Privacy policy

This policy explains what information GalleryCloud ("we", "us") collects, how we use it, and the choices you have. If you have questions, write to our contact page.

1. What we collect

• Account data — your name, email and a salted password hash.
• Gallery content — the photos and videos you upload, plus the gallery titles, themes and customer-facing settings you configure.
• Customer interactions — favourites and comments left by people viewing the galleries you share. These are tied to a per-gallery cookie session, not to a GalleryCloud account.
• Billing data — handled by Stripe. We store only your Stripe customer ID, subscription status and current period end. Card numbers never reach our servers.
• Operational logs — request metadata (IP, user-agent, timing) from Cloudflare, kept for security and debugging.

2. Why we use it

• Provide the service: store your galleries, deliver them to clients, run billing.
• Send transactional email (verification, password reset, account alerts).
• Detect and respond to abuse.

We do not sell or share your data with advertisers.

3. Sub-processors

• Cloudflare — compute, storage (R2), database (D1), CDN.
• Stripe — subscription billing.
• Resend — transactional email delivery.

4. Cookies

We use only first-party functional cookies:

• __gc_session — keeps you signed in.
• __gc_g_* — remembers that a customer has unlocked a private gallery.
• gc_cookie_consent — remembers whether you saw the cookie notice.

No third-party tracking, no analytics cookies, no ads.

5. Your rights

You can export or delete your account at any time from your profile. Account deletion removes your galleries, media files, customer comments and favourites, and cancels any active Stripe subscription.

6. Retention

Account data is kept until you delete the account. Operational logs are kept up to 30 days. Stripe retains billing data per its own policy.

7. Contact

Questions or requests under GDPR/CCPA? Reach us via the contact form and we'll respond within 30 days.