Selene

Privacy

Your photos. Your clients. Your control.

Last updated 16 May 2026

Selene is a tool that helps photographers deliver galleries to their clients. This page explains what data we collect, why, and what you can do about it. We try to use plain English. If anything is unclear, email hello@selene.app and we will fix it.

The short version

  • Your photos are yours. Selene never claims ownership or rights of use.
  • We do not sell your data, your clients’ data, or your photos to anyone.
  • We do not train AI models on the photos you upload.
  • We collect the minimum we need to run the product and bill you.
  • You can export everything and delete your account at any time.

What we collect from photographers

When you create a studio on Selene, we store:

  • Your email address and a hashed password (bcrypt) for sign-in.
  • Your studio name, slug, accent color, logo URL, and theme preference.
  • The galleries and photos you upload, including filename, dimensions, and dominant color.
  • Billing information if you subscribe to a paid plan (handled by Stripe — we never see your card number).
  • Standard server logs (IP, user agent, request path) for security and debugging, retained 30 days.

What we collect from your clients

When a client opens a gallery you sent them, Selene sets a signed session cookie scoped to that gallery. Tied to that cookie we may store:

  • An optional name and email they enter on the welcome card.
  • The photos they favorite, the comments they leave, and the photos they download.
  • The orders they place in the gallery store, including any notes they add.
  • The IP address and user agent of the session, for fraud prevention and access control.

You, the photographer, are the controller of your clients’ data. We process it on your behalf. If a client asks to be deleted, you can remove their session and selections from the gallery dashboard, or email us.

Face tagging & biometric data

Some Selene galleries use face tagging — clients can tap a face and see every photo that person appears in. Photographers turn this on per gallery; it is off by default.

When a gallery has face tagging enabled, we generate:

  • A small numeric embedding for each face detected in each photo (a fixed-length list of numbers — not a stored image of the face).
  • A bounding box for each face within its photo, so we can crop the avatar shown on the People row.
  • A cluster ID grouping embeddings that look like the same person across the gallery.

Face detection runs in the photographer’s own browser at upload time. The raw photo never leaves their device for the purpose of face analysis — only the resulting numbers (embeddings, boxes, cluster IDs) are sent to Selene’s servers and stored alongside the gallery.

Under the GDPR, the UK GDPR, Brazil’s LGPD and Illinois’ BIPA, face embeddings are biometric personal data. Photographers using Selene with subjects in those jurisdictions are responsible for obtaining the consent those laws require. Selene gives photographers two controls to support that: per-gallery face-tagging toggle, and per-person hide (so an individual can be excluded after the fact). Both controls live on the gallery’s Settings card.

When a gallery, photo, or face group is deleted, all related embeddings and bounding boxes are deleted with it — the cascade is enforced in the database. We never use face embeddings to identify people across galleries on the free tier, never share them with third parties, and never train models on them.

How we use it

  • To show your photos to the people you share them with.
  • To send transactional email about your account, galleries, and orders.
  • To process payments and prevent fraud.
  • To improve Selene using aggregate, de-identified analytics.

Who we share it with

Selene uses third-party services to run the product. Each one only sees the data it needs:

  • Supabase — Postgres database and authentication.
  • Cloudflare R2 & Backblaze B2 — photo storage and backup.
  • Cloudflare Images — image variant delivery and CDN.
  • Stripe — payment processing. Card data never touches our servers.
  • Resend — transactional email delivery.
  • Sentry — error tracking. Scrubbed of personal data where possible.
  • Cloudflare Web Analytics — privacy-friendly, cookieless pageview analytics.

We do not use Google Analytics, Facebook Pixel, or any advertising tracker.

Where your data lives

Photos and database rows are stored in the Sydney region by default for Australian studios, and replicated to a cold-storage backup in a separate region. Some sub-processors (Stripe, Sentry) operate from the US and EU. By using Selene you consent to this cross-border processing.

Retention

  • Active studios: data kept as long as your account is open.
  • Cancelled studios: galleries become read-only for 90 days, then archived.
  • Server logs: 30 days.
  • Stripe payment records: retained as required by Australian tax law (7 years).
  • Sent emails: 12 months in the outbox, then deleted.

Your rights

Under the Australian Privacy Act 1988 and the GDPR (if you are in the EU/UK), you can:

  • Access a copy of the personal data we hold about you.
  • Correct anything that is wrong.
  • Delete your account and request erasure of associated personal data.
  • Export your galleries as ZIP at any time from the dashboard.
  • Object to a specific use of your data, or lodge a complaint with the OAIC.

Email hello@selene.app and we will respond within 30 days.

Security

Passwords are hashed with bcrypt. Sessions are signed JWTs in HTTP-only cookies. Photos are served from signed URLs scoped to each gallery. We use HTTPS everywhere. We will tell affected users within 72 hours if we ever discover a data breach.

Changes to this policy

If we make material changes we will email account holders and update the date at the top. Routine clarifications happen without notice.

Contact

Selene is operated by Eclipse Media Pty Ltd, Melbourne, Australia. Privacy questions: hello@selene.app.