one frame a day — privacy policy

what we collect

We collect only what is necessary to provide the service:

• account information — username and password (stored as a bcrypt hash, never in plain text)
• display name — optional, set by you
• photos and titles — the content you upload to your diary
• invite tokens — if you generate an invite, the token is associated with your account
• session data — a session cookie to keep you logged in
• server logs — our web server may log IP addresses, timestamps, and request details for security and debugging purposes; these logs are rotated and not retained long-term

That's it. No email address, no phone number, no analytics, no tracking pixels, no third-party scripts.

legal basis for processing

We process your data on the following legal bases under the GDPR:

• contract performance — your account data and photos are processed to provide the service you signed up for
• legitimate interest — server logs are kept briefly for security and to prevent abuse

how we use your data

Your data is used solely to operate the service — to display your diary, authenticate your sessions, and let you manage your account. We do not sell, rent, or share your personal information with third parties.

cookies

We use a single session cookie to keep you logged in. No analytics cookies, no advertising cookies, no third-party cookies.

public content

All diary entries are publicly visible. Your username, display name, photos, and titles are viewable by anyone. Do not upload content you wish to keep private.

third-party services

If you order print products (postcards, books, or zines), we share the relevant photos and your shipping address with the following partners solely to fulfill your order:

• Stannp — postcard printing and mailing
• Prodigi — book and zine printing and fulfillment
• Stripe — payment processing

These partners process your data only as needed to complete your order. We do not share your data with any other third parties.

where your data is stored

Your data is stored on servers in the EU (Germany), provided by Akamai / Linode. Print fulfillment partners may process your data in other regions as needed to produce and ship your order.

data retention

We retain your data for as long as your account is active. Server logs are retained for no more than 30 days. When you delete an entry, it is removed from the server. When you delete your account, all associated data — including all photos — is permanently deleted.

your rights

Under the GDPR, you have the right to:

• access — request a copy of the data we hold about you
• rectification — correct inaccurate data (you can update your display name and password in your account settings)
• erasure — delete your data (you can delete individual entries or your entire account at any time)
• portability — request your data in a portable format
• objection — object to processing of your data

To exercise any of these rights, contact us at hello@oneframe.day. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

data sharing

We do not sell, rent, or share your data for advertising or analytics. Your data is only shared with third parties when you order a print product (see "third-party services" above), or if required by law.

security

We take reasonable measures to protect your data, including hashing passwords and serving the site over HTTPS. In the event of a data breach that affects your personal data, we will notify affected users as soon as reasonably possible.

children

The service is not intended for anyone under the age of 16. We do not knowingly collect data from children. If you believe a child under 16 has created an account, please contact us and we will remove it.

changes to this policy

We may update this policy from time to time. We will announce material changes on the site for at least 30 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the updated policy.