Effective date: October 26, 2025

 

This Privacy Policy explains how PhotosynQ Inc. ("PhotosynQ," "we," "us") collects, uses, shares, and protects Personal Data when you use our websites, software, instruments, and services (the "Services"). It also describes choices and rights you may have. If you do not agree, please do not use the Services.

 

Data Visibility Options (Project Settings)

 

PhotosynQ offers project-level visibility options that determine what (if anything) is discoverable by other signed-in members. These options do not override collaborator permissions set by the Project Lead.

 

i. Enterprise Vault

• Summary: Fully private projects.

• Discoverability: Project is not visible to other members unless invited.

• Measurements: Always private and visible only to approved collaborators.

• Protocols & Macros: Code, parameters, comments, version history, and execution artifacts are hidden from non-collaborators.

• Collaboration: Invite collaborators as needed.

• Best for: Organizations requiring complete privacy.

 

ii. Enterprise Canopy

• Summary: Members-discoverable metadata; measurements remain private.

• Discoverability (metadata-only page): Title, overview, questions, categories/tags, generalized map region, and contributor display names (per contributor’s profile setting: pseudonym or FirstName + LastInitial).

• Protocols & Macros (visibility): Full protocol/macro code, parameters, version history, and execution artifacts are visible (read-only) to signed-in members. Execution and editing remain restricted to collaborators with granted access.

• Measurements: Not visible or downloadable unless access is granted by the Project Lead.

• Collaboration: Invite collaborators as needed; signed-in members may request to join.

• Notes: Special pricing may be available for qualified non-profits and academic institutions (see plan terms).

 

iii. Archive Project

• Summary: Members-discoverable (same visibility as Enterprise Canopy); no new measurement collection.

• App Visibility: Not visible in mobile or desktop applications; available on the web only.

• Protocols & Macros (visibility): Full protocol/macro code, parameters, version history, and execution artifacts are visible (read-only) to signed-in members.

• Measurements: Prior measurements remain private and are not visible or downloadable unless access is granted by the Project Lead.

• Billing: Archived projects are presently excluded from subscription fees. See plan terms for details.

 

1. Key Roles and Definitions

 

Controller / Processor. For Customer Data inside a Project that may contain Personal Data, your organization (via the Project Lead) is the controller and PhotosynQ is the processor (or service provider/processor under CPRA and PIPEDA). For PhotosynQ’s own account, billing, security logs, and site analytics, PhotosynQ is an independent controller.

 

Customer Data. Measurements, images, metadata, comments, protocols, macros, and other content you or your organization upload or generate in Projects.

 

Personal Data. Information that identifies or relates to an identifiable person.

 

Aggregated/De-identified Data. Data processed to remove personal identifiers and that cannot reasonably re-identify a person.

 

PhotosynQ Data. Company-authored and curated content that PhotosynQ makes available inside the Services for authenticated members as starting points (e.g., example projects, protocols, macros, demo datasets, code snippets, documentation/templates). PhotosynQ owns PhotosynQ Data; it is separate from Customer Data.

 

2. Information We Collect

 

From you

• Account and profile (e.g., name, email; optional avatar, institution, bio). Display name on members-discoverable project pages defaults to FirstName + LastInitial (e.g., "John D."). Contributors may choose a pseudonym or hide their name on those pages.

• Customer Data submitted in Projects (including measurements, images, metadata, comments, protocols, and macros). Project data is private by default.

• Communications with us, including support requests and feedback.

 

Automatically

• Device and usage (e.g., IP address, device/app identifiers, logs, crash reports, performance metrics).

• Cookies and similar technologies for authentication, security, and service analytics. Non-essential cookies are used only with appropriate regional consent.

 

From others

• Enterprise admins / Project Leads may provide user information to invite collaborators.

• Third-party identity providers (e.g., SSO IdPs) provide basic profile and authentication signals when enabled.

 

3. How We Use Information (Purposes and Legal Bases)

 

We process Personal Data only as permitted by law and for:

• Providing the Services (contract/legitimate interests): account setup, authentication, project collaboration, device connectivity, order fulfillment, customer support, and customer communications.

• Protecting the Services (legitimate interests/legal obligations): security monitoring, abuse and fraud prevention, incident investigation, access auditing, and legal compliance.

• Improving and developing the Services (legitimate interests): quality, reliability, performance, and new product features. When feasible, we use Aggregated/De-identified Data or apply data minimization and access controls.

• Compliance (legal obligations): tax, accounting, regulatory, and law-enforcement requests.

 

Where required, we rely on consent (e.g., for certain cookies or marketing), which you may withdraw at any time.

 

4. Project Visibility and Discoverability (Details)

 

• Enterprise Vault (default privacy): No project page is visible to visitors or members outside the Project. No project metadata, precise locations, protocols, or macros are visible. Protocol/macro code and artifacts are hidden from non-collaborators.

• Enterprise Canopy (optional): If enabled by the Project Lead, signed-in PhotosynQ members can see a metadata-only project page and may request to join. Visible items include title, overview, questions, categories/tags, generalized map region, contributor display names (pseudonym or FirstName + LastInitial), and—critically—full protocol/macro code, parameters, version history, and execution artifacts (read-only). Explore/Download tools and raw measurements are not visible until access is granted.

• Archive Project: Shows a metadata-only page like Enterprise Canopy; collection is disabled. Read-only protocol/macro code, parameters, version history, and execution artifacts are visible to signed-in members. Explore/Download tools and raw measurements are not visible until access is granted. The project is available on the web only (not in mobile/desktop apps). Archived projects are presently excluded from subscription fees.

 

4A. PhotosynQ Data (Company Content)

 

• What it is. PhotosynQ may provide a catalog of PhotosynQ Data (company content such as example projects, protocols, macros, demo datasets, code snippets, documentation/templates) to help users get started.

• Visibility. The PhotosynQ Data catalog may be visible and discoverable to authenticated members across the Service. It is separate from Project visibility settings and does not expose Customer Data. Using PhotosynQ Data inside your Project does not change ownership of the underlying PhotosynQ Data.

• Personal Data. PhotosynQ Data is not intended to include Personal Data. If you believe it does, contact [support@photosynq.org](mailto:support@photosynq.org).

 

5. Sharing of Information

 

We do not sell or share Personal Data for cross-context behavioral advertising.

 

We share Personal Data only with:

• Service providers / sub-processors who assist in hosting, storage, support, analytics, and security, bound by confidentiality and data-protection terms (see also §10 and Regional Disclosures).

• Project collaborators as directed by the Project Lead (e.g., when you grant a member access to a Project).

• Third-party integrations you enable, per your configuration.

• Legal and safety recipients, when required by law or to protect rights, safety, and integrity of the Services. Where legally permitted and feasible, we notify the Project Lead before disclosure.

 

We may create Aggregated/De-identified Data for analytics, benchmarks, and product improvement.

 

Canopy/Archive clarification: The visibility of protocol/macro code and artifacts to signed-in members does not grant access to measurements or download tools and is not “sharing” for cross-context behavioral advertising.

 

6. International Transfers

 

Where Personal Data is transferred internationally, we use appropriate safeguards (e.g., EU Standard Contractual Clauses and the UK IDTA) and supplementary measures where required.

 

7. Security (Summary)

 

We implement appropriate technical and organizational measures to protect Personal Data, including encryption in transit and at rest, role-based access controls, vulnerability management, logging/monitoring, and personnel confidentiality obligations. We support SSO where available. No system is perfectly secure.

 

Security vendors / sub-processors. We may engage vetted security service providers (e.g., managed SOC, IDS/IPS, WAF, DDoS protection) to operate and protect the Services. Such providers act as sub-processors under our DPA. As of the Effective Date, this includes managed security operated by Venturit Inc. ("Rootkit Defense") for security telemetry and monitoring (e.g., network telemetry, security logs, IDS/IPS alerts) strictly for service-protection purposes.

 

Incidents. We maintain an incident response plan. If we become aware of a Personal Data Breach affecting Customer Data we process as processor, we will notify the controller (Project Lead/designated contact) without undue delay and provide information and cooperation needed for regulatory notifications and data-subject communication.

 

8. Data Retention

 

We retain Personal Data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Upon account closure or Project deletion, we delete or de-identify Personal Data within a reasonable period, subject to backup retention and legal holds.

 

Archived Projects. Archival pauses new collection but preserves existing collaborator access to prior measurements. Archive status and any related billing exclusions are configuration-level settings and may change with notice per plan terms.

 

9. Your Rights and Choices

 

Depending on your region, you may have rights to access, correct, delete, restrict, object, or port your Personal Data. When we process Customer Data as a processor, we will direct data-subject requests to the controller (your organization/Project Lead) and assist as required.

 

Choices

• Profile and display-name controls (pseudonym/hide on Enterprise Canopy and Archive pages).

• Cookie preferences (regional consent banner where applicable).

• Email preferences (service emails are transactional and may be required).

 

10. Sub-processors

 

A current list of sub-processors is available on request. We bind sub-processors to obligations no less protective than those in this Policy and our Data Processing Addendum (DPA).

 

11. Children

 

The Services are not intended for children under 13. If we learn that we collected Personal Data from a child under 13 without verifiable parental consent, we will delete it.

 

12. Changes to this Policy

 

We may update this Policy from time to time. Material changes will be notified via the Services or email where appropriate. Your continued use after the effective date means you accept the updated Policy.

 

13. Contact Us

 

PhotosynQ Inc.

325 E. Grand River Ave., Suite 225

East Lansing, MI 48823, USA

Email: support@photosynq.org

 

Annex: Regional Disclosures

 

EEA/UK

• Controller: For account/billing/site analytics, PhotosynQ Inc.; for Project Customer Data, your organization (Project Lead) is controller and PhotosynQ is processor.

• Legal bases: contract, legitimate interests, consent (cookies/marketing), legal obligations.

• Transfers: SCCs/IDTA; contact us for a copy.

 

California (CPRA)

• PhotosynQ acts as a service provider for Customer Data in Projects and as a business for our own operations data.

• We do not sell or share Personal Data for cross-context behavioral advertising.

• CPRA rights include access, deletion, correction, and opt-out from sale/sharing (not applicable to our uses as described). Submit requests via support@photosynq.org.

 

Canada (PIPEDA)

• We maintain a comparable level of protection for cross-border transfers via contractual measures. Contact us to access or correct your Personal Data or to file a complaint.