to erasure — delete your account and all associated data via Settings, or by emailing us.
Right to rectification — update your name, handle, and email via Settings.
Right to data portability — contact us to request an export of your journal data.
Right to object — contact us to restrict processing of your data.

To exercise any of these rights, email [email protected].

Cookies and tracking

Humanframe uses a single session cookie (hf_auth) to keep you logged in. This cookie is necessary for the service to function. We do not use advertising cookies, tracking pixels, or third-party analytics.

Security

Passwords are hashed with PBKDF2-SHA256 (100,000 iterations). Session tokens are HMAC-signed. Photos are stored in private Cloudflare R2 buckets and served over HTTPS.

If you have any questions about this policy, contact us at [email protected].