Data, Security, and Privacy

Who can see my photos and job data?

Only you and the people you choose to give access to can see your photos and job data.

How do team permissions work?

Access to data is controlled by the roles and permissions you assign to team members.

Can I control who has access to specific jobs or photos?

Yes. You can manage access to your jobs and photos within your account.

Can I remove someone’s access?

Yes. You can remove or change a team member’s access at any time.

Can WorkPhotos staff see my data?

WorkPhotos does not access customer data unless required for support, maintenance, or where legally required.

Where is my data stored?

WorkPhotos stores your data using cloud infrastructure.

How is my data protected?

WorkPhotos uses standard security measures to help protect your data from unauthorised access, loss, or misuse.

Is my data backed up?

WorkPhotos maintains backups to support service reliability and data recovery.

Does WorkPhotos guarantee data security?

No system can guarantee complete security, but WorkPhotos takes reasonable steps to protect your data.

Does WorkPhotos sell my data?

No. WorkPhotos does not sell customer data.

When is my data shared with third parties?

Data is only shared where necessary to operate the service, such as with service providers, or where required by law.

Are third parties allowed to use my data for their own purposes?

No. Third parties only process data as needed to provide services to WorkPhotos.

How is my data used?

Your data is used to provide and improve the WorkPhotos service.

Where can I find full privacy details?

Full details are available in the WorkPhotos Privacy Policy.

What happens to my data if I cancel my subscription?

Cancelling a subscription does not automatically delete your account or your data.

Can I delete my account and data?

Yes. You can request deletion of your account and associated data.

How do I request account deletion?

You can contact WorkPhotos support to request account and data deletion.

How long does deletion take?

Account and data deletion is handled in line with WorkPhotos policies and legal requirements.

Is any data kept after deletion?

Some data may be retained where required by law or for legitimate business purposes.

WorkPhotos uses encryption and access controls to help protect your data while it is transmitted and accessed.

Encryption in transit

All data sent between the WorkPhotos mobile app, web app, and our servers is encrypted using HTTPS (TLS). This helps prevent data from being read or altered while in transit.

Data storage and infrastructure security

Photos and job data are stored on infrastructure provided by established cloud hosting providers. These providers apply their own security controls at the infrastructure and storage level. WorkPhotos relies on these underlying protections alongside application-level access controls.

Third-party storage integrations

When using integrations such as Google Drive, Dropbox, or OneDrive, data is transferred securely using each provider’s official APIs and secure connection methods. Once data is synced, it is stored and protected according to the security and encryption policies of the connected service.

Authentication and access control

WorkPhotos uses Auth0 for user authentication and identity management.

• Auth0 handles secure sign-in, session management, and token-based authentication.

• Passwords are not stored directly by WorkPhotos.

• Access to photos, jobs, and reports is controlled by authenticated user sessions and workspace permissions.

Encryption works alongside authentication and permissions to ensure that only authorised users can access data through the WorkPhotos apps and web interface.

WorkPhotos allows reports and images to be shared using direct links.

• Shared report links provide read-only access to the report content.

• Image URLs and report links are not currently individually audited or tracked per viewer.

• Anyone with access to a shared link may be able to view the content it points to.

For this reason:

• Shared links should be treated as private.

• Only share links with people you trust.

• If access needs to be restricted, avoid distributing links publicly.

Link-level access controls, expiration, and auditing may be introduced in future updates.