We do not sell your data. We do not use advertising. We do not track you across other websites. This policy explains exactly what we collect, why, and how long we keep it.
Qroissant is a photo delivery service that allows photographers to share photos with their clients via QR codes. The service is operated from Sweden and is subject to the General Data Protection Regulation (GDPR).
When this policy refers to "we", "us", or "Qroissant", it means the operator of qroissant.app.
We collect the minimum data needed to provide the service.
For photographers (account holders):
Optional contact information:
If you voluntarily provide a phone number or other contact details — for example when setting up a session or contacting support — we may store this information to provide the service. See section 3 for details on how this data may be used.
For gallery visitors (photo recipients):
We use the data we collect for the following purposes:
Marketing communications: Your email address, phone number, or other contact information you provide may be used to send you information about Qroissant's services. You can opt out at any time by contacting us. We will never share, sell, or disclose your contact details to any third party for marketing or any other purpose.
We do not build profiles, sell data, or use your information for any purpose unrelated to operating and communicating about our service.
Photos are stored on our servers for a limited period. After the retention period expires, photos are permanently deleted and cannot be recovered.
The default retention period is 90 days from the date of the session. The exact expiry date is shown on your gallery page.
Photographers can delete individual sessions and their photos at any time from the app. When a photographer account is deleted, all associated photos and sessions are permanently removed.
We use Google Analytics on our marketing website (qroissant.app) to understand how visitors find and use the site. Google Analytics collects anonymised data including pages visited, time spent, and general geographic region. We have enabled IP anonymisation, meaning full IP addresses are never stored by Google Analytics.
Google Analytics uses cookies and similar technologies. For more information, see Google's privacy policy. You can opt out of Google Analytics tracking using the Google Analytics opt-out browser add-on.
Google Analytics is used on the marketing website only — not inside the photographer app or the photo gallery.
Under GDPR, you have the following rights regarding your personal data:
Photographers can delete their account directly from the dashboard, which removes all associated data. To exercise any other right, contact us at the address below.
You also have the right to lodge a complaint with the Swedish supervisory authority: Integritetsskyddsmyndigheten (IMY).
We take reasonable technical and organisational measures to protect your data:
No system is perfectly secure. If you discover a security vulnerability, please contact us immediately.
For any questions about this policy or to exercise your rights, contact us:
We aim to respond to all privacy requests within 30 days.