Privacy Policy

How we collect, use, and protect your personal data

Last updated: 12 May 2026

Ebrora (“we”, “us”, or “our”) is a sole trader business based in the United Kingdom. We are committed to protecting your privacy and handling your personal data transparently and lawfully in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data when you visit our website at ebrora.com (the “Site”) or purchase our products.

1. Data Controller

The data controller responsible for your personal data is Ebrora, a sole trader registered in the United Kingdom. If you have any questions about this policy or your personal data, you can contact us at hello@ebrora.com.

2. What Data We Collect

2.1 Information You Provide Directly

  • Contact form submissions: your name, email address, subject, and message content when you use our contact form.
  • Newsletter signup: your email address when you subscribe to our mailing list.

2.2 Information Collected Automatically

  • Analytics data: we use Google Analytics (GA4) to collect anonymised usage data such as pages visited, time on site, referring source, browser type, device type, and approximate geographic location. This data does not personally identify you.
  • Cookies: we use analytics cookies only with your explicit consent. See Section 7 for details.

2.3 Information Collected by Third Parties

  • Payment data: all purchases are processed by Gumroad (gumroad.com). When you buy a template, Gumroad collects your name, email address, billing address, and payment details. We do not have access to your full payment card details. Gumroad's privacy policy governs how they handle your payment information.

2.4 Site Photo Stamp product analytics

When you are signed in to Ebrora and use the Site Photo Stamp product (the in-app photo capture and gallery surfaces), we collect a small set of product-usage events to help us spot bugs, prioritise improvements, and understand which features are valuable. The events are:

  • Map view opened — when you open the photo map. Includes the number of photos plotted on the map you opened.
  • Cluster popover opened — when you tap a cluster of multiple photos on the map. Includes the number of photos in the cluster you tapped.
  • Cluster row tapped — when you tap a row in the cluster popover to deep-link into a photo. Includes the cluster size, the row position, and the internal photo id.
  • Cluster zoom-in tapped — when you tap the "Zoom in" button on a cluster popover instead of opening a row. Includes the cluster size.
  • Gallery item opened — when you open a photo's detail view. Includes a flag for whether the view was deep-linked from the map.
  • Back to map tapped — when you close a deep-linked photo detail view back to the map. Carries no additional properties.
  • Diary generated — when you successfully generate an end-of-day diary. Includes the diary scope (personal, team, or project), the number of photos summarised, and your subscription tier.
  • Diary emailed — when you email a diary from the in-app view. Includes the total recipient count and a flag for whether you added any ad-hoc addresses alongside the computed recipients. Recipient email addresses are not included.
  • Diary PDF downloaded — when you download a diary PDF in-app. Includes a flag for whether a thumbnail strip was attached and the estimated page count (1 or 2).
  • Diary read aloud — when you start listening to a diary via the Read aloud button. Includes which playback strategy was used (browser-built-in speech synthesis or our paid AI voice) and your subscription tier. Pausing and resuming the same playback does not produce a second event.
  • Diary deleted — when you delete a diary. Includes the diary scope and a flag for whether the diary had ever been emailed.
  • Diary email failed — when a diary email send returns a partial-failure response from our email provider. Includes the total recipient count, the count that failed, and a flag for whether ad-hoc addresses were involved. Recipient email addresses are not included.

These events do not include photo content, captions, tags, location coordinates, your name, your email, or any other personally identifying information. The "internal photo id" attached to the cluster-row event is an opaque identifier we use to look up the record in our own database; it is meaningless outside Ebrora.

The events are sent to PostHog Cloud EU (eu.posthog.com), hosted in the European Union, where they are associated with your Ebrora user id (an opaque internal identifier; not your email). Events fire only when you are signed in. No cookies, local storage identifiers, browser fingerprints, or third-party analytics scripts are loaded by this telemetry — the events are sent directly from our own servers via our own server-side PostHog client. PostHog does record the originating IP address as part of its standard event metadata; it is retained according to PostHog's own retention policy and is not used by Ebrora for marketing or profiling.

You can turn this off at any time. Open the Site Photo Stamp product, go to Settings, expand the Privacy section, and toggle "Share anonymous usage analytics" off. The toggle defaults to on but is honoured immediately on every subsequent action; no events fire while it is off. Turning it back on resumes the events on the next action.

We also use Sentry to capture unhandled application errors so we can fix them. Sentry breadcrumbs may include the URL path you were on when the error occurred and your Ebrora user id, but never photo content, captions, or location data. Sentry's data residency is configured for the European Union.

2.5 Site Photo Stamp product data

Section 2.4 above covers the small set of analytics events we collect about how you use the Site Photo Stamp product. This section describes the product data the product itself holds about you — the photos and records the product is designed to store on your behalf:

  • Your photos — when you are signed in and using cloud sync (paid tiers only), the photo image files you capture are uploaded to our cloud object storage, hosted in the European Union. On the Free tier, photos remain on your device and are never uploaded.
  • Photo metadata — alongside each photo we store the capture timestamp, the photo's dimensions and file size, the stamp template you chose, GPS coordinates if your device provided them at capture time, any text tags or captions you added, AI-generated captions and tags if you used AI features, action-workflow fields (action required, assignee, due date, status) when you flag the photo for follow-up, and any voice note attached to the photo (audio bytes in cloud storage; transcript text in our database).
  • Projects — when you create a project, we store its name, optional start and end dates, an optional client or project-manager email used as a default recipient when you email diaries from that project, and an "archived" flag with an optional reason.
  • Comments on photos — when you or a teammate adds a comment to a photo, we store the comment body, the author, and the created / edited / deleted timestamps.
  • End-of-day diaries — when you generate a diary, we store the calendar date the diary covers, the AI-written body text, the list of internal photo identifiers that fed the model, your subscription tier at generation time, and (when you email the diary) the most-recent send timestamp and the list of recipients with their role (your own email, the team owner's, the project's client / PM email, or an ad-hoc address you typed in).
  • AI usage records — every AI feature call (caption generation, redaction, diary generation, diary read-aloud, and similar) writes a record of the feature kind used, your subscription tier at the time of the call, the calendar-month budget the call counts against, and the per-call cost. These records are what enforces your monthly AI quota and what we use to reconcile our own provider costs.
  • Team membership and audit log — your teams, your role in each (owner, administrator, member, viewer, or pending invite), and a record of significant team-administration actions — members invited or removed, roles changed, photos deleted, projects archived — with the acting user's internal identifier, the action, and the target.
  • Account and subscription — your name, your email, your password (stored as a one-way hash, never in plaintext), any multi-factor authentication recovery codes you generated, any passkeys you registered, your subscription tier and status, and (when applicable) the reference identifier from the payment processor that started your subscription.

See §5 (Data Retention) below for how long each of these data classes is retained and what happens when you delete an item or close your account. See §6 (Your Rights Under UK GDPR) for how to exercise your rights of access, rectification, erasure, and portability over this data.

3. How We Use Your Data

We process your personal data for the following purposes and on the following lawful bases under UK GDPR:

  • To respond to enquiries (lawful basis: legitimate interest) — when you submit our contact form, we use your name and email to reply to your message.
  • To send marketing communications (lawful basis: consent) — if you subscribe to our newsletter, we use your email address to send you updates about new templates, offers, and news. You can unsubscribe at any time.
  • To analyse site usage (lawful basis: consent) — we use Google Analytics to understand how visitors interact with our Site, helping us improve content and user experience. Analytics cookies are only set if you click “Accept” on our cookie banner.
  • To improve the Site Photo Stamp product (lawful basis: legitimate interest) — when you are signed in and use the Site Photo Stamp product, we collect the product-usage events listed in Section 2.4 to spot bugs, prioritise improvements, and understand which features are valuable. The events do not include photo content, captions, location data, or any other personally identifying information. You can turn this off at any time via Site Photo Stamp → Settings → Privacy → "Share anonymous usage analytics".
  • To fulfil product purchases (lawful basis: performance of a contract) — Gumroad processes transactions on our behalf to deliver your purchased digital templates.

4. Data Sharing

We do not sell, rent, or trade your personal data to any third parties. We share data only with the following service providers who process it on our behalf:

  • Gumroad — for payment processing and digital product delivery.
  • Google Analytics — for anonymised website usage statistics.
  • PostHog (PostHog Cloud EU, eu.posthog.com) — for the Site Photo Stamp product-usage events described in Section 2.4. EU-hosted; associated only with your opaque Ebrora user id.
  • Sentry — for capturing unhandled application errors so we can fix them. EU data residency.
  • Formspree — for processing contact form submissions.

These providers are bound by their own privacy policies and data processing agreements. Some of these providers may transfer data outside the UK; where this occurs, appropriate safeguards are in place in accordance with UK GDPR requirements.

5. Data Retention

  • Contact form data: retained for up to 12 months after your enquiry is resolved, then deleted.
  • Newsletter subscriber data: retained until you unsubscribe, at which point your email address is removed.
  • Analytics data: Google Analytics data is retained for 14 months by default and is anonymised.
  • Site Photo Stamp product analytics: product-usage events sent to PostHog Cloud EU are retained for 12 months from collection, after which they are aggregated into anonymous statistics and the identifiable raw rows are deleted. Sentry error reports are retained for 90 days.
  • Site Photo Stamp product data: photos you capture in the product are retained for as long as your account is active. When you delete a photo it moves to a Trash bucket for 30 days during which it can be restored; after 30 days a daily background job permanently removes the image bytes from our cloud storage and the record from our database. The Trash "Delete forever" action skips this 30-day window and removes the photo immediately. Diaries, comments, project records, captions, tags, location coordinates, voice notes, and team membership data are retained for the lifetime of your account; deleting them in-app hides them from your views. AI usage records (used to enforce monthly quotas and reconcile per-call provider costs) and team audit log entries are retained for the lifetime of your account or team — a continuous record is required for service operation and accountability. When you close your account, all photo content and identifiable personal data tied to you are deleted without undue delay; aggregate anonymised statistics may be retained for service planning.
  • Purchase data: retained by Gumroad in accordance with their retention policy and applicable legal obligations.

6. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure — you can request that we delete your personal data where there is no compelling reason to continue processing it.
  • Right to restrict processing — you can request that we limit how we use your data.
  • Right to data portability — you can request your data in a structured, commonly used, machine-readable format.
  • Right to object — you can object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@ebrora.com. We will respond within one month of receiving your request.

7. Cookies

Our Site uses a cookie consent banner. We only set analytics cookies (Google Analytics) if you actively click “Accept”. If you click “Decline” or take no action, no analytics cookies are set.

The cookies we use are:

  • ebrora_cookie_consent — a first-party cookie that records your cookie preference. Duration: 1 year.
  • _ga / _ga_* — Google Analytics cookies used to distinguish users and sessions. Duration: up to 2 years. Only set if you consent.

You can also manage cookies through your browser settings. Note that blocking all cookies may affect the functionality of some websites.

8. Children's Privacy

Our Site and products are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our Site is served over HTTPS, and our third-party service providers maintain their own security standards.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.

11. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Ebrora
Email: hello@ebrora.com
United Kingdom