Legal

Privacy
Policy

Last updated: March 2026 · replacephoto.com

1. Who We Are

replacephoto.com ("we", "us") is the data controller for personal data collected through this website. For any privacy-related enquiries, contact us at codes10@gmail.com.

2. Data We Collect

We collect the minimum data necessary to operate the service:

Uploaded images

When you upload a photo, the image file is stored in our cloud storage (Supabase / AWS S3). If your payment succeeds, the image is displayed publicly on the homepage until replaced. Images are deleted after they are no longer live.

Payment data

Payments are processed by Stripe. We do not store your card number or billing address. We receive from Stripe only a session ID and payment status.

Usage statistics

We count the total number of page views and photos replaced as aggregate, anonymous counters. No individual user sessions are tracked and no persistent cookies are set by us.

Server logs

Our hosting provider (Vercel) may log IP addresses and request metadata for security and performance purposes. See Vercel's Privacy Policy.

3. Legal Basis (GDPR)

We process data on the basis of contract performance (Art. 6(1)(b) GDPR) — specifically, to execute the photo-replacement transaction you initiate — and our legitimate interest (Art. 6(1)(f) GDPR) in operating and securing the service.

4. Data Retention

  • Pending images (payment not completed): deleted within 24 hours.
  • Live images: deleted within 7 days of being replaced.
  • Payment records (session ID + status): retained for up to 12 months for financial record-keeping.

5. Third-Party Processors

  • Supabase — database and file storage (EU region where available).
  • Stripe — payment processing. Stripe is PCI-DSS compliant.
  • Vercel — hosting and edge network.

All processors are contractually bound to process data only as instructed and in compliance with GDPR.

6. Your Rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Object to or restrict processing.
  • Lodge a complaint with your supervisory authority.

To exercise any of these rights, email codes10@gmail.com. We will respond within 30 days.

7. Cookies

We do not use tracking or advertising cookies. A session flag may be stored in your browser's sessionStorage to avoid counting duplicate page-view stats in a single visit. This data never leaves your browser.

8. Changes

We may update this policy at any time. Material changes will be reflected in the "Last updated" date above.