Privacy policy

This Privacy Policy explains how Frieda Schweky Photography ("we", "us", or "our") collects, uses, and protects information when you visit friedaschweky.com (the "Site"), book a photography session, enroll in a course, or connect a Google account for calendar sync.

1. Information we collect

We collect only what we need to run the business:

• Account information — your name, email address, and (optionally) a phone number when you create an account or book a session.
• Booking details — the type of session you requested, preferred date and time, location, and any notes you share when reaching out.
• Payment information — handled by our payment processor. We do not see or store your full card number.
• Course progress — if you enroll in a course, we track which lessons you have completed so we can show you where you left off.
• Technical data — standard server logs (IP address, browser, pages visited) kept for security and debugging.

2. Google account data

When Frieda connects her own Google account to sync her calendar with this Site's admin scheduler, the following applies:

• Scopes requested. We request calendar.events and calendar.calendarlist.readonly. We use these only to read and write events on the single calendar the connected user explicitly chooses — never the whole account.
• How we use it. We mirror bookings from this Site into the chosen Google Calendar and pull personal events from that same calendar back into the admin scheduler so Frieda does not double-book herself. That is the only use.
• Storage. OAuth access and refresh tokens are encrypted at rest using AES-256-GCM before being written to the database. Tokens never leave our server infrastructure.
• Retention. Tokens and imported events are deleted immediately when the Google account is disconnected from the admin panel, or on request.
• Limited Use compliance. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to train machine-learning models, do not transfer it to third parties except as necessary to provide the sync feature, and do not allow humans to read it except with explicit consent, for security, or to comply with the law.

3. How we use your information

• To confirm and manage bookings you request.
• To send transactional email — booking confirmations, reminders, course activation links, receipts.
• To deliver course content and track your progress.
• To keep the Site secure, prevent fraud, and comply with legal obligations.

We do not sell your personal information. We do not use it for advertising. We do not share it with third parties for their own marketing.

4. Who we share it with

We share data with service providers only to the extent needed to run the Site:

• Our hosting provider (server infrastructure).
• Our payment processor (to charge for sessions or courses).
• Our email delivery provider (to send transactional email).
• Google (only when Frieda's own account has been connected, and only for calendar sync as described above).

5. Your rights

You can request a copy of the information we hold about you, ask us to correct it, or ask us to delete it. Email hello@friedaschweky.com and we will respond within a reasonable timeframe.

6. Cookies

We use a small number of cookies required for login sessions and basic functionality. We do not use advertising cookies or third-party analytics trackers.

7. Children's privacy

The Site is not directed at children under 13, and we do not knowingly collect information from them. If you believe a child has submitted information to us, please contact us so we can remove it.

8. Changes

If we make material changes to this policy, we will update the "Last updated" date at the top of the page, and — for logged-in users — may also send a notice by email.

9. Contact

Questions about this policy or about the information we hold about you? Email hello@friedaschweky.com.