myphoto.place is operated as an Australian sole trader business (ABN available on request). Our servers are located in Helsinki, Finland, hosted by Hetzner Online GmbH.
For privacy-related enquiries, contact us at privacy@myphoto.place.
We collect and process the following categories of data to provide the service:
| Data type | Purpose |
|---|---|
| Email, username, display name | Account management and authentication |
| Photos and EXIF metadata | Core service (photo storage and organisation) |
| Face recognition data | Photo organisation feature within your instance |
| Authentication credentials and 2FA tokens | Secure access to your account |
| IP addresses and access logs | Security and abuse prevention |
Photos you upload may contain embedded metadata (EXIF data), including GPS coordinates, camera settings, timestamps, and device information. This metadata is stored alongside your photos and used by Immich to organise your library (e.g. map view, timeline).
We want you to be aware that photos taken with smartphones typically include your precise location. This data is stored within your isolated instance. We do not access or share it, though as the infrastructure operator we technically have the ability to do so (see What we don't do).
Immich includes a machine learning feature that detects and groups faces in your photos. This runs entirely within your isolated instance. We do not access your face recognition data or share it with other tenants, though as a managed hosting service we have the technical ability to access tenant data when required (see What we don't do).
Face recognition data may constitute biometric data under the EU General Data Protection Regulation (GDPR). The legal basis for this processing is contract performance (providing the photo organisation features you signed up for). You can disable face recognition within your Immich settings at any time.
We process your data under the following legal bases (GDPR Article 6):
We use the following third-party services to operate myphoto.place:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Server hosting and storage | Helsinki, Finland |
| Resend | Transactional email delivery | United States |
| Porkbun | Domain name and DNS management | United States |
| Let's Encrypt | SSL/TLS certificate issuance | United States |
Your photos and account data are stored on servers in Helsinki, Finland (European Union). This means your data remains within the EU and is subject to GDPR protections.
The service is administered from Australia. This means limited personal data (such as account information) may be accessed from Australia for operational purposes. Australia is not an EU-adequacy country; the legal basis for this transfer is that it is necessary for the performance of the contract between you and us.
| Data type | Retention period |
|---|---|
| Account data (email, username) | Until account deletion + 30 days |
| Photos, EXIF metadata, face data | Until account deletion + 30 days |
| Authentication credentials | Until account deletion |
| IP addresses and access logs | 90 days |
After account cancellation or deletion, you have a 30-day window to export your data via Immich's built-in export feature. After this period, your data is permanently deleted.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, email privacy@myphoto.place. We will respond within 30 days.
You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi), the supervisory authority for our server location.
We comply with lawful orders from courts of competent jurisdiction in Australia and Finland. We assess requests from other jurisdictions on a case-by-case basis. We will not comply with requests we believe to be politically motivated or from jurisdictions without rule-of-law protections.
Where legally permitted, we will notify affected users of any law enforcement request concerning their data before complying.
Law enforcement agencies should direct requests to legal@myphoto.place.
We do not proactively scan the contents of your photos. However, we have a zero-tolerance policy for child sexual abuse material (CSAM) and illegal content.
Violations result in immediate account termination without refund and referral to law enforcement, including the Finnish police and Australian Federal Police.
To report abuse, contact abuse@myphoto.place.
We want to be clear about what we do not do with your data:
We may update this privacy policy from time to time. Material changes will be communicated via the email address associated with your account at least 14 days before taking effect. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
For privacy-related enquiries: privacy@myphoto.place
For abuse reports: abuse@myphoto.place
See also: Terms of Service