Privacy Policy
Last updated: April 17, 2026
This policy explains what personal data we collect, why, and what we do with it. We've tried to keep it readable. If anything is unclear, email us at fotofoto@nternet.company.
1. Data controller
Nternet Company B.V., Keizersgracht 241, 1016 EA Amsterdam, KvK 96112107. You can contact us at fotofoto@nternet.company.
2. What we collect and why
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Sign-in, order confirmations, service communications | Contract performance |
| Name (optional) | Shown on shared books | Consent (you choose to provide it) |
| Photos | Creating your photo book | Contract performance |
| Photo EXIF data (dates, GPS, camera info) | Arranging photos chronologically and by location | Contract performance |
| Shipping address and phone | Delivering your printed book | Contract performance |
| Payment references (Stripe IDs) | Processing and tracking your order | Contract performance / legal obligation |
| IP address and user agent (with session) | Account security, fraud prevention | Legitimate interest (protecting accounts) |
We don't collect data beyond what's listed here. We don't use third-party analytics, tracking pixels, or advertising cookies.
Providing your email is required to use the service. Shipping details are required only when you place an order. If you choose not to provide optional data (like your name), the service works without it.
3. Photos and processing
Your photos are stored locally in your browser until you share a book or place an order. At that point, photos are uploaded to our cloud storage (Cloudflare R2).
To design your book, we use your photo metadata (EXIF data such as dates, locations, and camera info) to arrange photos chronologically and by location. This processing happens on our servers. No photo data or metadata is sent to third-party AI providers.
- Photos are grouped by date and location using EXIF data
- Layouts are generated deterministically on our servers
- Your photos are not edited or modified
4. Sub-processors
We share your data with the following service providers, each under a data processing agreement:
| Provider | What they process | Location |
|---|---|---|
| Cloudflare (Workers, R2, D1, Turnstile) | Hosting, photo storage, database, bot protection | EU / US |
| Stripe | Payment processing (card details go directly to Stripe) | US (EU entity) |
| Prodigi | Book printing, shipping | UK |
| Resend | Sending emails (login codes, order confirmations) | US |
We will notify you of changes to this list via email or a notice on the site. For full processing details, see our Data Processing Agreement.
5. International transfers
Some of our sub-processors are based in the United States. For these transfers, we rely on:
- EU-US Data Privacy Framework (DPF), where the provider is certified (Cloudflare, Stripe)
- Standard Contractual Clauses (SCCs 2021/914), as a contractual fallback for all US-based providers
For Prodigi (UK), transfers are covered by the UK adequacy decision.
6. Local storage and cookies
We use browser storage to make the app work, not for tracking.
- IndexedDB stores your photos and book data locally in your browser. This is core to the local-first architecture. Cleared on logout.
- Session cookie keeps you signed in. Strictly necessary, no consent required.
- Cloudflare Turnstile sets a short-lived cookie on sign-in to verify you're human. No tracking.
All cookies are strictly necessary. We don't use analytics cookies, advertising cookies, or any third-party tracking.
7. Security
All data is encrypted in transit via TLS. Photos are stored in Cloudflare R2 with access controls. Database backups are encrypted. API endpoints are rate-limited. Authentication is protected by Cloudflare Turnstile.
If we become aware of a data breach that is likely to affect your rights, we will notify you and the Autoriteit Persoonsgegevens without undue delay.
8. Data retention
- Photos and books are kept until you delete them or close your account, then permanently removed from our servers
- Account data is deleted when you close your account
- Order records are kept for 7 years (required under Art. 52 AWR, Dutch tax law), then deleted
- Local browser data is cleared on logout or account deletion
9. Your rights
Under the GDPR, you have the right to:
- Access a copy of your personal data
- Rectification of inaccurate data (you can update your name in the app)
- Erasure of your data (use "Delete account" in the app, or email us)
- Portability of your data in a structured format
- Restriction of processing in certain situations
- Objection to processing based on legitimate interest
- Withdraw consent at any time where consent is the legal basis (e.g. your display name)
To exercise any of these rights, email fotofoto@nternet.company. We'll respond within 30 days.
You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).
10. Automated decision-making
Our system automatically arranges your photos into book layouts based on dates and locations. This is an automated process, but it does not produce legal or similarly significant effects. It generates a layout that you review and can modify before ordering. You always have the final say.
11. Children
FOTO! FOTO! is not directed at children under 16 (the age of digital consent in the Netherlands under UAVG Art. 5). We don't knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us and we'll delete it.
12. Changes
We may update this policy from time to time. If we make significant changes, we'll notify you by email or by placing a notice on the site.
13. Contact
Questions or requests? Email fotofoto@nternet.company.