PhotosynQ Terms of Service
Effective date: October 26, 2025
Thank you for using PhotosynQ! These Terms of Service ("Terms") govern your use of PhotosynQ software, instruments, websites, and services (collectively, the "Services"). The Services are provided by PhotosynQ Inc. ("PhotosynQ", "we", "us", or "our"), located in East Lansing, Michigan, USA.
By using the Services, you agree to these Terms. If you do not agree, do not use the Services.
​
1. Eligibility & General Conditions
• You must be at least 13 years old to use the Services.
• You will not use the Services for any illegal or unauthorized purpose and will comply with all applicable laws and regulations.
• You are responsible for keeping your account credentials confidential and for all activity under your account.
• We may refuse or suspend access to the Services at our discretion. We may terminate your account for breach of these Terms.
2. Software License
We grant you a limited, non‑exclusive, non‑transferable, revocable license to install and use PhotosynQ software and instrument firmware solely to access and use the Services in accordance with these Terms. Open‑source components are licensed under the applicable open‑source licenses.
You will not reverse engineer or decompile any software except to the extent permitted by applicable law.
3. Key Definitions (Aligned with Privacy Policy)
Project: A workspace in which a Project Lead configures protocols, collects measurements, and manages access.
Project Lead: The account owner or designee with permission to grant, revoke, or manage user access to a Project and its data.
Project Admin (a project collaborator with an admin role): A designee of the Project Lead with permission to grant, revoke, or manage user access to a Project and its data.
Customer Data: All data, measurements, images, metadata, comments, protocols, macros, and other content uploaded or generated by users within a Project.
Personal Data: Information that identifies or relates to an identified or identifiable natural person.
Aggregated/De‑identified Data: Data that has been processed to remove personal identifiers and cannot reasonably be used to identify a natural person.
PhotosynQ Data: Company‑authored and curated content that PhotosynQ makes available inside the Services for authenticated members as starting points (e.g., example projects, protocols, macros, demo datasets, code snippets, documentation/templates). PhotosynQ owns PhotosynQ Data.
Visibility Modes (per Project):
• Enterprise Vault — Fully private; no metadata or artifacts are visible to non‑collaborators.
• Enterprise Canopy — Members‑discoverable; signed‑in members can see a metadata‑only project page and, critically, read‑only protocol/macro code, parameters, version history, and execution artifacts; raw measurements remain private until access is granted by the Project Lead.
• Archive Project — Members‑discoverable (same visibility as Enterprise Canopy); read‑only protocol/macro code, parameters, version history, and execution artifacts are visible to signed‑in members; raw measurements remain private until access is granted. **No new measurement collection.** Web‑only visibility.
4. Access & Data Governance (Enterprise Controls)
Private by default. Projects are private unless the Project Lead enables discoverability (Enterprise Canopy) or sets Archive status. Only users granted access by the Project Lead or Project Admin (an admin‑role collaborator) may access Customer Data. Projects created up to October 26, 2025 have been grandfathered into Enterprise Canopy if data collection has been active at any point during the past 12 months. Projects with no data collection activity in the past 12 months have been set to Archive to avoid subscription fees.
Access control. The Project Lead or Project Admin controls invitations, role assignments, and revocation of access for their Project(s). PhotosynQ will not grant access to Customer Data to third parties without the Project Lead’s authorization, except as required by law or as otherwise permitted in these Terms.
PhotosynQ limited access. PhotosynQ personnel may access Customer Data only as reasonably necessary to (a) provide technical support, security, and maintenance; (b) investigate and remediate incidents; and (c) improve and develop the Services (including quality, reliability, performance, and new product features). Such access is strictly role‑based, logged, and subject to confidentiality obligations.
Project portability. Project Leads may export Customer Data using the export tools we make available. Export format and scope may vary by subscription plan and technical limits.
PhotosynQ Data library. PhotosynQ may provide a catalog of PhotosynQ Data visible and discoverable to authenticated members inside the Services. PhotosynQ Data is governed by §5A and is not subject to project‑level visibility controls unless designated in the catalog.
4A. Members‑Only Project Pages (Enterprise Canopy and Archive)
Scope. If enabled by the Project Lead or Project Admin (an admin‑role collaborator), PhotosynQ may display a members‑only page for a Project.
• Enterprise Canopy: shows title, overview, categories/tags, high‑level questions, generalized map region, contributor display names per contributor setting, and **read‑only protocol/macro code, parameters, version history, and execution artifacts**. Explore/Download tools and raw measurements remain hidden unless access is granted.
• Archive: shows title, overview, categories/tags, high‑level questions, generalized map region, contributor display names per contributor setting, and **read‑only protocol/macro code, parameters, version history, and execution artifacts**. Explore/Download tools and raw measurements remain hidden unless access is granted. **Collection is disabled.**
Contributor identity controls. By default, contributor names on members‑only pages are shortened to FirstName + Last initial (e.g., “John D.”). Each contributor may choose a pseudonym or hide their name entirely in profile settings. The Project Lead cannot override a contributor’s preference.
Locations. Members‑only pages may show generalized map regions only; precise coordinates and field‑level locations are not displayed.
Third‑party embeds. Members‑only pages may use third‑party map/asset providers; loading such content may share device/network identifiers with the provider, subject to the Privacy Policy and applicable consent requirements.
Disable anytime. A Project Lead can disable a members‑only page at any time; internal caching and indexing may take time to clear.
4B. Protocols & Macros — Ownership & Visibility
Ownership. Protocols, macros, and associated code, parameters, comments, and version history created within a Project are Customer Data and remain owned by the Customer, unless expressly released by the Project Lead under a separate open‑source or sharing license.
Visibility.
• Enterprise Vault: Protocol/macro details (code/parameters/artifacts) are hidden from non‑collaborators.
• Enterprise Canopy: Protocol/macro details (code/parameters/version history/execution artifacts) are visible **read‑only** to signed‑in members; execution and editing remain restricted to collaborators with granted access.
• Archive: Protocol/macro details (code/parameters/version history/execution artifacts) are visible **read‑only** to signed‑in members; execution and editing remain restricted to collaborators with granted access. **Collection is disabled.**
Security checks. Executable macros may be subject to automated security checks (e.g., static analysis, sandboxing) to protect users and the Services. Such processing is limited to service operation and security and does not grant PhotosynQ any right to disclose Customer Data.
Indexing controls. Protocol/macro artifacts and metadata are excluded from general web crawler indexing; visibility is limited to authenticated member views inside the Service per mode.
Carve‑out for PhotosynQ Data. Items designated as PhotosynQ Data (e.g., example protocols/macros supplied by PhotosynQ) are governed by §5A and may be visible/discoverable in the PhotosynQ Data library regardless of a project’s mode. Using PhotosynQ Data inside a Project does not change ownership of the underlying PhotosynQ Data.
5. Customer Content; Ownership; License to PhotosynQ
Ownership. As between you and PhotosynQ, you (or your organization) retain all right, title, and interest in and to Customer Data and any intellectual property rights therein.
License to operate the Services. You grant PhotosynQ a worldwide, non‑exclusive, royalty‑free license to host, process, transmit, display, and otherwise use Customer Data solely for: (i) providing and supporting the Services; (ii) protecting the Services (including monitoring, preventing, and addressing security issues, abuse, and fraud); and (iii) improving and developing the Services (including quality, reliability, performance, and new product features), applying data minimization and other safeguards.
Aggregated/De‑identified data. We may create and use Aggregated/De‑identified Data derived from Customer Data for benchmarking, analytics, and improvement, provided it does not identify you, your users, or your projects.
Backups. The Services are not intended to be your sole data repository. You are responsible for maintaining appropriate backups of Customer Data.
5A. PhotosynQ Data — License and Use
Ownership of PhotosynQ Data. PhotosynQ (and its licensors, if any) retains all right, title, and interest in PhotosynQ Data, including any intellectual property rights.
License to Customers. Subject to these Terms, PhotosynQ grants you a limited, non‑exclusive, non‑transferable, non‑sublicensable license to access and use PhotosynQ Data inside the Services and within your Projects for your internal research and operational purposes. You may create adaptations or derivative works that combine PhotosynQ Data with your Customer Data; as between the parties, your adaptations/derivatives (excluding the underlying PhotosynQ Data) are treated as Customer Data.
Restrictions. Except as expressly permitted, you will not (a) redistribute PhotosynQ Data as a standalone library/dataset/template set; (b) sell, sublicense, or publicly post PhotosynQ Data outside the Services; (c) remove or alter proprietary notices; or (d) use PhotosynQ Data to build or train a competing service or dataset, except as permitted in writing by PhotosynQ.
Visibility & Discoverability. PhotosynQ Data may be visible and discoverable to all authenticated members in a catalog within the Services. We may update, replace, or deprecate PhotosynQ Data over time.
No Warranty. PhotosynQ Data is provided “AS IS” without warranties of any kind.
6. User Responsibilities
You are responsible for (a) the accuracy and legality of Customer Data; (b) obtaining all necessary consents; (c) configuring appropriate role‑based access; and (d) complying with applicable laws and permits for data collection and field activities.
6A. Acceptable Use (Security‑Relevant)
Do not attempt to bypass authentication or access controls, probe or scan the Service except as permitted under §8.x Customer Security Testing, disrupt availability (e.g., DoS), or access data outside your authorized scope.
Security testing of your own tenant/environment must follow PhotosynQ’s testing guidelines and be non‑destructive.
7. Third‑Party Services
If you enable integrations or third‑party services, you authorize PhotosynQ to exchange relevant Customer Data and account information with those services as necessary to enable the integration. Third‑party services are not controlled by PhotosynQ and are governed by their own terms and privacy policies.
8. Privacy; Data Protection; Regulatory Compliance
Role allocation. For Customer Data that contains Personal Data, the Project Lead (or their organization) is the data controller (or equivalent) and PhotosynQ is the data processor (or service provider/processor under CCPA/CPRA and PIPEDA). For Personal Data that PhotosynQ determines the purposes and means of processing (e.g., account management, billing, security logs, site analytics), PhotosynQ is an independent controller.
Lawful basis & purpose limitation. We process Personal Data only for specified, explicit, and legitimate purposes described in these Terms and our Privacy Policy, and as further set out in any Data Processing Addendum ("DPA").
Data subject rights. We will assist controllers in responding to data subject requests when the request relates to Customer Data we process as a processor.
Product improvement safeguards. If PhotosynQ uses Customer Data for service improvement: (a) we will minimize use to what is necessary; (b) apply access controls, logging, and confidentiality; and (c) prefer aggregated or de‑identified forms where feasible.
International transfers. Where applicable, international transfers of Personal Data will be protected by appropriate safeguards (e.g., EU SCCs and the UK IDTA).
Security. We implement appropriate technical and organizational measures designed to protect Customer Data, including encryption in transit and at rest, access controls, vulnerability management, logging, and employee confidentiality. No method of transmission or storage is perfectly secure.
Sub‑processors. We may engage sub‑processors to support the Services. We will impose data protection obligations on sub‑processors no less protective than those in these Terms and our DPA. A current list will be made available upon request.
DPA availability. For regulated processing (e.g., GDPR/UK GDPR/CCPA‑CPRA/PIPEDA/LGPD), our DPA forms part of these Terms when executed by you or referenced in an order form. If you require a signed DPA, contact [support@photosynq.org](mailto:support@photosynq.org).
8.x Security Program & Vendors
PhotosynQ maintains an information security program aligned to industry practices. Controls include governance & training, access management, encryption in transit/at rest, logging & monitoring, vulnerability management, SSDLC, periodic penetration testing, business continuity & disaster recovery, data segregation, and abuse prevention.
Managed security: As of the Effective Date, PhotosynQ engages Venturit Inc. ("Rootkit Defense") to operate managed security services (e.g., SOC, IDS/IPS, WAF, DDoS protection) limited to service‑protection purposes.
8.x Incident Response & Breach Notification
We maintain an incident response plan. Upon becoming aware of a Personal Data Breach affecting Customer Data, PhotosynQ will notify the Project Lead or designated contact without undue delay and aim to provide initial notice within 72 hours, with available details and ongoing updates.
8.x Customer Security Testing & Responsible Disclosure
Customers may perform non‑destructive security testing of their own tenants/environments per Acceptable Use and testing guidelines. Report potential vulnerabilities to [support@photosynq.org](mailto:support@photosynq.org). Good‑faith testing within guidelines is authorized.
9. Confidentiality
Customer Data and any non‑public information you disclose to PhotosynQ are confidential. We will not disclose such information except to personnel, contractors, and sub‑processors who need access to provide the Services and are bound by confidentiality obligations, or as required by law.
10. Export Controls; Sanctions
You will not use or export the Services in violation of applicable export control and sanctions laws.
11. Beta Services
From time to time we may offer Services labeled as beta/preview. Beta Services are provided “AS IS” and may be changed or discontinued at any time.
12. Fees & Taxes
You agree to pay applicable fees and taxes associated with your subscription or purchases. Additional terms may apply in an order form.
12A. Subscription Tiers & Visibility Options
Unless expressly enabled by the Project Lead, a Project is **Enterprise Vault** (fully private) by default. Availability of modes and features may vary by plan.
• Enterprise Vault (default): Audience — only invited collaborators. Members/public view — none. Data access — no one outside the Project can view or download Customer Data. Protocols/macros are hidden from non‑collaborators.
• Enterprise Canopy (members‑discoverable): Audience — authenticated PhotosynQ members can view the members‑only page and may request to join; Project Lead approves/denies. Visible — title, overview, questions, categories/tags, generalized map region, contributor display names (per contributor’s setting), and **read‑only protocol/macro code, parameters, version history, and execution artifacts**; raw measurements and Explore/Download tools remain hidden unless access is granted.
• Archive Project: Audience — authenticated PhotosynQ members; web‑only visibility; **no new measurement collection**. Visible — title, overview, questions, categories/tags, generalized map region, contributor display names, and **read‑only protocol/macro code, parameters, version history, and execution artifacts**; raw measurements and Explore/Download tools remain hidden unless access is granted.
No sale/sharing for advertising. Enabling Enterprise Canopy does not authorize PhotosynQ to sell or share Personal Data for cross‑context behavioral advertising.
Plan association & pricing. Availability and pricing are specified in your order form or plan description.
13. Warranties; Disclaimers
Except as expressly stated, the Services are provided “AS IS” and “AS AVAILABLE” without warranties of any kind, including implied warranties of merchantability, fitness for a particular purpose, and non‑infringement. Instruments may carry a limited hardware warranty described in your purchase documentation.
14. Indemnification
You will indemnify and defend PhotosynQ and its affiliates from third‑party claims arising from: (a) your unlawful use of the Services; (b) Customer Data; or (c) your breach of these Terms.
15. Limitation of Liability
To the maximum extent permitted by law, PhotosynQ will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, revenues, or data, even if advised of the possibility. Our aggregate liability for all claims relating to the Services in any 12‑month period will not exceed the amounts paid by you to PhotosynQ for the Services in that period. Some jurisdictions do not allow certain exclusions; in those cases, the limitations apply to the fullest extent permitted by law.
16. Term; Suspension; Termination; Data Return/Deletion
Term. These Terms apply from account creation or first use and continue until terminated.
Suspension. We may suspend access for non‑payment, security risk, legal compliance, or breach.
Termination. Either party may terminate for material breach if not cured within 30 days after written notice.
Data return & deletion. Upon termination or upon request by the Project Lead, we will, within a commercially reasonable period, (a) make Customer Data export tools available, and (b) delete or return Customer Data from active systems, subject to permitted retention in backups and to legal obligations. Backup media are purged on a rolling schedule.
17. Government Requests & Legal Process
We may access, preserve, and disclose information as required by law or lawful process. Where legally permitted and feasible, we will provide prior notice to the Project Lead before disclosing Customer Data.
18. Children
The Services are not intended for children under 13. If we learn that we have collected Personal Data from a child under 13 without verifiable parental consent, we will delete that information.
19. Modifications to these Terms
We may update these Terms from time to time. For material changes, we will provide notice in accordance with applicable law and your account settings. Your continued use of the Services after the effective date constitutes acceptance of the updated Terms.
20. Governing Law; Dispute Resolution
These Terms are governed by the laws of the State of Michigan, without regard to conflict of law rules. The parties consent to the exclusive jurisdiction of state and federal courts located in Ingham County, Michigan.
21. Contact
Questions? Contact [support@photosynq.org](mailto:support@photosynq.org) or write to:
PHOTOSYNQ INC.
325 E. Grand River Ave., Suite 225
East Lansing, MI 48823 USA
Annex: Data Processing Addendum (Short‑Form Summary)
This summary is provided for convenience and must be read together with the full DPA available upon request.
Parties & Roles: Customer (controller) ↔ PhotosynQ (processor/service provider).
Subject‑matter: Processing Customer Data to provide, secure, and improve the Services.
Duration: Term of the Agreement plus reasonable archival periods.
Types of Personal Data: Account info (name, email), device/instrument identifiers, project membership, measurement metadata; Customer may submit other categories at its discretion.
Data Subject Categories: Customer personnel, collaborators, research participants as determined by Customer.
Processor Obligations: Process only on documented instructions; confidentiality; security measures; breach notification without undue delay (target initial notice within 72 hours); sub‑processor flow‑down; assistance with data subject requests and DPIAs; deletion/return at end of Services; audits (reports or assessments) on reasonable request.
Cross‑border Transfers: SCCs and UK IDTA as applicable; supplementary measures where required.
California (CPRA): PhotosynQ acts as a service provider; no sale or sharing of Personal Data for cross‑context behavioral advertising.
Canada (PIPEDA): Comparable level of protection; transfers governed by contractual measures; complaints handled per Privacy Policy.