FeaturesPricingBlogHelp CenterAPI Docs
Sign InGet Started

Privacy Policy

Last updated: January 28, 2026

eMARCOTT ("we," "our," or "us") operates a multi-tenant SaaS platform for real estate photography businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at emarcott.com and related services.

By using eMARCOTT, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the platform.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Name and email address
  • Password (stored securely using bcrypt hashing)
  • Business name, address, and contact information
  • Profile photo (optional)
  • Timezone and language preferences

1.2 Client Data (For Photography Businesses)

If you are a photographer using our platform, you may store:

  • Client names, email addresses, and phone numbers
  • Client business information and addresses
  • Client profile photos
  • Communication history and notes

1.3 Property and Gallery Data

To provide our services, we collect and store:

  • Property addresses and location information
  • Property details (square footage, price, bedrooms, etc.)
  • Photos, videos, floor plans, and 3D tour embeds
  • Documents and contracts related to properties
  • MLS information and gallery status

1.4 Order and Transaction Data

  • Service orders and job details
  • Scheduling and appointment information
  • Invoices and payment records
  • Communication threads and revision requests

1.5 Payment Information

Payment information is processed securely by our payment processors (Stripe, PayPal, Square). We do not store complete credit card numbers on our servers. We may store:

  • Last four digits of payment cards (for display purposes)
  • Billing addresses
  • Transaction history and receipts
  • Payment processor customer IDs

1.6 Usage Data

We automatically collect certain information when you use our platform:

  • IP address and approximate location
  • Browser type and version
  • Device information and operating system
  • Pages visited and features used
  • Date and time of access
  • Referring website or source

1.7 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Provide security features

2. Google User Data

eMARCOTT's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.1 Data We Access from Google

When you connect your Google account, we may request access to:

  • Basic Profile Information: Your name and email address for account identification and login
  • Google Calendar: To sync photography appointments and display your availability
  • Google Drive: To import and export media files to/from your cloud storage

2.2 How We Use Google Data

We use your Google data only for the following purposes:

  • Authenticating your identity when you sign in with Google
  • Syncing calendar events for scheduling photography appointments
  • Displaying your availability to prevent double-booking
  • Importing media files from Google Drive to your galleries
  • Exporting finalized galleries to your Google Drive

2.3 What We Do NOT Do with Google Data

We will never:

  • Sell your Google data to third parties
  • Use your Google data for advertising or marketing purposes
  • Use your Google data to train AI or machine learning models
  • Share your Google data with third parties except as necessary to provide our services
  • Store your Google data longer than necessary for the features you use

2.4 Google Data Sharing

Your Google data may be shared only with:

  • Infrastructure Providers: Vercel (hosting), Supabase (database) - only as necessary to operate the platform
  • You: Data you explicitly choose to share through gallery pages or with your clients

2.5 Google Data Storage and Security

  • Google OAuth tokens are encrypted using AES-256-GCM before storage
  • Access tokens are refreshed automatically and old tokens are invalidated
  • All data is transmitted over TLS 1.3 encrypted connections
  • Data is stored in secure, access-controlled databases with row-level security

2.6 Google Data Retention and Deletion

  • Google authentication data is retained only while your account is active
  • You can disconnect Google integration at any time from Settings > Integrations
  • Upon disconnection, we delete your Google access tokens immediately
  • Upon account deletion, all Google-related data is permanently deleted within 30 days
  • You can also revoke access via your Google Account permissions

3. How We Use Your Information

We use the information we collect to:

  • Provide Services: Operate the platform and deliver requested features
  • Process Transactions: Handle payments, invoices, and refunds
  • Communicate: Send service updates, notifications, and support responses
  • Improve Platform: Analyze usage patterns to enhance features and fix issues
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Meet legal obligations and respond to lawful requests
  • Customer Support: Assist with inquiries and technical issues

4. Data Sharing and Disclosure

4.1 Service Providers

We share data with third-party service providers who assist in operating our platform:

  • Vercel: Application hosting and deployment
  • Supabase: Database, authentication, and file storage
  • Cloudflare R2: Media file storage and delivery
  • Stripe: Payment processing
  • PayPal: Payment processing
  • Square: Payment processing
  • Resend: Transactional email delivery
  • Google Cloud Vision: Image analysis for copyright protection (CopyPro feature)
  • AI Editing Providers: Autoenhance.ai, Clipdrop (for optional AI photo editing)

4.2 Business Transfers

If eMARCOTT is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.3 Legal Requirements

We may disclose information if required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from government authorities
  • Protect the rights, property, or safety of eMARCOTT, our users, or others
  • Enforce our Terms of Service

4.4 With Your Consent

We may share information with third parties when you explicitly consent or direct us to do so.

4.5 Public Gallery Pages

When you create public gallery pages (branded or unbranded), the property information, photos, and media you include become publicly accessible. Client contact information on these pages is displayed as you configure it.

5. Data Security

We implement comprehensive security measures to protect your data:

5.1 Encryption

  • All data transmitted over the internet uses TLS 1.3 encryption (HTTPS)
  • Sensitive data at rest is encrypted using AES-256
  • OAuth tokens and API credentials are encrypted with AES-256-GCM
  • Passwords are hashed using bcrypt with unique salts

5.2 Access Control

  • Row-Level Security (RLS) policies ensure complete data isolation between tenants
  • 199+ database security policies enforce ownership-based access
  • Role-based access control (Superadmin, Admin, Client)
  • Secure session management with automatic expiration

5.3 Infrastructure Security

  • Hosted on enterprise-grade cloud infrastructure (Vercel, Supabase)
  • Regular security updates and patching
  • DDoS protection and rate limiting
  • Comprehensive audit logging of all actions

5.4 Application Security

  • Protection against SQL injection, XSS, and CSRF attacks
  • Input validation and sanitization
  • Content Security Policy (CSP) headers
  • Regular security assessments

6. Data Retention

  • Active Accounts: Data is retained while your account is active
  • Cancelled Subscriptions: Data is retained for 90 days to allow reactivation
  • Account Deletion: Personal data is deleted within 30 days of request
  • Backups: Backup copies are purged within 90 days of deletion
  • Legal Holds: Data may be retained longer if required by law
  • Anonymized Data: Aggregated, anonymous analytics may be retained indefinitely

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access

Request a copy of the personal data we hold about you.

7.2 Correction

Request correction of inaccurate or incomplete personal data.

7.3 Deletion

Request deletion of your personal data, subject to legal retention requirements.

7.4 Data Portability

Request your data in a structured, machine-readable format (CSV/JSON export).

7.5 Withdraw Consent

Revoke consent for specific data processing activities at any time.

7.6 Object to Processing

Object to certain types of data processing.

7.7 Opt-Out of Marketing

Unsubscribe from marketing communications at any time via email preferences.

To exercise these rights, contact us at privacy@emarcott.com or use the data management features in your account settings.

8. International Data Transfers

eMARCOTT is based in the United States. If you access our platform from outside the US, your data will be transferred to and processed in the United States. By using our services, you consent to this transfer.

We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

9. Third-Party Services

Our platform integrates with third-party services that have their own privacy policies. We encourage you to review their policies:

10. Children's Privacy

eMARCOTT is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information.

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact us at privacy@emarcott.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification for significant changes
  • Displaying a notice in the platform dashboard

Your continued use of eMARCOTT after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

eMARCOTT is operated by Marcott Studios LLC.