shield

Privacy Policy

We handle sensitive data — model photos, signatures, and personal information. Here's exactly what we collect, why, and how we protect it. No legal jargon.

Last updated: March 2026 · Effective immediately

lock

We Never Sell Your Data

Your information and your clients' data is never sold or shared for advertising.

delete_forever

You Control Deletion

Email us and we'll delete your account and all associated data within 30 days.

encrypted

Encrypted in Transit

All data travels over HTTPS/TLS. Sensitive records are stored on secure infrastructure.

person

What Information We Collect

Your account information

When you sign up, we collect your email address, optional business name, and optional phone number. That's it — we don't require a password. We use a "magic link" sent to your email to log you in securely.

Model release data

When you create a model release, the form captures the model's name, date of birth, contact information, selfie photo, and digital signature. This is the core purpose of the product — it's what makes your releases legally valid. This data belongs to you and your clients; we store it to make your records accessible.

Invoice and client data

When you create invoices, we store client names, email addresses, billing details, and shoot descriptions you enter. We also store the invoice amounts and payment status you manually mark.

Photos and images

The selfie verification feature captures a photo of the model's face at the time of signing. This image is stored as part of the signed release record. We do not run facial recognition or biometric analysis on these photos — they serve only as a visual record that the correct person signed the release.

Technical usage data

Our hosting provider (Vercel) automatically collects basic server logs including IP addresses and browser type when you use the site. We don't actively collect analytics beyond what's needed to keep the service running.

help

Why We Collect It (And Nothing More)

We only collect data that is directly necessary to provide the service. Here's the plain-English reason for each piece:

  • check_circleEmail address: To send you your magic login link, release notifications, and invoice confirmations.
  • check_circleModel name & DOB: Required by stock agencies (Getty, Shutterstock, etc.) for a legally valid model release.
  • check_circleModel photo (selfie): Provides visual proof of identity at time of signing — reduces disputes and is required by some agencies.
  • check_circleDigital signature: The legal consent record. Without it, the release isn't binding.
  • check_circleClient contact info: So you can send releases and invoices to the right people.
  • check_circleInvoice amounts: So you can track what's been paid and what's outstanding.
share

Who We Share Data With

We do not sell your data. We do not share it with advertisers. The only third parties who touch your data are the vendors we use to operate the service:

Vercel (vercel.com)Hosting & Infrastructure

Our site and all your data runs on Vercel's servers. Vercel may process server logs (IP addresses, request data) as part of normal hosting operations.

View their privacy policy →
Resend (resend.com)Email Delivery

When we send magic links, release signing notifications, or invoice emails, the recipient email address passes through Resend's systems for delivery. Resend does not retain email content beyond delivery.

View their privacy policy →

Important: When you send a signed release to a stock agency (Getty, Shutterstock, etc.), you are sharing that release with that agency directly. ShootForms facilitates this delivery but the agency's own privacy policy governs how they handle that data.

warning

Sensitive Data: Photos, Signatures & Biometrics

Because ShootForms handles selfie photos and digital signatures, we want to be especially clear about how this sensitive data is handled.

face
Selfie photos — Stored as image files attached to the signed release record. We do not run facial recognition, biometric hashing, or any AI analysis on these images. They are static image records only.
draw
Digital signatures — Stored as image data (canvas drawings) tied to the release record. They are not used for any purpose other than being part of the release document.
cake
Date of birth — Collected because stock agencies require it on model releases. We use it for no other purpose. We do not collect data on individuals under 18 — the model release process is for adults only.
key
No passwords stored — We use magic links exclusively. There is no password database to breach. Login tokens expire in 15 minutes and are single-use.

Illinois BIPA / State Biometric Laws: Some US states have laws governing the collection of biometric data (facial geometry, fingerprints, etc.). Selfie photos that are not processed for biometric features generally fall outside these laws. We take a conservative approach: we do not extract or process biometric identifiers from any photos stored on ShootForms. If you have specific concerns about your jurisdiction, please contact us.

calendar_clock

How Long We Keep Your Data

Model releases and invoices often need to be retained for years — stock agencies may need to reference a release years after a shoot. Here's our retention approach:

Active account data
Until you delete your account
All releases, invoices, and client records are kept as long as your account is active.
Signed release records
Minimum 7 years
We recommend keeping signed releases for at least 7 years given typical statue of limitations for contract disputes.
After account deletion
30 days, then purged
After you request deletion, we permanently remove all your data within 30 days.
Login tokens
15 minutes
Magic link tokens automatically expire 15 minutes after generation.
gavel

Your Rights (GDPR, CCPA & Beyond)

Regardless of where you live, we honor these rights for everyone:

check_circle
Access your data: Ask us for a copy of everything we have on you. We'll send it within 30 days.
check_circle
Correct your data: If something is wrong, tell us and we'll fix it.
check_circle
Delete your account: Email us at privacy@shootforms.com and we'll wipe your account and all associated data within 30 days.
check_circle
Data portability: We can export your release and invoice records in a standard format (PDF or JSON) on request.
check_circle
Opt out of emails: Transactional emails (magic links, signing notifications) are essential to the service. We send no marketing emails without explicit opt-in.
check_circle
Withdraw consent: You can stop using the service at any time. Deletion is permanent and immediate on your end.

California residents (CCPA): We do not sell personal information. You have the right to know what categories of data we collect, which is fully described on this page.

security

How We Protect Your Data

https
HTTPS everywhere: All traffic to and from ShootForms is encrypted in transit using TLS 1.2+.
cloud_lock
Secure cloud hosting: Hosted on Vercel's enterprise infrastructure with SOC 2 compliance and automatic DDoS protection.
no_accounts
No password database: There's no password file to steal. Magic link authentication means a stolen email alone can't compromise an account.
token
Short-lived tokens: Login links expire in 15 minutes. Session tokens are cryptographically random.
group_remove
Minimal access principle: Only the systems that need your data to function have access to it. No broad internal access.
cookie

Cookies & Tracking

We use no advertising cookies and no third-party tracking scripts. The only browser storage we use is:

  • chevron_rightSession storage: Temporary app state (e.g., which step of a form you're on). Cleared when you close your browser tab.
  • chevron_rightNo tracking pixels, no Google Analytics, no Facebook Pixel. We don't track your behavior across the web.
mail

Questions or Requests?

If you want to access, correct, or delete your data — or if you have any privacy concern at all — please reach out. We'll respond within 5 business days.

mailprivacy@shootforms.com

ShootForms is operated by 4mattcarlson · shootforms.com