Privacy Policy

1. Who we are

Tagrly ("Tagrly," "we," "us," "our") provides AI-powered photo cataloging that helps customers organize, search, and share their photo libraries.

This Privacy Policy applies to tagrly.com, any subdomain we control (including auth.tagrly.com, cdn.tagrly.com, media.tagrly.com), and all features that link to this Policy (collectively, the "Service").

By using the Service you agree to the collection, use, and disclosure of information as described here. If you do not agree, do not use the Service.

2. Information we collect

2.1 Information you give us directly

• Account data, your email address, and (if you sign in with Google) your name, avatar URL, and unique Google account ID. We use this to identify you and personalize the workspace.
• Workspace data, workspace name, brand color, logo, custom domain settings, and similar configuration you choose to provide.
• Billing data, once paid plans launch, we collect billing contact info via our payment processor (Stripe). We do not store full card numbers ourselves; Stripe stores them on PCI-compliant infrastructure.
• Support correspondence, emails you send us and the responses we provide.

2.2 Information we collect from third-party sources you authorize

• Google Drive content and metadata, only after you grant authorization via Google OAuth and only from the folders you specifically authorize.
• Dropbox content and metadata, same model: only after OAuth grant, only from authorized folders.
• OAuth refresh tokens, issued to us by Google or Dropbox when you connect. We store these encrypted at rest (see Section 9, Security).

2.3 Information we collect automatically

• Request logs, IP address, user-agent, timestamp, URL path, HTTP status, and referer for each request. Used for debugging, abuse prevention, and rate-limiting.
• Application telemetry, error stack traces, feature flag exposure, page-load timing. Used to improve product reliability.
• Cookies and similar technologies, see Section 11.

3. How we use your information

We use the information described above to:

• Provide, operate, secure, and improve the Service.
• Scan your authorized folders, copy photos to our storage, analyze them with AI vision models, and surface the results in your workspace.
• Authenticate you and maintain your session.
• Send transactional email (sign-in links, billing receipts, service notifications). You cannot opt out of essential transactional email while you have an active account; you can opt out of marketing email at any time.
• Detect, investigate, and prevent abuse, fraud, security incidents, and policy violations.
• Comply with legal obligations.

We do not use your data for advertising. We do not sell your personal information. We do not train AI/ML models on your photos or on the metadata derived from them.

4. Use of Google API Services, Limited Use disclosure

When you connect a Google Drive folder, Tagrly accesses your Google account through Google's OAuth 2.0 framework. We request only the scopes needed to operate the Service:

• https://www.googleapis.com/auth/drive.readonly , read file metadata and content for files in the Drive folders you specifically authorize. Required to scan and analyze your photos. We never write to, modify, or delete from your Drive.
• https://www.googleapis.com/auth/userinfo.email, userinfo.profile, and openid, confirm your identity and display your name and avatar in your workspace.

Tagrly's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide and improve user-facing features of Tagrly, scanning, analyzing, searching, organizing, and (where you direct us) sharing your photos.
• We do not transfer Google user data to any third parties except (a) operational subprocessors listed in Section 6 who are bound by data-processing terms, (b) where required by law, (c) as part of a merger or acquisition with equivalent privacy commitments, or (d) where you direct us (e.g. by publishing a public catalog link).
• We do not use Google user data to serve advertisements.
• We do not use Google user data to train, develop, or improve general-purpose AI or machine-learning models. The Anthropic Claude vision analysis we run on each image is per-request inference under Anthropic's commercial terms, which prohibit Anthropic from training on API inputs (see Anthropic Commercial Terms).
• We do not allow humans to read Google user data unless (a) we have your explicit consent, (b) it is necessary for security or to address an abuse incident, (c) it is required by applicable law, (d) for limited debugging in a way that does not include reading the actual file content, or (e) the data has been aggregated and de-identified.

You can revoke Tagrly's access to your Google account at any time at Google Account → Security → Third-party apps. Once revoked, we lose access to your Drive immediately and delete the associated refresh token within 24 hours.

5. How we use your photos and AI processing

When you authorize a folder, Tagrly:

1. Downloads each new file via the Drive or Dropbox API.
2. Uploads the original to our Cloudflare R2 bucket under an opaque, workspace-scoped object key. Only your workspace can retrieve it through our application; the R2 bucket itself is not publicly listed.
3. Generates a smaller thumbnail and sends it to Anthropic's Claude vision model for analysis. Anthropic returns structured tags (scene, mood, focal subject, suggested filename, etc.) per their commercial API terms.
4. Stores the AI-derived metadata in our database, linked to your workspace.

Your photos remain private to your workspace unless you explicitly generate a public share link or publish the image to a custom CDN domain you configure.

6. Subprocessors

We use a small set of subprocessors to run the Service. Each only sees the data they need to perform their function:

Subprocessors are each bound by data-processing terms that prohibit using your data for purposes other than providing their services to us. We review this list periodically and will update it when we add or remove a subprocessor.

7. How long we keep your data

• Account data (email, name, OAuth tokens): retained while your account is active. Deleted within 30 days of account closure or token revocation.
• Image objects in Cloudflare R2: retained while you have at least one workspace pointing at them. Deleted within 30 days of source removal or account closure.
• Image analysis metadata: retained while the underlying image is in your catalog.
• Request logs: 90 days.
• Application error logs: 30 days.
• Database backups: aged out within 90 days. After the 90-day retention window, deleted data is unrecoverable.
• OAuth refresh tokens: deleted within 24 hours of revocation, account closure, or token expiry.

We may retain certain data longer if required by law, to resolve disputes, or to enforce our agreements.

8. Your rights

You have the right to:

• Access, request a copy of every record we hold about you.
• Correct, edit any inaccurate field through the workspace UI, or ask us to.
• Delete, close your account or request deletion of specific data.
• Export, request a machine-readable export of your catalog metadata (provided as JSON via the API).
• Restrict or object to processing, where applicable under EU/UK GDPR.
• Revoke OAuth grants, directly from your Google or Dropbox account dashboard.

To exercise any of these rights, email privacy@tagrly.com from the address registered to your account. We typically respond within five business days and complete all requests within 30 days (extensible by another 30 days for complex requests, with notice).

8.1 California residents (CCPA / CPRA)

If you are a California resident, you have the rights described above plus, under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

• Right to know what categories of personal information we collect, the categories of sources, the business purposes for collecting, and the categories of third parties we share with , all described in this Policy.
• Right to delete your personal information, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing", we do not sell or share personal information as those terms are defined under the CCPA.
• Right to limit the use of sensitive personal information , we do not infer characteristics from sensitive PI.
• Right to non-discrimination for exercising any of the above.

8.2 EU, UK, and Switzerland residents (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR (or UK GDPR and Swiss FADP):

• Right to data portability.
• Right to lodge a complaint with your local data protection authority.
• Right to withdraw consent at any time where processing relies on consent.

Lawful basis for processing:

• Contract, providing the Service is necessary to perform our agreement with you.
• Consent, where you grant OAuth access to a third-party source. You may withdraw consent at any time.
• Legitimate interests, keeping the Service secure, debugging issues, preventing abuse.
• Legal obligation, complying with applicable laws, including responses to lawful requests from authorities.

International transfers, your data may be transferred to the United States, where our subprocessors operate. Transfers from the EU, UK, or Switzerland rely on the EU Standard Contractual Clauses (and UK Addendum / Swiss equivalents where applicable). Copies are available on request.

9. Security

• All traffic to Tagrly is served over HTTPS / TLS 1.2 or higher.
• OAuth refresh tokens are encrypted at rest using AES-256-GCM with a server-side master key managed via Render's encrypted environment variables.
• Database connections between application tiers and Supabase Postgres use TLS.
• Cloudflare R2 objects are private to our credentials by default; public CDN access is configured per workspace via Cloudflare's edge.
• Sessions are managed via Supabase Auth using PKCE; cookies are HttpOnly, Secure, and SameSite=Lax.
• API access tokens are stored as SHA-256 hashes; the cleartext token is shown to the operator exactly once at creation time and never persisted.
• We monitor application errors and security events, and run nightly encrypted database backups.

Report security vulnerabilities to security@tagrly.com. We acknowledge reports within 24 hours and never pursue researchers who follow responsible disclosure.

10. Children

Tagrly is not directed at children under 13 and we do not knowingly collect personal information from them. If you believe a child has created an account, contact privacy@tagrly.com and we will delete the account and associated data.

11. Cookies and similar technologies

Tagrly uses the minimum cookies needed to operate. We do not use Google Analytics, Facebook Pixel, or other third-party tracking.

We may add privacy-respecting first-party analytics (e.g. Plausible or Cloudflare Web Analytics) in the future; we will update this policy before enabling them.

12. Changes to this policy

If we materially change this Policy, we will notify signed-in users by email at least 14 days before the change takes effect, and update the "Last updated" date at the top of this page. Minor edits (typos, clarifications, additional subprocessors with equivalent protections) will just show a new "Last updated" date.

13. Contact

For any privacy question, data subject request, or to flag a concern:

• Email: privacy@tagrly.com (privacy + data subject rights)
• Email: security@tagrly.com (security incidents only)
• Email: support@tagrly.com (general inquiries)

We typically acknowledge privacy inquiries within two business days and complete substantive responses within 30 days.