Privacy Policy
Last updated: April 19, 2026
- Scope and Roles
- Information We Collect
- How We Use Information
- Legal Bases for Processing
- How We Share Information
- Cookies and Similar Technologies
- Data Retention
- Security
- Your Rights and Choices
- California Privacy Rights (CCPA/CPRA)
- European Economic Area, UK, and Swiss Users
- International Data Transfers
- Children’s Privacy
- Third-Party Services and Links
- Do Not Track
- Changes to This Policy
- Contact Us
1. Scope and Roles
This Policy applies to personal information we process when you visit proofingdesk.com, create an account, upload photographs, review or approve photographs via a shared link, communicate with us, or otherwise interact with the Service.
1.1 Account Holders (Photographers)
When a photographer or other account holder uses the Service to upload and share work for client review, we act as a data controller for that account holder’s own account data (email, password hash, account activity) and as a data processor (or service provider) for the photographs, client contact details, and review data they choose to upload. Each account holder is responsible for obtaining any consents required from their own subjects and clients under applicable law.
1.2 Reviewers / Invited Guests
When you access a review link sent by an account holder, the account holder is generally the controller of the material you are reviewing. We process the session information necessary to deliver the review experience on behalf of that account holder.
2. Information We Collect
We collect the following categories of information:
2.1 Information You Provide
- Account information: email address, display name, and a salted password hash. We do not store passwords in plain text.
- Project and photo content: files you upload (photographs, thumbnails, metadata embedded by your camera or software, filenames), project titles, and client or reviewer email addresses you enter.
- Review activity: selections, comments, markups, thumbs-up/thumbs-down reactions, and similar feedback that you or a reviewer creates within a project.
- Communications: messages you send to us (including emails to legal@proofingdesk.com or other support channels).
2.2 Information Collected Automatically
- Log and device data: IP address, browser type and version, operating system, referring URL, and timestamps, recorded by our hosting provider’s web-server logs for security and abuse-prevention purposes.
- Session data: a short, randomly generated session identifier stored server-side (see §6, Cookies).
- Service events: actions taken within the Service (e.g., login attempts, uploads, project creation, review submissions) recorded to an activity log scoped to the relevant project or account.
2.3 Information From Third Parties
We do not currently purchase personal information from data brokers, and we do not use third-party advertising trackers. If you send email to or receive email from the Service, the content of those messages is handled by our email provider (see §5).
2.4 Sensitive Information
The Service is not intended for the collection of government identifiers, financial account numbers, health information, or other sensitive categories. Please do not upload such information through the Service. Photographs you upload may, depending on subject matter, include images of identifiable individuals. You are responsible for ensuring you have the right to upload such images.
3. How We Use Information
We use personal information to:
- Provide, maintain, and improve the Service, including authenticating users, hosting your content, and delivering review experiences.
- Communicate with you about your account (e.g., password resets, review invitations, service notices).
- Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
- Comply with legal obligations and enforce our rights.
- Analyze aggregate, non-identifying usage patterns to improve reliability and user experience.
We do not sell your personal information, and we do not use it for cross-context behavioral advertising.
4. Legal Bases for Processing
Where the EU General Data Protection Regulation (“GDPR”), the UK GDPR, or the Swiss FADP applies, we rely on the following legal bases to process your personal information:
- Performance of a contract: to provide the Service you requested.
- Legitimate interests: to secure the Service, prevent fraud, and improve our product, provided those interests are not overridden by your rights.
- Consent: where required for specific processing activities; you may withdraw consent at any time.
- Legal obligation: to comply with applicable laws, court orders, or regulatory requirements.
5. How We Share Information
We share personal information only in the limited circumstances described below. We do not sell personal information.
5.1 Service Providers
We share information with vendors who provide infrastructure or operational support, under contractual obligations to use it only for the services they perform for us:
| Vendor | Purpose | Data |
|---|---|---|
| Namecheap, Inc. | Web and application hosting | All account, project, and photo data stored at rest |
| Google LLC (Gmail SMTP) | Outbound transactional email delivery | Recipient email address, subject line, message body (e.g., password reset, review invitation) |
5.2 Other Users of Your Account
When you invite reviewers to a project, the invitee will see the project content, your display name, and any comments or markings associated with the project.
5.3 Legal and Safety
We may disclose information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to (a) comply with legal process, (b) protect the rights, property, or safety of ProofingDesk, our users, or the public, or (c) detect, prevent, or address fraud, security, or technical issues.
5.4 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to customary confidentiality arrangements.
5.5 With Your Direction
We may share information with others if you direct us to do so or otherwise consent.
6. Cookies and Similar Technologies
We use a small number of cookies strictly necessary to operate the Service:
| Cookie | Purpose | Duration |
|---|---|---|
pdsid | Authenticated session identifier (HttpOnly, Secure, SameSite=Lax). Maps to a server-side session record. | Session / up to 30 days |
We do not use third-party advertising cookies, tracking pixels, analytics tags sold to third parties, or social-media share trackers. Because our cookie use is limited to cookies that are strictly necessary for the Service to function, we do not display a consent banner in jurisdictions where such banners are required only for non-essential cookies. You can block cookies in your browser settings, but the Service may not function correctly without the session cookie.
7. Data Retention
We retain personal information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Account data is retained for the life of the account and deleted within a reasonable period after account closure.
- Project and photo content is retained until you delete the project, close the account, or the account holder directs removal. Backup copies may persist for a short additional window before being overwritten.
- Server logs are typically rotated within 30 to 90 days, subject to our hosting provider’s retention policies.
- Communications with support may be retained as long as necessary to address the matter and comply with recordkeeping obligations.
You may request deletion at any time as described in §9.
8. Security
We implement reasonable technical and organizational safeguards designed to protect personal information, including:
- TLS encryption for data in transit to and from the Service.
- Password hashing using a salted, one-way function; plaintext passwords are never stored.
- HttpOnly, Secure, SameSite session cookies to reduce the risk of session hijacking.
- Server-side authorization checks on all uploads, reviews, and admin endpoints.
- Restricted access to production systems; administrative actions are logged.
No system can be guaranteed 100% secure. You are responsible for keeping your password confidential and for notifying us promptly at legal@proofingdesk.com if you suspect unauthorized access.
9. Your Rights and Choices
Depending on where you live, you may have rights under applicable privacy laws, including the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your personal information, subject to certain exceptions.
- Port your personal information to another service in a portable format.
- Object to or restrict certain processing.
- Withdraw consent, where we rely on your consent.
- Opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising).
- Lodge a complaint with a supervisory authority where applicable.
To exercise any of these rights, email legal@proofingdesk.com from the email address associated with your account. We will verify your request and respond within the timeframe required by applicable law. We will not discriminate against you for exercising a privacy right.
10. California Privacy Rights (CCPA/CPRA)
This section supplements the Policy and applies to California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).
10.1 Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers (email address, display name, IP address, online identifiers).
- Customer records (account credentials in hashed form; name provided on signup).
- Internet or other network activity (login events, upload activity, actions within the Service).
- Geolocation data (approximate location inferred from IP address, for security and abuse prevention only).
- Visual information (photographs uploaded by account holders).
- Inferences (minimal; limited to operational signals such as whether an account appears abandoned).
10.2 Sources, Purposes, and Disclosures
We collect this information from you directly and, in limited cases, automatically from your device. We use it for the purposes described in §3 and disclose it to service providers as described in §5. We do not sell or share personal information (as those terms are defined under the CCPA) and have not done so in the preceding 12 months. We do not use or disclose sensitive personal information for purposes requiring a right-to-limit disclosure.
10.3 Your California Rights
- Right to Know / Access: request the categories and specific pieces of personal information we have collected.
- Right to Delete: request that we delete personal information, subject to exceptions.
- Right to Correct: request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: we do not sell or share; no action is required.
- Right to Limit Use of Sensitive Personal Information: we do not use such information for purposes requiring the limit.
- Right to Non-Discrimination for exercising your rights.
To submit a request, email legal@proofingdesk.com. We verify requests by confirming control of the email address on file. You may use an authorized agent, who must provide proof of authority.
10.4 Shine the Light
California Civil Code § 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct-marketing purposes. We do not make such disclosures.
11. European Economic Area, UK, and Swiss Users
If you are located in the EEA, the United Kingdom, or Switzerland, the controller of your personal information is ProofingDesk, operating the Service at proofingdesk.com. The legal bases for processing are described in §4. You have the rights listed in §9 under the GDPR, UK GDPR, or FADP as applicable, and may lodge a complaint with your local supervisory authority (e.g., the UK Information Commissioner’s Office).
12. International Data Transfers
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection laws than your jurisdiction. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or equivalent mechanisms for such transfers.
13. Children’s Privacy
The Service is not directed to children under 13 (or under 16 in jurisdictions that require a higher age). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided personal information to the Service, please contact us at legal@proofingdesk.com and we will take reasonable steps to delete it. Account holders who share review links with minors are responsible for obtaining any parental consent required under applicable law.
14. Third-Party Services and Links
The Service may contain links to third-party websites or services (for example, links provided by account holders in project notes). We are not responsible for the privacy practices of those third parties. Review their policies before providing information to them.
15. Do Not Track
Some browsers offer a “Do Not Track” (“DNT”) signal. Because there is no industry consensus on how to interpret DNT, we do not currently respond to DNT signals. We do, however, honor Global Privacy Control (“GPC”) signals where required by applicable law.
16. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, for material changes, provide additional notice through the Service or by email. Your continued use of the Service after an update constitutes acceptance of the revised Policy.
17. Contact Us
For privacy questions, rights requests, or complaints, please contact:
ProofingDesk — Privacy
Email: legal@proofingdesk.com
Website: proofingdesk.com