Privacy Policy
Last updated: April 24, 2026
AutoQC is operated by Staffify LLC ("AutoQC," "we," "us"). This policy explains what information we collect when you use the AutoQC web application at autoqc.io, how we use it, who we share it with, and the choices you have. If you have any questions, email hello@autoqc.io.
1. Information we collect
We collect only the information needed to run the service.
- Account information. Your email address, a hashed password (we use bcrypt; we never see the plaintext), your agency or business name, and your role on the agency.
- Photos and property data. Images you upload (or that arrive from connected integrations like Dropbox), the property address or label you assign them, style profile settings, and any notes or tags you add.
- Processing metadata. Quality-control scores, flagged issues, auto-fix actions, room-type classifications, and timestamps generated during QC.
- Integration credentials. When you connect a third-party service (Dropbox, Aryeo, HDPhotoHub, Spiro, Tonomo), we store the access tokens or credentials needed to read and write on your behalf. These are stored server-side and never sent back to the browser.
- Billing information. Payments are processed by Stripe. We store customer identifiers and a record of your purchases and credit transactions. Card numbers and bank details stay with Stripe; we do not see or store them.
- Usage and log data. Our hosting provider (Vercel) records standard request logs (IP address, user agent, path, status). We use Vercel Analytics for aggregate page-view counts. We do not run advertising trackers.
2. How we use your information
- Run QC on photos you upload and surface the results to you in the dashboard.
- Apply auto-fixes (vertical correction, color, sharpness, distraction removal on Premium) where configured.
- Deliver processed files to the integrations you connect.
- Charge for processing and manage your credit balance.
- Send transactional email (sign-in, password reset, purchase receipts, product announcements you opt into).
- Maintain security, prevent abuse, and improve accuracy of the QC engine.
We do not sell your data. We do not use your photos to train external foundation models. We do not share your photos with other customers.
3. Sub-processors we use
To deliver the service, AutoQC shares limited data with the following service providers. Each acts under contract and for the purpose described.
| Provider | Purpose |
|---|---|
| Amazon Web Services | Photo storage (S3), database (RDS), queue (SQS), compute (Lambda). US-East-1. |
| Vercel | Web application hosting and aggregate analytics. |
| Anthropic | Claude vision analysis for composition, room type, and distraction detection. Anthropic does not train on API inputs. |
| Replicate | Hosted AI models for distraction inpainting and deblur on Premium properties. |
| Stripe | Payment processing and card storage. |
| Resend | Transactional email delivery (sign-in, password reset, receipts). |
| Connected integrations | When you connect Dropbox, Aryeo, HDPhotoHub, Spiro, or Tonomo, AutoQC reads and writes only within the scope you authorize. |
4. Security
- All traffic between your browser, our servers, and our sub-processors is encrypted in transit with TLS.
- Photos in S3 and database rows in RDS are encrypted at rest.
- Passwords are hashed with bcrypt (cost 12); we cannot recover them and never see the plaintext.
- Integration access tokens and Dropbox app secrets are stored server-side and are never returned to the browser after being saved.
- Access to production systems is limited to personnel who need it to operate the service.
No service is perfectly secure. If we ever learn of a breach that affects your data, we will notify you promptly.
5. Data retention
- We retain your photos and property records for as long as your account is active.
- When you delete a property or photo, it is removed from the live database and scheduled for deletion from S3 within 30 days.
- When you close your account, we delete your photos, properties, and personal data within 30 days of the closure request, except where we are required to keep records (e.g., payment records retained for tax purposes).
- Aggregate, non-identifying metrics (e.g., total photos processed) may be kept indefinitely for operational analytics.
6. Your rights
You can:
- Access, update, or export your account and property data from the dashboard.
- Disconnect any connected integration from the dashboard, which revokes our token and stops future syncing.
- Request deletion of your account and data by emailing hello@autoqc.io.
- If you are in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA including the right to access, correct, delete, and port your data, and to object to certain processing. Email the address above to exercise these rights.
7. Children
AutoQC is a business tool for photography agencies. It is not directed at children under 16, and we do not knowingly collect their personal information.
8. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email or in-app notice at least 7 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
9. Contact
Staffify LLC
Email: hello@autoqc.io