Shalbums
Back to Blog
Security5 min read

Privacy First: How We Keep Your Photos Safe and Secure

January 10, 2025Alex Martinez

Your Photos, Your Privacy

At Shalbums, we believe your personal photos should stay personal. Unlike social platforms that mine your photos for data or compress them to cut costs, we've built our entire system around keeping your memories private, secure, and in your control.

Our Privacy Principles

1. Privacy by Default

Every album you create is private by default. No one can see your photos unless you explicitly invite them. There's no public feed, no discovery mechanism, and no way for strangers to stumble upon your family photos.

2. Your Data Belongs to You

We don't claim any rights to your photos. You own them, you control them, and you can export or delete them anytime. It's that simple.

3. Transparency Always

We're upfront about what data we collect, why we collect it, and how we use it. No hidden clauses, no surprises.

How We Protect Your Photos

End-to-End Encryption

Every photo you upload is encrypted before it leaves your device:

  • Encryption in Transit: All data transfers use TLS 1.3
  • Encryption at Rest: Photos are encrypted using AES-256
  • Encrypted Backups: Even our backups are encrypted
  • Secure Keys: Your encryption keys are managed securely

Access Controls

We've built multiple layers of access control:

  • Invite-only albums (default)
  • Password protection for extra security
  • Ability to revoke access instantly
  • Audit logs showing who accessed what

Infrastructure Security

Our technical infrastructure follows industry best practices:

  • SOC 2 Type II Compliant - Independently audited security controls
  • Regular Penetration Testing - We hire security experts to try to break in
  • Zero-Knowledge Architecture - We can't see your photos, even if we wanted to
  • Automatic Security Updates - Our systems stay patched and current

What We Don't Do

No Facial Recognition

We don't scan your photos to identify people. We won't build a database of your friends and family. Your face data stays private.

No Advertising

We don't analyze your photos to serve you ads. We don't sell your data to advertisers. Our business model is simple: you pay for the service you love.

No Third-Party Tracking

We don't embed tracking pixels from social media companies. We don't share your data with data brokers. We don't participate in ad networks.

No AI Training

We don't use your photos to train AI models. Your memories are yours, not training data for our next product.

Data We Do Collect

We believe in transparency, so here's what we actually collect:

Essential Data

  • Account Information: Email, name (optional), password (hashed)
  • Album Metadata: Album names, dates, number of photos
  • Usage Data: When you use the app, which features you use
  • Technical Data: IP address, device type, browser version

Why We Collect It

  • To provide and improve our service
  • To prevent abuse and fraud
  • To troubleshoot technical issues
  • To understand which features people love

What We Don't Collect

  • Photo content analysis
  • Location tracking (unless you choose to add it to photos)
  • Contacts from your phone
  • Browsing history outside our app

Your Privacy Rights

Access Your Data

Request a copy of all your data at any time. We'll provide it in a portable format within 30 days.

Delete Your Data

Want to leave? No problem:

  1. Export all your photos (full resolution)
  2. Delete your account
  3. We'll delete all your data within 30 days
  4. No hidden backups, no archives

Control Your Information

  • Update your email and profile anytime
  • Change privacy settings for each album
  • Choose what notifications you receive
  • Opt out of non-essential data collection

Third-Party Services

We use a minimal number of trusted third-party services:

Storage Provider

  • Google Cloud Storage - For secure, encrypted photo storage
  • We use customer-managed encryption keys
  • Data is stored in select regions based on your location

Email Service

  • Resend - For transactional emails only
  • No marketing emails without your consent
  • We don't share your email with them

Payment Processing

  • Stripe - For secure payment processing
  • We never see or store your credit card details
  • PCI DSS compliant

Compliance and Certifications

We comply with major privacy regulations:

  • GDPR - European Union data protection
  • CCPA - California privacy rights
  • COPPA - Children's privacy protection
  • SOC 2 Type II - Security and privacy controls

Reporting Security Issues

Found a security vulnerability? We want to know:

  1. Email us at security@shalbums.com
  2. We'll acknowledge within 24 hours
  3. We'll investigate and respond within 7 days
  4. Responsible disclosure is appreciated

We have a security bounty program for valid vulnerabilities.

Privacy by Design

Privacy isn't a feature we added later - it's fundamental to how we built Shalbums:

  • Minimal data collection from day one
  • End-to-end encryption built in
  • Default-private albums
  • Easy data export and deletion
  • No third-party tracking

Questions?

We're happy to discuss our security and privacy practices in detail. Reach out to privacy@shalbums.com with any questions or concerns.

Want to see our full Privacy Policy? Visit shalbums.com/privacy for the complete legal document. We also have a human-readable summary that explains everything in plain English.

Your trust is everything to us. We've built Shalbums to be the photo sharing service we wished existed - one that respects your privacy, protects your data, and puts you in control.

Ready to share photos the private way? Get started with Shalbums today.

Ready to start sharing memories?

Download Shalbums and create your first shared album today.

Get the App