Privacy Policy

Last Updated: December 18, 2025

1. Introduction

This Privacy Policy explains how WhereWasThisPhoto.com ("we," "us," or "our") collects, uses, stores, and protects your information when you use our website at www.wherewasthisphoto.com (the "Website") and our mobile application "Where Was This Photo" (the "App") (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

IMPORTANT: This Service analyzes photos and extracts location metadata (GPS coordinates). Uploading photos may reveal your home address, travel patterns, or other sensitive location information. Please read this Privacy Policy carefully.

2. Information We Collect

2.1 Photos You Upload & Third-Party Processing

When you upload a photo for analysis, we temporarily process:

  • The photo image file itself
  • All metadata embedded in the photo (see Section 2.2)

Third-Party AI Processing: We use OpenAI as a third-party service provider to analyze your photos. Images uploaded for analysis are transmitted securely to OpenAI, processed to identify location markers, and are not used to train their models.

Photo Retention:

  • Photos are generally NOT permanently stored on our servers
  • Photos are processed for analysis and then discarded
  • OpenAI retains photos for up to 30 days for abuse monitoring, then automatically deletes them
  • Photos may be temporarily cached during processing
  • Our team may view photos during analytics analysis or content moderation

We do not use your photos for AI training or any purpose beyond providing the Service to you.

2.2 Photo Metadata (EXIF Data) & Location Hints

We automatically extract ALL available metadata from uploaded photos, including:

Location Data:

  • GPS coordinates (latitude, longitude, altitude)
  • Location names (if embedded)
  • Geographic references

Location Data Usage: If you choose to provide a location hint or allow access to photo location metadata, this information is used solely to improve the accuracy of the analysis and is not stored permanently.

Camera and Technical Data:

  • Camera make and model
  • Lens information
  • Camera settings (ISO, aperture, shutter speed, focal length)
  • Image dimensions and resolution
  • Color space and compression

Date and Time Data:

  • Original capture date and time
  • Modification date and time
  • Timezone information

Other Metadata:

  • Copyright information
  • Software used for editing
  • Artist or creator information
  • Comments or descriptions
  • Any other EXIF, IPTC, or XMP metadata fields

WARNING: GPS metadata can reveal your exact location, including your home address, workplace, or sensitive locations. We extract and display ALL available metadata, including GPS coordinates. If you want to keep your location private, remove metadata from photos before uploading.

This metadata is used to provide location analysis but is NOT permanently stored by us.

2.3 Local Data Storage & Account Information

Local Storage (App & Website): Analysis history and usage tracking are stored locally on your device. We do not maintain a user account system or store your personal usage data on our servers for basic usage.

Pro Accounts (When Implemented): For users with Pro accounts (via Supabase):

  • Email address (required for account creation)
  • Password (hashed and encrypted, not retrievable)
  • Account preferences and settings
  • Usage history and credits/purchases

2.4 Automatically Collected Information

When you visit or use the Service, we automatically collect:

Usage Data:

  • Pages/Screens visited and features used
  • Number of photos analyzed
  • Time spent on the Service
  • Clicks and interactions

Technical Data:

  • IP address
  • Browser type and version (Website)
  • Device type, model, and operating system (App & Website)
  • Screen resolution
  • Approximate location (city/country level, derived from IP)
  • Referring website (Website)
  • App crash reports and performance data (App)

Cookies and Similar Technologies:

  • See Section 4 for details

2.5 Payment Information (When Implemented)

When you purchase Pro features:

  • Payment information is processed directly by Stripe (our payment processor)
  • We do NOT store your credit card, bank account, or payment details
  • We receive only transaction confirmations and anonymized payment records
  • Stripe retains payment information according to their privacy policy

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Provide the Service

  • Analyze uploaded photos to predict locations
  • Extract and display photo metadata
  • Generate AI-powered location estimates
  • Display results on interactive maps
  • Local Storage: Store your analysis history locally on your device for your convenience

3.2 Account Management (When Implemented)

  • Create, maintain, and secure user accounts
  • Process payments and manage subscriptions
  • Track usage limits and credits
  • Provide customer support

3.3 Service Improvement

  • Analyze usage patterns to improve features
  • Identify and fix technical issues
  • Optimize AI accuracy and performance
  • Understand user behavior and preferences

3.4 Communication

  • Send service-related emails and notifications
  • Respond to support inquiries
  • Notify users of service changes or issues

3.5 Security and Abuse Prevention

  • Detect and prevent prohibited content (CSAM, illegal content)
  • Monitor for fraudulent activity or Terms violations
  • Protect against spam, bots, and malicious use
  • Cooperate with law enforcement when legally required

3.6 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent illegal activity
  • Enforce our Terms of Service

4. Cookies and Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve the Service. The App may use similar local storage technologies.

4.2 Types of Cookies We Use

Essential Cookies (Required):

  • Authentication cookies for logged-in users
  • Session management
  • Security and fraud prevention

Analytics Cookies (Vercel Analytics):

  • Track page views and user behavior
  • Measure service performance
  • Identify technical issues
  • Analyze feature usage

Future Cookies (When Implemented):

  • Payment processing (Stripe)
  • Account management (Supabase)

4.3 Managing Cookies

You can control cookies through your browser settings. Disabling cookies may limit functionality, especially for account features. On the App, you may control data collection through your device settings.

Note for EU/UK Visitors: By continuing to use the Service, you acknowledge our use of cookies as described in this policy. You may withdraw consent by adjusting browser settings.

5. How We Share Your Information

We do NOT sell your personal information or photos. We share information only in these circumstances:

5.1 Third-Party Service Providers

We share data with trusted providers to operate the Service:

OpenAI (AI Analysis):

  • Processing: We use OpenAI as a third-party service provider to analyze your photos. Images uploaded for analysis are transmitted securely to OpenAI, processed to identify location markers.
  • Training: Images are not used to train OpenAI's models.
  • Retention: OpenAI retains photos for up to 30 days for abuse monitoring, then deletes them automatically.
  • See OpenAI's privacy policy for complete details: https://openai.com/privacy

Vercel (Hosting and Analytics):

  • Hosts the Website and collects basic analytics (page views, technical data)
  • Processes technical data to deliver the website
  • May cache uploaded photos temporarily during processing

Supabase (Account Management - When Implemented):

  • Stores account data (email, hashed passwords, usage history)
  • Manages authentication and user sessions

Stripe (Payment Processing - When Implemented):

  • Processes payments for Pro features
  • We do NOT receive or store your payment details
  • Stripe handles all payment data according to their privacy policy

OpenStreetMap/Leaflet (Mapping):

  • Displays location results on interactive maps
  • Free, open-source service with no data collection on our behalf

These providers are contractually obligated to protect your data and use it only for providing services to us.

5.2 Legal Requirements

We may disclose information if required by law or if we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service
  • Investigate or prevent illegal activity, fraud, or security threats
  • Protect our rights, property, or safety
  • Report suspected child exploitation or abuse material to authorities (mandatory)
  • Respond to emergency situations involving danger to persons

5.3 Content Moderation

Our team may view uploaded photos during:

  • Abuse monitoring and content moderation
  • Analytics analysis to improve the Service
  • Investigation of Terms violations
  • Response to user reports or legal requests

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and your choices.

5.5 With Your Consent

We may share information for other purposes with your explicit consent.

6. Data Retention

6.1 Uploaded Photos

  • Our Servers: Photos are generally NOT permanently stored; processed and discarded
  • OpenAI: Retains photos for up to 30 days for abuse monitoring, then automatically deletes
  • Temporary Cache: May be cached briefly during processing
  • Content Moderation: Prohibited content may be retained for reporting to authorities

6.2 Metadata

  • Extracted metadata is NOT permanently stored by us
  • Displayed to you during analysis but not saved to our databases
  • May be temporarily logged for debugging purposes
  • If you allow access to location metadata, it is used solely for analysis and not stored permanently

6.3 Analysis Results

  • AI-generated location predictions are NOT permanently stored on our servers
  • Local Storage: Results are stored locally on your device for history/tracking purposes
  • Displayed to you but not saved to our central systems
  • You can save results externally (screenshot, download, etc.)

6.4 Account Data (When Implemented)

6.5 Analytics Data

  • Vercel analytics retained for service improvement
  • Aggregated and anonymized data may be retained indefinitely
  • Personal identifiers removed after reasonable period

6.6 Payment Data (When Implemented)

  • We do NOT store payment information
  • Stripe retains data according to their retention policy
  • Transaction records retained for accounting and legal purposes

7. Data Security

We implement reasonable security measures to protect your information:

Technical Measures:

  • HTTPS encryption for data transmission
  • Secure API connections to third-party services
  • Password hashing and encryption (bcrypt or similar)
  • Regular security updates and patches

Operational Measures:

  • Limited access to personal information
  • Secure hosting on reputable platforms (Vercel)
  • Regular monitoring for security issues

Limitations:

  • No method of transmission or storage is 100% secure
  • We cannot guarantee absolute security of uploaded photos
  • Third-party services have their own security measures beyond our control

Your Responsibility:

  • Use strong, unique passwords for your account (if applicable)
  • Do not share account credentials
  • Be cautious about what photos you upload
  • Remove GPS metadata before uploading sensitive photos

8. Your Privacy Rights and Location Data

8.1 Critical Privacy Warning

UPLOADING PHOTOS WITH GPS METADATA MAY REVEAL:

  • Your home address and residence
  • Your workplace, school, or regular locations
  • Travel patterns and places you visit
  • Timestamps of when you were at specific locations
  • Sensitive locations (hospitals, private property, etc.)

YOU ARE SOLELY RESPONSIBLE FOR:

  • Reviewing photo metadata before uploading
  • Removing GPS data if you want location privacy
  • Understanding what information your photos contain
  • Protecting your own privacy and location security

WE ARE NOT RESPONSIBLE FOR:

  • Your decision to upload photos with location data
  • Exposure of your location or personal information
  • How you use or share revealed location information
  • Consequences of revealed GPS coordinates or metadata

8.2 How to Protect Your Location Privacy

Before Uploading Photos:

  1. Check if photos contain GPS data (most phones add this automatically)
  2. Use photo editing software to remove EXIF/GPS metadata
  3. Use our Service on photos you're comfortable analyzing
  4. Don't upload photos taken at sensitive personal locations

Tools to Remove Metadata:

  • ExifTool (free, command-line)
  • ImageOptim (Mac)
  • Photo editing apps with "remove location data" features
  • Phone settings: Disable location services for camera app

9. Your Data Rights

9.1 General Rights

You have the right to:

  • Access: Request information about data we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your data (see Section 9.5)
  • Objection: Object to certain data processing
  • Data Portability: Request transfer of your data

9.2 EU/UK Residents (GDPR)

If you are in the European Union or United Kingdom, you have additional rights:

  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority
  • Right to restriction of processing
  • Right to object to automated decision-making
  • Right to be informed of data breaches affecting you

9.3 California Residents (CCPA)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale (Note: We do NOT sell personal information)
  • Right to non-discrimination for exercising your rights
  • Right to request deletion of personal information

9.4 Australian Privacy Principles

While we may not be legally subject to the Australian Privacy Act 1988, we strive to align with Australian Privacy Principles (APPs) as best practice.

9.5 Exercising Your Rights

To exercise any privacy rights:

Contact Us:

Response Time:

  • We will respond within 30 days (or as required by applicable law)
  • We may request verification of your identity before processing requests

Account/Data Deletion:

  • For account holders: Request via email or account settings
  • Local Data: You can clear your local analysis history by clearing your browser cache or deleting the App data.
  • Note: OpenAI retains photos for up to 30 days (beyond our control)
  • Backups may retain data for limited periods

10. Children's Privacy

The Service is NOT intended for users under 18 years of age. We do NOT knowingly collect information from anyone under 18.

If We Discover a User Under 18:

  • We will immediately terminate their access
  • Delete their account and all associated data
  • Remove any uploaded photos

Parents/Guardians: If you believe your child under 18 has used the Service, contact us immediately at wherewasthisphoto@outlook.com so we can take appropriate action.

11. International Data Transfers

The Service operates globally and your data may be transferred to and processed in countries outside your residence, including:

  • United States: OpenAI processes photos in US data centers
  • Various Countries: Vercel operates a global content delivery network
  • Cloud Infrastructure: Supabase and Stripe use global cloud services

These countries may have different data protection laws than your country. By using the Service, you consent to these international transfers.

EU/UK Users: We rely on appropriate safeguards for international transfers, including Standard Contractual Clauses and adequacy decisions where applicable.

12. Third-Party Links and Services

The Service integrates with third-party services with their own privacy policies:

We are not responsible for third-party privacy practices. Review their policies before using our Service.

13. Analytics and Performance Monitoring

13.1 Vercel Analytics

We use Vercel Analytics to understand how users interact with the Service:

Data Collected:

  • Page/Screen views and navigation paths
  • Button clicks and feature usage
  • Time spent on pages/screens
  • Device and browser information
  • Approximate location (country/city level)
  • Referral sources

Purpose:

  • Improve user experience and interface design
  • Identify popular features and pain points
  • Monitor performance and loading times
  • Detect technical issues and errors

Data Sharing:

  • Analytics data is processed by Vercel
  • Aggregated, anonymized insights may be retained indefinitely

13.2 No Third-Party Advertising

We do NOT use advertising cookies or share data with ad networks. Your uploaded photos are NEVER used for advertising purposes.

14. AI and Automated Processing

14.1 AI Analysis of Photos

The Service uses AI (OpenAI) to analyze photos and predict locations. This is an automated process with no human review unless flagged for content moderation.

You Have the Right To:

  • Not be subject to decisions based solely on automated processing (where legally applicable)
  • Understand how AI reaches conclusions (we provide explanations when possible)
  • Challenge AI results (though we make no guarantees of accuracy)

AI Limitations:

  • AI predictions are probabilistic and may be wrong
  • Decisions are based on visual patterns and metadata only
  • No human oversight of individual analyses (except for moderation)

14.2 Content Moderation AI

We may use automated systems (including OpenAI's moderation API) to detect prohibited content. This is for safety and legal compliance, not to judge legitimate photos.

15. Data Breach Notification

If we discover a data breach affecting your personal information, we will:

  • Notify affected users without undue delay
  • Inform relevant authorities as required by law
  • Describe the nature of the breach and steps taken
  • Provide guidance on protecting yourself

EU/UK Users: We will notify within 72 hours of discovery as required by GDPR.

16. Do Not Track (DNT) Signals

Currently, we do NOT respond to Do Not Track browser signals, as there is no industry standard for interpretation. We will update this policy if we implement DNT support.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

Notification of Changes:

  • Updated Privacy Policy posted on this page
  • "Last Updated" date revised
  • Email notification for significant changes (if you have an account)
  • Continued use indicates acceptance of updated policy

Material Changes: For significant changes affecting your rights, we will provide prominent notice before changes take effect.

18. Contact Information and Complaints

18.1 Privacy Questions

For questions about this Privacy Policy or our data practices:

Email: wherewasthisphoto@outlook.com

We will respond to all inquiries within 30 days.

18.2 Complaints

If you have concerns about our handling of your personal information:

  1. Contact us at wherewasthisphoto@outlook.com
  2. We will investigate and respond promptly
  3. If unsatisfied, you may have the right to lodge a complaint with a data protection authority in your jurisdiction

EU/UK Residents: You have the right to lodge a complaint with your national supervisory authority.

19. California "Shine the Light" Law

California residents may request information about sharing of personal information with third parties for their direct marketing purposes. We do NOT share personal information for third-party marketing.

20. Nevada Privacy Rights

Nevada residents may opt out of the sale of personal information. We do NOT sell personal information under Nevada law.

21. Your Consent

By using WhereWasThisPhoto.com or the App, you consent to:

  • Collection and use of information as described in this Privacy Policy
  • Processing of uploaded photos by AI services (OpenAI)
  • Extraction and analysis of all photo metadata (including GPS coordinates)
  • International transfer of data to service providers
  • Use of cookies and analytics as described

You can withdraw consent at any time by:

  • Stopping use of the Service
  • Requesting account deletion (if applicable)
  • Clearing local storage/deleting the App
  • Adjusting browser cookie settings

SUMMARY: Key Privacy Points

Photos are temporarily processed, not permanently stored by us
OpenAI retains photos for 30 days, then deletes them
We extract ALL metadata, including GPS coordinates
⚠️ GPS metadata can reveal your home address and location
⚠️ Remove location data before uploading sensitive photos
We do NOT sell your data or use photos for advertising
You retain full ownership of uploaded photos
AI location predictions may be inaccurate - don't rely on them
Basic usage data and history are stored locally on your device

BY USING THIS SERVICE, YOU ACKNOWLEDGE THAT YOU UNDERSTAND THE PRIVACY RISKS OF UPLOADING PHOTOS WITH LOCATION METADATA.

For questions: wherewasthisphoto@outlook.com

Back to Home