ALBUMHUB PRIVACY POLICY

Effective Date: June 14, 2026

Previous Effective Date: May 17, 2026

Notice of upcoming change (posted May 15, 2026): This version of the Privacy Policy takes effect on June 14, 2026 (30 days from this notice, per Section 12.3). The currently in-force version remains the May 17, 2026 version until that date. The substantive change in this version is the introduction of invitation-only group visibility (Sections 4.1 and 10.3) — a tightening of how groups may be shared. No new categories of data are collected and no new third-party services are introduced.

GOOGLE API SERVICES USER DATA POLICY

AlbumHub's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In plain language: AlbumHub uses information received from Google APIs only to deliver the features described in this Privacy Policy — uploading photos you contribute to your Google Photos library, displaying photos AlbumHub uploaded back to your groups, and managing metadata on AlbumHub-created albums. We do not sell Google user data, do not transfer it to other apps for unrelated purposes, do not use it for personalized advertising, do not allow humans to read it except (a) with your explicit consent, (b) when necessary for security purposes, (c) to comply with applicable law, or (d) for limited internal operations such as service-provider processing where the provider is bound by the same Limited Use restrictions (see Section 4.2). AlbumHub does not use Google user data to train, fine-tune, or improve any AI/ML model.

1. INTRODUCTION

Welcome to AlbumHub, a photo organization platform provided by Outer Limits AI LLC ("AlbumHub," "we," "us," or "our"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information.

This Privacy Policy explains:

  • What information we collect
  • How we use your information
  • How we share your information
  • Your rights regarding your information
  • How we protect your information

By using AlbumHub (the "Service"), you agree to this Privacy Policy. If you do not agree, please do not use the Service.

Contact Information:

  • Privacy and rights inquiries: legal@albumhub.co
  • Data deletion, account, and Google Photos integration questions: support@albumhub.co
  • Mail: Outer Limits AI LLC, 3801 N Capital of Texas Hwy, Ste E240-3703, Austin TX 78746

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration (via Google Sign-In): When you sign in with Google, we collect:

  • Email address
  • Full name
  • Profile photo (if you've set one in Google)
  • Google user ID

Group and Album Information: When you use AlbumHub, you provide:

  • Group names and descriptions
  • Group URL slugs
  • Organization type preferences (decade, year, season, custom)
  • Custom category names (if using custom organization)
  • Album titles (whether linked from existing Google Photos albums or created by AlbumHub)
  • Album years or categories
  • Google Photos URLs you link
  • Photos you choose to contribute through AlbumHub's native contribution flow (see Section 2.4)
  • Cover photos you upload (optional)
  • Header images and logos you upload (optional)

Payment Information (for Pro Subscriptions):

  • Payment information is collected and processed by Stripe, Inc.
  • We do NOT store your credit card numbers or payment details
  • We store only: subscription status, subscription tier (Free/Pro), renewal date, and Stripe customer ID

Communications:

  • Any messages you send us via email or support channels
  • Feedback, suggestions, or ideas you submit

2.2 Information We Collect Automatically

Technical Information: When you use AlbumHub, we automatically collect:

  • IP address
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Operating system
  • Pages you visit on AlbumHub
  • Features you use
  • Date and time of your visits
  • Referring website (how you found us)

Usage Information:

  • How you interact with the Service
  • Which groups and albums you access
  • Errors you encounter
  • Performance metrics

Cookies and Similar Technologies: We use essential cookies for:

  • Keeping you logged in (authentication)
  • Remembering your preferences
  • Ensuring security

We do NOT currently use cookies for:

  • Advertising
  • Third-party tracking beyond what's described in Section 2.3

2.3 Information from Third-Party Services

Google (Authentication and Google Photos integration):

AlbumHub uses Google Sign-In for authentication and, when you specifically grant permission, integrates with Google Photos in limited ways.

At sign-in, AlbumHub receives only identity information: your email address, name, profile photo (if set), and Google account ID. Sign-in does not grant AlbumHub any access to your Google Photos library.

Google Photos access is never granted at sign-in and is never bundled with account creation. Photos permissions are requested only when you take a specific action that requires them. Section 2.4 describes those permissions and when they are requested. If you only use AlbumHub to aggregate existing Google Photos share links (the "lightweight mode"), no Photos permissions are ever requested.

Stripe (Payment Processing):

  • Stripe processes all Pro subscription payments
  • Stripe shares with us: payment status, subscription status, and customer ID
  • See Stripe's Privacy Policy at stripe.com/privacy

Analytics (Google Analytics):

  • We use Google Analytics to understand how people use AlbumHub
  • Google Analytics collects: pages visited, time on site, browser type, device type
  • This data helps us improve the Service
  • See Google's Privacy Policy at policies.google.com/privacy

Google Analytics 4 may set cookies in your browser to measure usage, engagement, and general geographic trends (country/region level). We use this data in aggregated form and do not use it to directly identify individual users. You can opt out by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Error Tracking (Sentry):

  • We use Sentry to track and fix errors
  • Sentry collects: error messages, stack traces, browser info, and user IDs (anonymized)
  • Operational error data may incidentally include Google account identifiers or Google Photos media identifiers when an error occurs during a Google Photos operation
  • Error data is retained for 90 days and is not used for any purpose other than diagnosing and fixing errors
  • See Sentry's Privacy Policy at sentry.io/privacy

Email Service (Resend):

  • We use Resend to send service emails
  • Resend processes: your email address, name, and email content
  • See Resend's Privacy Policy at resend.com/legal/privacy-policy

AI Provider (Anthropic, for photo captioning):

  • AlbumHub uses Anthropic's Claude API to generate short text captions describing photo contents, when a group owner has enabled AI captioning
  • See Section 2.5 for a full description of the captioning flow
  • The current list of AI providers used by AlbumHub is maintained at albumhub.co/privacy/ai-providers

2.4 Google Photos Permissions (Scopes)

When you explicitly grant AlbumHub access to Google Photos, AlbumHub may request one or more of the following three Google Photos scopes. Each scope is requested at the moment you take the specific action that requires it. You may decline any scope without losing access to the rest of AlbumHub.

Scope: photoslibrary.appendonly — "Upload to your Google Photos."

This scope lets AlbumHub upload photos you choose to your Google Photos library, placing them in a shared album associated with one of your groups. It is strictly upload-only. It does not permit AlbumHub to read, list, search, or modify any photo already in your library.

This scope is requested the first time you contribute a photo to a group's shared album from within AlbumHub, or the first time you create a new native album in a group as a group owner.

Scope: photoslibrary.readonly.appcreateddata — "Manage photos added by this app."

This scope lets AlbumHub read metadata only for photos and albums that AlbumHub itself uploaded or created — specifically to fetch the temporary baseUrl Google Photos uses for displaying thumbnails (which expires hourly) and to retrieve photo content for AI captioning when enabled. It is architecturally limited to AlbumHub-uploaded content. It does not permit AlbumHub to read, list, search, or analyze any photo or album you created outside of AlbumHub.

This scope is requested alongside photoslibrary.appendonly the first time you contribute a photo or create a native album, because AlbumHub needs to display the uploaded photos back to your group members.

Scope: photoslibrary.edit.appcreateddata — "Edit the info on albums AlbumHub creates."

This scope lets AlbumHub manage metadata — title, cover photo, and photo descriptions — on albums that AlbumHub itself created. It is architecturally limited to AlbumHub-created content. It does not permit AlbumHub to access, modify, or touch any album or photo you created outside of AlbumHub.

This scope is requested the first time you create a new native album as a group owner, or the first time you enable AI captioning for a group.

Scopes AlbumHub does NOT request:

AlbumHub does not request and does not use any of the following Google Photos scopes: photoslibrary (full library access), photoslibrary.readonly, photoslibrary.sharing, or photoslibrary.edit (unrestricted edit). AlbumHub cannot and will not read, list, search, or analyze any pre-existing content in your Google Photos library.

How to revoke access:

You can revoke AlbumHub's Google Photos permissions at any time, either inside AlbumHub at Settings → Connected accounts → Disconnect Google Photos, or on Google's side at myaccount.google.com/permissions. Revocation prevents AlbumHub from making any further Google Photos calls on your behalf.

2.5 Photos that pass through AlbumHub's servers (contribution flow)

When you contribute a photo to one of your groups through AlbumHub's native contribution flow, the photo file passes through AlbumHub's servers on its way to your Google Photos account. The purpose of this transit is to deliver the photo to Google Photos and, if the group owner has enabled AI captioning, to generate a short text caption.

The following commitments apply to this transit:

  • AlbumHub holds the photo in server memory only, not on disk, for the duration of the upload — typically under thirty seconds.
  • AlbumHub does not back up, archive, or otherwise retain a copy of the photo file after the upload is acknowledged by Google Photos.
  • Once the upload is acknowledged, the photo lives in your Google Photos account and in the shared album of the group you contributed to. AlbumHub's further access to it is limited to the scopes described in Section 2.4.

AlbumHub does not store the photo, a thumbnail, a hash, or any derivative of the photo's visual content after the upload completes. If AI captioning is enabled (see Section 2.6), AlbumHub retains only the text caption generated for the photo.

2.6 AI-generated photo captions

When a group owner enables AI captioning for a group, each photo contributed to that group is sent, during the transit described in Section 2.5, to a third-party AI service that generates a short text caption — a plain-language sentence describing what is visible in the photo. Captions let members search within a group by photo content.

AI provider. AlbumHub currently uses Anthropic (the Claude API) for caption generation. AlbumHub may change or add providers over time. A current list is maintained at albumhub.co/privacy/ai-providers and is updated whenever a provider is added or removed.

No training. Under AlbumHub's contractual terms with its AI providers, photos and captions submitted through AlbumHub are not used to train any AI model.

Transit storage at AlbumHub. The photo exists on AlbumHub's servers only during captioning and the Google Photos upload. AlbumHub does not write the photo file to disk, does not back it up, and does not retain it after the upload is acknowledged.

Transit storage at the AI provider. Under the AI provider's API terms, submitted photos may be retained briefly for service operation and abuse detection — typically up to thirty days — then permanently deleted. They are not used for training, not shared with third parties, and not retained beyond the provider's operational window.

What AlbumHub keeps. AlbumHub retains only the generated text caption, linked to the Google Photos media identifier, in AlbumHub's own database. The photo itself remains solely in the contributor's and group's Google Photos accounts.

What captions describe — and what they do not. AlbumHub's AI captions describe scenes: activities, settings, objects, events, and the general composition of a photo. Captions may note that people are present — for example, "children at a birthday party" or "a family on a beach" — because acknowledging that people are in the scene is necessary for captions to be useful at all. Beyond that, captions do not analyze faces. Specifically, AlbumHub's captions:

  • do not identify individuals by name or link faces to any identity database;
  • do not perform face recognition, face clustering, or any other form of biometric identification;
  • do not infer emotions from facial expressions (scene-level description such as "a party" or "a hug" is permitted; per-face emotion inference is not);
  • do not estimate specific ages from faces, beyond the general child / adult distinction derived from scene context (body proportions, clothing, setting);
  • do not describe race, ethnicity, hair color, eye color, or other specific facial or physical attributes of individuals;
  • do not record, store, or transmit any biometric data derived from photos.

AlbumHub does not build, request, license, or support any face-recognition capability. AlbumHub describes what's in your photos. We never analyze faces.

Opt-out. A group owner may disable AI captioning for their group at any time in group settings. When captioning is disabled: no new photos are sent for captioning; all existing captions for that group are deleted from AlbumHub's database within 24 hours; and group-level search over photo content is no longer available for that group.

3. HOW WE USE YOUR INFORMATION

3.1 To Provide and Improve the Service

We use your information to:

  • Create and manage your account
  • Display your groups and albums
  • Process Pro subscriptions and payments
  • Enable collaboration features, including contributions to shared Google Photos albums and AI captioning
  • Customize your experience (organization types, categories)
  • Authenticate you via Google Sign-In
  • Send service-related emails (see Section 3.3)

3.2 To Analyze and Improve AlbumHub

We use aggregated and anonymized data to:

  • Understand how people use AlbumHub
  • Identify and fix bugs and errors
  • Improve user experience and features
  • Develop new features
  • Monitor service performance and uptime

We do NOT use photos, captions, or any content you contribute through the Service for these analytics purposes.

3.3 To Communicate With You

Transactional Emails (Always Sent, No Opt-Out):

  • Account creation confirmation
  • Password reset requests
  • Album added to your group notifications
  • Subscription renewal reminders
  • Payment successful/failed notifications
  • Important service updates or changes
  • Security alerts
  • Material changes to AI captioning, third-party AI providers, retention periods, or Google Photos scope usage, per Section 12.3

Product Update Emails (Opt-In):

  • New feature announcements
  • Service improvements
  • Tips for using AlbumHub
  • You must opt in to receive these emails

Marketing Emails (Opt-Out):

  • Pro subscription promotions
  • Referral programs
  • You will receive these unless you opt out
  • Every marketing email includes an unsubscribe link

Activity Digest Emails (Opt-In):

  • Weekly summary of group activity
  • "You have 3 new albums this week"
  • You must opt in to receive these emails

You can manage email preferences in your account settings or by clicking "unsubscribe" in any email.

3.4 For Legal and Security Purposes

We may use your information to:

  • Comply with legal obligations (court orders, subpoenas, etc.)
  • Protect our rights and property
  • Prevent fraud, abuse, or illegal activity
  • Enforce our Terms of Service
  • Protect the safety and security of our users
  • Resolve disputes

3.5 What We Do NOT Do With Your Information

We will NEVER:

  • Sell your email address or personal information to third parties
  • Share your information with advertisers for their marketing
  • Use your information for purposes unrelated to AlbumHub
  • Access content in your Google Photos library outside the specific scopes you have granted (see Section 2.4)
  • Use your photos, captions, or other contributed content to train AI models, ours or anyone else's
  • Perform face recognition, biometric identification, or any analysis of faces in your photos (see Section 2.6)
  • Share your data with social media companies for their advertising

4. HOW WE SHARE YOUR INFORMATION

4.1 With Other AlbumHub Users

Public Within Your Groups: When you add or contribute albums to a group, the following information is visible to anyone who can access that group:

  • Your name (from Google account)
  • Albums you've added or photos you've contributed (titles, links, years, categories, and the photos themselves in the shared Google Photos album)
  • Cover photos you've uploaded
  • When you added each album or contribution
  • Any AI-generated caption associated with a photo (visible within the group and attached to the photo in the shared Google Photos album)

Group Visibility: Group owners control who can view their group. Two visibility modes are available:

  • Public link — Anyone with the group's URL can view albums in that group. You control who has the link. Groups are not publicly indexed or searchable. This is the default for groups created on the Free tier and remains available on all paid tiers.
  • Invitation-only — Only members the owner has explicitly invited (and the owner themselves) can view albums in the group. Non-members hitting the URL receive a "not found" response — the group's existence is not revealed. Invitation-only visibility is available only on paid subscription tiers.

For new groups created on paid tiers, invitation-only is the default. Owners may switch a group between visibility modes at any time from the Members tab in group settings.

Invitation lifecycle: Invitations are sent by email and contain a single-use token. Invitations expire seven (7) days after they are sent if not accepted. Owners may revoke pending invitations at any time and may remove existing members at any time. Members may also remove themselves.

If a paid subscription lapses, the group's visibility automatically reverts to "Public link" because invitation-only access requires Pro. Existing members retain access. Owners are notified by email when this happens and may resubscribe at any time to restore invitation-only visibility.

Important: For linked albums, album privacy is controlled by Google Photos settings, not AlbumHub. Set appropriate permissions in Google Photos. For native albums created by AlbumHub, who can see the album within AlbumHub is controlled by your group's visibility mode and membership settings; photo visibility within Google Photos follows Google's album sharing model.

4.2 With Service Providers

We share information with trusted third-party service providers who help us operate AlbumHub:

Google LLC (Authentication & Google Photos):

  • What we share at sign-in: identity data (email, name, Google ID) required for authentication
  • What we share under the photoslibrary.appendonly scope: photos you choose to contribute, uploaded to your own Google Photos library
  • What we share under the photoslibrary.readonly.appcreateddata scope: requests to read metadata and baseUrl for items AlbumHub uploaded or created (used to display thumbnails to group members and to retrieve photo content for AI captioning when enabled)
  • What we share under the photoslibrary.edit.appcreateddata scope: album titles, cover selections, and photo descriptions for albums AlbumHub created for your groups
  • Purpose: Authentication; hosting your photos; integration with the Google Photos ecosystem
  • Google's Privacy Policy: policies.google.com/privacy

Anthropic, PBC (AI Caption Generation):

  • What we share: Photos contributed to groups where AI captioning is enabled, sent to Anthropic's Claude API during the transit described in Section 2.5
  • Purpose: Generating short text captions describing photo contents
  • Data handling: Anthropic's Commercial Terms prohibit training on customer API data
  • Retention at provider: up to 30 days for abuse detection, then permanently deleted
  • Anthropic's Privacy Policy: anthropic.com/legal/privacy
  • Current list of AI providers: albumhub.co/privacy/ai-providers

Stripe, Inc. (Payment Processing):

  • What we share: Name, email, subscription details
  • Purpose: Process Pro subscription payments
  • Stripe's Privacy Policy: stripe.com/privacy

Vercel Inc. (Hosting):

  • What we share: All data transmitted through our platform
  • Purpose: Website hosting and infrastructure
  • Vercel's Privacy Policy: vercel.com/legal/privacy-policy

Supabase Inc. (Database):

  • What we share: Account data, group data, OAuth tokens (encrypted at rest), Google Photos media identifiers, AI-generated captions
  • Purpose: Database and backend services
  • Supabase's Privacy Policy: supabase.com/privacy

Resend (Email Delivery):

  • What we share: Email addresses, names, email content
  • Purpose: Send service and notification emails
  • Resend's Privacy Policy: resend.com/legal/privacy-policy

Google Analytics (Analytics):

  • What we share: Usage data, anonymized
  • Purpose: Understand service usage
  • Google's Privacy Policy: policies.google.com/privacy

Sentry (Error Tracking):

  • What we share: Error logs; user IDs (anonymized where possible); Google Photos media identifiers may incidentally appear in error context for Google Photos operations
  • Purpose: Identify and fix bugs
  • Retention: 90 days
  • Sentry's Privacy Policy: sentry.io/privacy

All service providers are contractually obligated to protect your data and use it only for the purposes we specify. None of them is permitted to use your photos or content to train AI models.

4.3 For Legal Reasons

We may disclose your information if required by law or in good faith belief that disclosure is necessary to:

  • Comply with legal process (court orders, subpoenas, warrants)
  • Enforce our Terms of Service or other policies
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or the public
  • Respond to government requests
  • Prevent fraud or illegal activity

4.4 Business Transfers

If AlbumHub is involved in a merger, acquisition, sale of assets, bankruptcy, or similar transaction, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on the Service before your information is transferred.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent. For example:

  • Featuring your group as an example in marketing materials (with permission)
  • Connecting your account with third-party services you authorize

4.6 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you individually, such as:

  • "10,000 groups created this month"
  • "Average of 12 albums per group"
  • Usage trends and statistics

This data is not subject to this Privacy Policy. Photos, captions, and individual content are never included in aggregated data.

5. YOUR DATA RIGHTS

5.1 Access Your Data

You have the right to access your personal information. You can:

  • View your account information in account settings
  • Download your data at any time (see Section 5.2)
  • Request a copy of your data by emailing legal@albumhub.co

5.2 Export Your Data

We provide a self-service data export feature that allows you to download:

  • Your account information
  • All groups you own
  • All albums you've added or contributed to (including Google Photos media identifiers for contributed photos)
  • AI-generated captions from groups you own
  • Group settings and organization preferences
  • Export format: JSON or CSV

To export your data: Go to Account Settings > Privacy > Export Data.

The export does not include the photos themselves, which live in your Google Photos account and can be exported from there using Google Takeout (takeout.google.com).

5.3 Correct Your Data

You have the right to correct inaccurate information. You can:

  • Update your account information in account settings
  • Edit group names, descriptions, and settings
  • Edit or delete albums you've added or captions on photos you've contributed
  • Contact legal@albumhub.co for help with corrections

5.4 Delete Your Data

You have the right to delete your personal information. You can:

  • Delete individual albums, photos, or captions
  • Disable AI captioning for a group, which deletes all existing captions for that group within 24 hours
  • Delete entire groups you own
  • Delete your account entirely (see Section 5.5)

Important: Deleting albums or photos from AlbumHub does NOT delete photos from Google Photos. Your photos remain in your Google account.

5.5 Delete Your Account

To delete your account:

  1. Go to Account Settings > Privacy > Delete Account
  2. Confirm via email link (prevents accidental deletion)
  3. Your account and all data will be marked for deletion

What happens when you delete your account:

  • Immediate: You lose access to your account and all groups you own; OAuth refresh tokens are revoked
  • 30-Day Grace Period: Data retained for recovery
    • Contact support@albumhub.co within 30 days to restore
  • After 30 Days: Permanent deletion
    • Account information deleted
    • Groups you own are deleted, including all Google Photos media identifiers and AI captions associated with them
    • Pro subscription cancelled (no refund)

What is NOT deleted:

  • Photos in Google Photos (they're not in AlbumHub). To delete those, use Google Photos directly.
  • Albums in groups you do not own
  • Data required for legal compliance (see Section 9.2)

5.6 Revoke Google Photos Access

You can revoke AlbumHub's Google Photos permissions at any time without deleting your account:

  • Inside AlbumHub at Settings → Connected accounts → Disconnect Google Photos
  • On Google's side at myaccount.google.com/permissions

Revocation stops AlbumHub from making any further Google Photos calls on your behalf. Previously uploaded photos remain in your Google Photos account. Previously generated captions remain in AlbumHub's database unless you also disable captioning for the group or delete the group.

5.7 Control Email Communications

You can control what emails you receive:

  • Opt out of marketing emails: Click "unsubscribe" in any marketing email
  • Opt in/out of product updates: Manage in Account Settings > Notifications
  • Opt in/out of activity digests: Manage in Account Settings > Notifications
  • Transactional emails: Cannot opt out (required for service operation)

5.8 Object to Processing

You may object to our processing of your personal information for certain purposes. Contact legal@albumhub.co to exercise this right.

5.9 Withdraw Consent

Where we rely on your consent to process your information, you may withdraw consent at any time. This does not affect the lawfulness of processing before you withdrew consent.

A technical limitation worth stating. AlbumHub does not automatically monitor your Google Photos library for deletions. If you delete an individual photo from Google Photos, AlbumHub may not immediately detect it, and any caption associated with that photo may persist in AlbumHub's database. To remove such a caption, you can delete it directly in the AlbumHub group view or contact support@albumhub.co.

6. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

6.1 Right to Know

You have the right to request that we disclose:

  • What personal information we collect about you
  • Categories of sources from which we collect information
  • Our business or commercial purposes for collecting information
  • Categories of third parties with whom we share information
  • Specific pieces of personal information we've collected about you

To exercise this right, email legal@albumhub.co or use our data export feature.

6.2 Right to Delete

You have the right to request deletion of your personal information (subject to certain exceptions). See Section 5.5 for how to delete your account.

6.3 Right to Opt-Out of Sale

We do NOT sell your personal information. We have never sold personal information and have no plans to do so. We also do not share your personal information for cross-context behavioral advertising.

6.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. You will not receive:

  • Denied service
  • Different prices or rates
  • Different quality of service

6.5 How to Exercise Your Rights

To exercise your California privacy rights:

  • Email: legal@albumhub.co
  • Subject line: "California Privacy Rights Request"
  • Include: Your name, email, and description of your request

We will respond within 45 days of receiving your request.

6.6 Authorized Agent

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

7. GDPR RIGHTS (EUROPEAN ECONOMIC AREA USERS)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

7.1 Legal Basis for Processing

We process your personal information based on:

  • Contract: To provide the Service you've agreed to use, including the Google Photos contribution and AI captioning features when you have requested them
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For optional features like marketing emails, analytics (where required), and AI captioning (which requires explicit opt-in at the group level)
  • Legal Obligation: To comply with laws and regulations

7.2 Your GDPR Rights

Right to Access: Obtain confirmation that we process your data and access to your data (Section 5.1)

Right to Rectification: Correct inaccurate or incomplete data (Section 5.3)

Right to Erasure ("Right to Be Forgotten"): Delete your personal data in certain circumstances (Section 5.5)

Right to Restriction of Processing: Limit how we use your data in certain circumstances

Right to Data Portability: Receive your data in a structured, machine-readable format (Section 5.2)

Right to Object: Object to processing based on legitimate interests

Right to Withdraw Consent: Withdraw consent for processing that requires consent, including revoking Google Photos access (Section 5.6) and disabling AI captioning (Section 5.4)

Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country.

We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses with service providers
  • Providers certified under recognized frameworks
  • Other lawful transfer mechanisms

7.4 Data Retention

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy or as required by law. See Section 9 for details.

7.5 How to Exercise Your Rights

To exercise your GDPR rights:

  • Email: legal@albumhub.co
  • Subject line: "GDPR Rights Request"
  • Include: Your name, email, country, and description of your request

We will respond within 30 days of receiving your request.

8. DATA SECURITY

8.1 How We Protect Your Information

We implement commercially reasonable security measures to protect your information from unauthorized access, disclosure, alteration, or destruction:

Technical Measures:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest (database encryption)
  • OAuth refresh tokens stored encrypted at rest
  • Secure authentication via Google Sign-In
  • Regular security updates and patches
  • Access controls and authentication requirements

Organizational Measures:

  • Limited employee access to personal data (need-to-know basis)
  • Background checks for employees with data access
  • Regular security training
  • Incident response procedures
  • Third-party security audits of service providers

Payment Security:

  • All payment processing handled by Stripe (PCI-DSS compliant)
  • We do NOT store credit card numbers
  • Payment data encrypted and tokenized by Stripe

8.2 Limitations of Security

Despite our efforts, no security measures are perfect or impenetrable. We cannot guarantee:

  • Absolute security of your information
  • That unauthorized access will never occur
  • That third-party services we use are completely secure

You are responsible for:

  • Maintaining the confidentiality of your Google account credentials
  • Notifying us immediately of any unauthorized access
  • Using strong passwords and enabling two-factor authentication on your Google account

8.3 Data Breach Notification

If we discover a data breach that affects your personal information, we will:

  • Notify you via email within 72 hours (as required by GDPR)
  • Display an in-app notification when you log in
  • Describe what information was compromised
  • Explain what steps we're taking
  • Provide recommendations to protect yourself
  • Notify appropriate regulatory authorities if required by law

9. DATA RETENTION

9.1 How Long We Keep Your Data

Active Accounts: We retain your data as long as your account is active and you continue using AlbumHub.

Inactive Accounts: We do NOT automatically delete inactive accounts. Your data remains available indefinitely.

Deleted Accounts: When you delete your account:

  • 30-Day Grace Period: Data retained for recovery (not visible to others); OAuth refresh tokens revoked immediately
  • After 30 Days: Permanent deletion of most data
  • You may contact us within 30 days to restore your account

Specific Data Types:

  • Account information: Until account deletion + 30 days
  • Group and album data: Until deletion or account deletion + 30 days
  • OAuth refresh tokens: Revoked immediately on account deletion or on user-requested revocation (Section 5.6); otherwise stored encrypted at rest for the life of the account
  • Google Photos media identifiers (references to photos contributed through AlbumHub): For the life of the group; deleted within 30 days of group deletion or account deletion
  • AI-generated captions: For the life of the group, or until AI captioning is disabled for the group (deleted within 24 hours), whichever comes first
  • Photo files contributed through AlbumHub: Not retained. Held in server memory during transit only (under 30 seconds); discarded once the upload to Google Photos is acknowledged
  • Payment records: 7 years (for tax and legal compliance)
  • Support communications: 3 years (for record-keeping)
  • Error logs: 90 days (for debugging)
  • Analytics data: Aggregated, anonymized data retained indefinitely

9.2 Legal Retention Requirements

We may retain certain information longer than stated above if required by:

  • Legal obligations (e.g., tax records for 7 years)
  • Litigation holds or government requests
  • Fraud prevention or security purposes
  • Enforcing our Terms of Service

Even after account deletion, we may retain:

  • Payment transaction records (for accounting and tax)
  • Records needed for legal disputes
  • Aggregated, anonymized usage data

9.3 Backups

Deleted data may persist in backup copies for up to 30 days. Backup data is not accessible to users or employees except for disaster recovery purposes.

10. CHILDREN'S PRIVACY (COPPA COMPLIANCE)

10.1 Age Requirement

AlbumHub is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

You must be at least 13 years old to create an account and use AlbumHub.

10.2 Parental Consent for Ages 13-17

If you are between 13 and 18 years old (or the age of majority in your jurisdiction), you must have your parent or legal guardian's permission to use AlbumHub.

Parents are responsible for:

  • Reviewing and approving these Terms and Privacy Policy
  • Supervising their child's use of AlbumHub
  • Managing Google Photos privacy settings for photos their child links or contributes

10.3 Family Use and Photos of Minors

AlbumHub's core use case includes family photo sharing and youth-group (sports teams, camps, scouts) photo sharing. Photos of minors are routinely contributed. The commitments in Sections 2.5, 2.6, and 5 apply to these photos without exception. In particular:

  • AI captioning describes, but does not identify. Captions may reference visible scene attributes such as "a child" or "two children playing soccer." Captions do not attempt to identify individuals by name, do not perform face recognition, and do not link visual content to any identity database.
  • Group access is controlled by the group owner. For groups containing photos of minors, AlbumHub strongly recommends setting visibility to "Invitation-only" (available on paid subscription tiers), which limits viewing to members the owner has explicitly invited and prevents the group from being visible to anyone with the URL. On the Free tier, where only "Public link" visibility is available, owners should treat the group URL as sensitive and share it only with people they intend to give access to. Photos contributed to a group are visible to everyone with viewing access to that group under its current visibility mode.
  • A parent or guardian who is a member of a group may request deletion of any photo or caption at any time, regardless of who contributed it, by contacting support@albumhub.co.

Parents or guardians are responsible for:

  • Obtaining any necessary consents for sharing photos of children
  • Setting appropriate Google Photos privacy settings
  • Supervising who has access to family groups
  • Ensuring compliance with applicable privacy laws

10.4 If We Learn a Child Under 13 Has an Account

If we discover that a user is under 13 years old, we will:

  • Immediately terminate their account
  • Delete their personal information within 48 hours
  • Notify the user via email (if possible)

10.5 Parental Rights

Parents or legal guardians may:

  • Request to review their child's information (ages 13-17)
  • Request deletion of their child's account
  • Refuse to permit further collection of their child's information

To exercise these rights, email legal@albumhub.co with:

  • Subject line: "Parental Privacy Request"
  • Child's name and account email
  • Your relationship to the child
  • Proof of guardianship (if requested)

11. INTERNATIONAL DATA TRANSFERS

11.1 Where Your Data Is Processed

AlbumHub is based in the United States. By using the Service, you acknowledge that your information will be transferred to, stored, and processed in the United States. This includes photos in transit for contribution or AI captioning purposes, which pass through AlbumHub's U.S.-based servers and, for captioning, through the AI provider's servers (currently U.S.-based).

Our service providers may also process data in other countries where they operate.

11.2 Safeguards for International Transfers

For users in the European Economic Area, United Kingdom, and Switzerland, we ensure appropriate safeguards for international data transfers:

  • Standard Contractual Clauses: Contracts with service providers that include EU-approved data protection terms
  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Framework Compliance: Participation in or alignment with EU-U.S. data transfer frameworks as available

11.3 Your Rights Remain Protected

Regardless of where your data is processed, you retain all rights described in this Privacy Policy and under applicable laws.

12. CHANGES TO THIS PRIVACY POLICY

12.1 How We Update This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes to our practices
  • Changes in laws or regulations
  • New features or services
  • User feedback

12.2 Notice of Changes

When we make changes, we will:

  • Update the "Effective Date" at the top of this policy
  • Post the updated policy at www.albumhub.co/privacy
  • Notify you via email if changes are material
  • Display an in-app notice when you log in

12.3 Material Changes

Material changes include changes to the AI captioning flow, third-party AI providers, retention periods, or Google Photos scope usage. For material changes we will:

  • Provide at least 30 days' notice before changes take effect
  • Notify all group owners by email
  • Clearly explain what has changed
  • Require your consent if legally required

12.4 Your Acceptance of Changes

By continuing to use AlbumHub after changes take effect, you agree to the updated Privacy Policy. If you do not agree, you must stop using the Service and may delete your account.

12.5 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. CONTACT US

13.1 Privacy Questions

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

Email: legal@albumhub.co

Mail:
Outer Limits AI LLC
Attn: Privacy Officer
3801 N Capital of Texas Hwy
Ste E240-3703
Austin TX 78746

13.2 Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer:

Email: legal@albumhub.co
Subject Line: "ATTN: Data Protection Officer"

13.3 Data Protection Authorities

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

13.4 California Privacy Requests

California residents may contact us regarding CCPA rights:

Email: legal@albumhub.co
Subject Line: "California Privacy Rights Request"

We will respond within 45 days of receiving your request.

13.5 Google Photos Integration and Deletion Requests

For questions about how AlbumHub uses your Google Photos data, to request deletion of captions or photos contributed through AlbumHub, or to disconnect Google Photos access:

Email: support@albumhub.co
Self-service: AlbumHub Settings → Connected accounts and Settings → Privacy

13.6 Response Time

We aim to respond to all privacy inquiries within:

  • California residents: 45 days (CCPA requirement)
  • EEA/UK residents: 30 days (GDPR requirement)
  • All other inquiries: 30 days

14. SUMMARY OF KEY POINTS

What we collect:

  • Account info from Google Sign-In
  • Group and album information you create
  • Google Photos URLs you link (for linked albums)
  • Photos you contribute through AlbumHub (held in server memory during transit only)
  • AI-generated text captions of photos (for groups with captioning enabled)
  • Google Photos media identifiers (references to photos you contributed)
  • Payment info (processed by Stripe)
  • Usage data and analytics

How we use it:

  • Provide and improve AlbumHub
  • Process Pro subscriptions
  • Send service emails
  • Upload photos you contribute to your shared Google Photos albums
  • Generate text captions describing photo scenes (never analyzing faces)
  • Prevent fraud and abuse

Google Photos permissions:

  • Requested only when you take an action that needs them, not at sign-in
  • Three narrow scopes, all limited to content AlbumHub itself uploaded or created: photoslibrary.appendonly (upload-only), photoslibrary.readonly.appcreateddata (read AlbumHub's own uploads only — needed for thumbnails and AI captioning), photoslibrary.edit.appcreateddata (edit AlbumHub's own albums only)
  • Never access content you created outside AlbumHub
  • Revocable at any time

How we share it:

  • With other group members (albums you add or photos you contribute)
  • With service providers (Google, Anthropic, Stripe, Vercel, Supabase, Resend, Google Analytics, Sentry)
  • As required by law
  • We NEVER sell your information
  • We NEVER train AI models on your photos or captions

Your rights:

  • Access, export, correct, or delete your data
  • Revoke Google Photos access independently of deleting your account
  • Disable AI captioning at the group level
  • Control email preferences
  • California and GDPR privacy rights apply

Security:

  • Industry-standard encryption
  • OAuth tokens encrypted at rest
  • Secure authentication via Google
  • Payment security via Stripe (PCI-DSS)

Children:

  • Must be 13+ to use AlbumHub
  • Ages 13-17 need parental consent
  • Captions never identify individuals or perform face recognition

Our face-policy commitment:

  • AlbumHub describes what's in your photos. We never analyze faces.

Contact us:

  • Privacy and rights: legal@albumhub.co
  • Integration and deletion: support@albumhub.co
  • Mail: Outer Limits AI LLC, 3801 N Capital of Texas Hwy, Ste E240-3703, Austin TX 78746

Last Updated: May 15, 2026

Outer Limits AI LLC
3801 N Capital of Texas Hwy
Ste E240-3703
Austin TX 78746
legal@albumhub.co