Privacy Policy

Effective: May 22, 2026

sessionpix (“we,” “us,” or the “Service”), operated by Christopher Lucas Phillips, takes your privacy seriously. This Policy describes what information we collect, how we use it, who we share it with, and the rights you have over it.

1. Information We Collect

Account information. When you create an account, we collect your email address, name, password (stored as a salted hash via AWS Cognito), and the organization you belong to.

Photos and analyses. When you upload photos of audio equipment, we store the photo files in AWS S3 and process them through our two-pass AI vision pipeline to identify equipment, read visible labels (brand, model, serial number when visible), and describe control positions. The structured outputs of those analyses are stored alongside your photos in our database.

Payment information. Subscription billing is handled by Stripe. We do not store your full credit-card number; we only retain a Stripe customer identifier, the last four digits, the brand of the card, and the billing email on file.

Usage and device information. We collect log data including IP address, device type, operating system, app version, timestamps of requests, and which features you interact with. This is used to operate, debug, and improve the Service.

2. How We Use Your Information

• To provide and operate the Service — account management, photo processing, gear identification, control-position notes, collection organization;
• To bill you for paid subscriptions and respond to payment-related inquiries;
• To send you transactional email (account confirmations, password resets, billing receipts, security alerts);
• To improve the Service in aggregate — e.g. measuring which features are used, identifying bugs;
• To comply with legal obligations and protect against fraud or abuse.

We do not sell your personal information, and we do not share it with advertisers.

3. Subprocessors & Third-Party Services

We use the following third-party services to operate sessionpix. By using the Service, you acknowledge that your data is processed by these providers under their own privacy terms.

• Amazon Web Services (AWS) — hosting infrastructure (US regions), identity (Cognito), photo storage (S3), database (Aurora), email delivery (SES);
• Anthropic, via AWS Bedrock — Claude vision and text models that perform the identification and analysis passes on your photos and their derived metadata. Photos and analyses are transmitted to Claude solely to produce the Service’s output and are subject to AWS Bedrock’s data-handling terms (in particular, customer content is not used to train foundation models);
• Stripe — payment processing and subscription billing.

4. AI Processing & Photo Content

Photos of audio equipment typically contain limited personal information, but they may incidentally include people in the background, serial numbers, or written notes. Our AI pipeline focuses on identifying the equipment itself and is not designed to extract or store information about identifiable individuals. We recommend that you avoid uploading photos that contain sensitive personal information of non-users.

Identification output produced by AI is informational only and should not be relied upon for authentication, appraisal, or chain-of-custody purposes — see our Terms of Service for the full disclaimer.

5. Data Retention

• Account data: retained while your account is active. After you request account deletion, account data is removed within 30 days, except where retention is required by law;
• Photos and analyses: retained until you delete the item, delete the collection, or close your account. Backups may persist for up to 90 days after deletion;
• Billing records: retained for up to 7 years to satisfy United States tax-record requirements;
• Server logs: retained for up to 90 days, then deleted or aggregated.

6. Your Rights

You have the right to:

• Access the personal information we hold about you;
• Request correction of inaccurate data;
• Request deletion of your account and associated data;
• Export your collections and analyses in a portable format;
• Opt out of any non-essential email communications.

California residents (CCPA): you also have the right to know what categories of personal information we collect, the right to deletion, and the right to opt out of the “sale” of personal information (we do not sell personal information).

European Economic Area residents (GDPR): you also have the rights to portability, restriction of processing, and to lodge a complaint with your supervisory authority.

To exercise any of these rights, email support@sessionpix.com. We will respond within 30 days.

7. Cookies & Tracking

The sessionpix website uses essential cookies and local storage to keep you signed in, remember your preferences, and operate basic features. We do not use third-party advertising cookies. Disabling essential cookies will break the Service.

8. Children

sessionpix is not intended for users under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at support@sessionpix.com and we will delete it.

9. International Data Transfers

Our infrastructure is hosted in the United States (AWS US regions). If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest for S3 and database storage, role-based access controls, and audit logging. No system is perfectly secure; we cannot guarantee absolute security and we encourage you to use a strong, unique password.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify active users by email and update the “Effective” date above.

12. Contact

Privacy requests: support@sessionpix.com. General support: support@sessionpix.com.