Filmroll

Privacy Policy

Effective: April 18, 2026DPDP Act 2023 compliantVersion 1.0

This Privacy Policy explains how Filmroll collects, uses, stores, and protects your personal data when you use Filmroll. We are committed to your privacy and comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), and the Information Technology Act, 2000.

1. Data Fiduciary

Filmroll, a company registered in India, acts as the Data Fiduciary under the DPDP Act, 2023, and is responsible for how your personal data is handled on Filmroll. Contact: privacy@filmroll.com.

2. Data We Collect

Account & Identity Data

  • Full name, professional/studio name, and email address.
  • Profile photo (if provided) and account credentials (stored as hashed values).

Payment Data

  • Billing address and invoicing details.
  • Payment card or UPI information — processed and stored exclusively by our payment gateway partner (Razorpay / Stripe). We do not store raw payment card data on our servers.

Usage & Analytics Data

  • Pages visited, features used, session duration, and interaction patterns.
  • Device type, operating system, browser type, and IP address.
  • Location data derived from IP address (approximate, not GPS-level).

Client & Portfolio Metadata

  • Gallery names, client names or identifiers you create on the Platform.
  • File names, tags, upload timestamps, and storage usage metrics.
  • Gallery access logs (who accessed a shared link and when).

Uploaded Content

  • Photographs and associated EXIF metadata (camera model, GPS tags if embedded). We recommend stripping sensitive EXIF data before upload if you prefer privacy for your clients.

3. How We Use Your Data

  • To provide, operate, and improve the Platform's services.
  • To process billing and payments for storage and usage.
  • To send account-related notifications, receipts, and service alerts.
  • To analyze aggregate usage patterns and improve platform performance (analytics data is anonymized before analysis).
  • To detect and prevent fraud, abuse, and security threats.
  • To comply with legal obligations under Indian law.

We do not sell your personal data to third parties. We do not use your uploaded photographs for advertising, AI training, or any purpose beyond service delivery.

4. Third-Party Service Providers

We engage the following categories of third-party processors under appropriate data processing agreements:

  • Cloud Storage: AWS S3, Google Cloud Storage, or Azure Blob Storage — for secure photo and data storage.
  • Payment Processing: Razorpay or Stripe — for billing and payment transactions. Subject to their respective privacy policies.
  • Analytics: Google Analytics or Mixpanel — for usage analytics. Data shared is anonymized or pseudonymized.

These providers are contractually obligated to process your data only for the purposes we specify and to maintain appropriate security standards.

5. Data Retention

We retain your personal data for as long as your account remains active or as required to provide services. Upon account deletion, personal data is deleted within 30 days, except where retention is required by law (e.g., financial records may be retained for up to 7 years as required under Indian tax law). Uploaded photographs are deleted within 30 days of account termination unless you export them beforehand.

6. Your Rights Under DPDP Act, 2023

As a Data Principal under the DPDP Act, 2023, you have the right to:

  • Access: Request a summary of your personal data processed by us.
  • Correction: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Grievance Redressal: Raise a grievance with our Data Protection Officer at dpo@filmroll.com. We will respond within 30 days.
  • Nomination: Nominate another individual to exercise rights on your behalf in case of death or incapacity.

7. Cookies and Tracking

We use essential cookies for authentication and session management, and optional analytics cookies (Google Analytics / Mixpanel) to understand usage. You may opt out of analytics cookies through your browser settings or our cookie preferences panel. Disabling essential cookies will affect Platform functionality.

8. Cross-Border Data Transfers

Your data may be stored on servers located outside India (e.g., AWS, GCP, or Azure data centers). We ensure such transfers are compliant with the DPDP Act, 2023 and applicable regulations, and that recipient parties maintain equivalent data protection standards.

9. Children's Privacy

The Platform is intended for professional use and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors.

10. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email at least 15 days before taking effect. Continued use of the Platform constitutes acceptance of the revised policy.

11. Contact

Data Protection Officer: dpo@filmroll.com
Filmroll, Chennai, Tamil Nadu, India.