ChasedShot
How it worksPricingSign inStart selling
Legal

Privacy Policy

Last updated: 2026-07-04

This Privacy Policy explains how ChasedShot handles personal data. ChasedShot is a service operated by Byte Stack Solutions. This policy is written to comply with the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”).

1. Data controller

The data controller is Byte Stack Solutions, reachable at info@bytestacksolutions.com.

A separate role applies to photos: with respect to the photos a Photographer uploads, Byte Stack Solutions acts as a data processor and the Photographer is the controller of any personal data depicted in those photos. A Data Processing Agreement is included in the Photographer Agreement.

2. What personal data we collect

2.1 Photographers (account holders)

  • Name, email address, password hash (BetterAuth).
  • Public profile: display name, slug, contact email, bio, watermark, prices.
  • Uploaded photos and their EXIF metadata (camera make/model, capture time; GPS is stripped from public previews).
  • Stripe subscription and Stripe Connect identifiers, subscription status, payout status.
  • Log data: IP address at sign-in, browser user-agent, request timestamps.

2.2 Buyers (guest checkout)

  • Email address (required to deliver the download link).
  • Purchase records: which photo, which Photographer, amount, currency, timestamp, Stripe session and payment-intent IDs.
  • Log data: IP address at checkout and download, request timestamps.

We do not receive or store card numbers. Payment is handled entirely by Stripe.

2.3 People depicted in photos

Buyers who appear in a Photographer’s photo may be identifiable individuals. The Photographer is the controller of that data. ChasedShot stores and displays the photos on their behalf. If you believe a photo of you is on the platform and want it removed, contact the Photographer whose contact email is on their album. You may also contact us at info@bytestacksolutions.com and we will facilitate removal.

3. Why we process it (legal bases)

  • Performance of a contract (Art. 6(1)(b) GDPR) — account creation, hosting photos, processing purchases, delivering downloads, subscription billing.
  • Legitimate interests (Art. 6(1)(f) GDPR) — keeping the platform secure, logging for fraud/abuse prevention, aggregate usage analytics.
  • Legal obligation (Art. 6(1)(c) GDPR) — retaining transaction records for accounting and tax law.

4. Who we share it with

  • Stripe Payments Europe, Ltd. — payment processing, Connect account onboarding, subscription billing. Stripe is an independent controller for payment data. See stripe.com/privacy.
  • Our transactional email provider — delivery of download links and account emails.
  • Our infrastructure hosting provider — servers on which we self-host the application, database, and object storage. No customer content is processed by a third-party managed service.
  • Photographers receive the Buyer’s email address as part of the sale (they are the merchant of record).

We do not sell personal data. We do not use third-party analytics, advertising, or marketing pixels.

5. International transfers

Data is hosted on servers located in the European Union. Stripe may transfer data outside the EEA under standard contractual clauses; see their privacy notice for details.

6. Retention

  • Photographer accounts: for as long as the account is active, plus 30 days after cancellation to allow reactivation, then deleted.
  • Uploaded photos: deleted when the Photographer deletes them, when auto-delete rotates them out, or 30 days after account cancellation.
  • Order records: retained for seven (7) years to comply with Dutch tax and accounting law (Algemene wet inzake rijksbelastingen, art. 52).
  • Server logs: 90 days.

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data deleted (subject to legal retention obligations);
  • restrict or object to processing;
  • receive your data in a portable format;
  • lodge a complaint with your national data protection authority.

To exercise any of these rights, email info@bytestacksolutions.com. We respond within 30 days. You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).

8. Cookies

ChasedShot uses only strictly necessary cookies to keep photographers signed in and to secure sessions (a single session cookie set by BetterAuth). These do not require consent under the ePrivacy Directive. We do not use analytics, advertising, or tracking cookies.

9. Security

Passwords are hashed. Traffic is served over HTTPS. Access to the database and object storage is restricted to the application server. Vulnerability reports can be sent to info@bytestacksolutions.com.

10. Changes

We will announce material changes on the platform. The “Last updated” date above always reflects the latest version.

HomePricing·PrivacyTermsPhotographer Agreement
© 2026 ChasedShot