Graduation & Prom season is here · Book before June 10th — don't wait

BanaKin Photos

Legal

Privacy Policy

Effective May 22, 2026

This Privacy Policy explains how BanaKin Photos (“BanaKin,” “we,” “us,” or “our”) collects, uses, and shares information about you when you visit banakinphotos.com, book a session, or interact with us. By using our site or services you agree to the practices described here.

1. Who we are

BanaKin Photos is a photography studio based in Temple Hills, Maryland, United States. For privacy questions, contact us at admin@banakinstudios.com.

2. Information we collect

We collect information in three ways:

  • You give it to us — name, email address, phone number, mailing address, session preferences, and any messages you send us. When you book a paid session, payment is processed by Stripe; we don't store your card details.
  • You let us produce it on your behalf — photographs and videos captured during your session, which we store securely so you can view and download them through your client portal.
  • Automatically — basic browser and device information (IP address, browser type, referrer, pages visited) collected through standard server logs and cookies used to keep you signed in and protect against fraud. See our Cookie Policy for details.

3. How we use your information

  • To provide and deliver the photography services you book.
  • To send transactional emails (booking confirmations, quotes, receipts, gallery delivery, scheduling).
  • To respond to inquiries and provide customer support.
  • To process payments and prevent fraud (via Stripe and Google reCAPTCHA).
  • To maintain business records, including tax and accounting compliance.
  • With your separate consent only: to send marketing emails or feature your photos in our portfolio and on social media. You can withdraw this consent at any time.

4. Legal bases for processing (EU/UK visitors)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your information under the following GDPR legal bases:

  • Contract (Art. 6(1)(b)) — to deliver the services you book.
  • Consent (Art. 6(1)(a)) — for marketing emails and portfolio use of your photos.
  • Legitimate interests (Art. 6(1)(f)) — to secure our site (reCAPTCHA), prevent abuse, and improve our services.
  • Legal obligation (Art. 6(1)(c)) — to keep records required by tax and accounting law.

4a. Maryland Online Data Privacy Act (MODPA)

The Maryland Online Data Privacy Act (Md. Code Com. Law §14-4601 et seq., effective October 1, 2025; enforcement began April 1, 2026) establishes baseline privacy rights for Maryland residents. Based on our scale, we are not a “controller” subject to MODPA's applicability thresholds (35,000+ Maryland consumers, or 20%+ of revenue from selling data of 10,000+ Maryland consumers). Nevertheless, as a matter of practice we commit to the principles MODPA establishes:

  • Data minimization — we collect only what is reasonably necessary to provide the services you request.
  • No sale of personal data, ever — with or without consent.
  • No processing of sensitive data beyond what's strictly necessary for a requested service.
  • No targeted advertising to anyone we know or reasonably should know is under 18.
  • Reasonable administrative, technical, and physical safeguards for personal data.

5. Who we share information with

We share information only with service providers who help us run our business, under contracts that require them to protect your information:

  • Supabase — hosts our database, authentication, and image storage.
  • Vercel — hosts the website and applications.
  • Stripe — processes payments. Your card details go directly to Stripe and are never stored on our servers.
  • Resend — delivers transactional and (with your consent) marketing email.
  • Google reCAPTCHA — prevents automated abuse of our forms.
  • Google & Apple Sign-In — if you choose to log in with these providers, we receive your name and email from them in line with their respective privacy policies.

We do not sell or rent your personal information. We do not share it for cross-context behavioral advertising.

6. International transfers

We are based in the United States. If you access our site from outside the U.S., your information will be transferred to and processed in the U.S. Where required, we rely on the Standard Contractual Clauses approved by the European Commission to provide an adequate level of protection.

7. How long we keep your information

  • Account profiles: as long as you have an active account, plus a reasonable backup window after closure.
  • Booking and payment records: at least 7 years to comply with U.S. tax and accounting law.
  • Gallery photos: stored for the lifetime of your account unless you request earlier deletion.
  • Marketing list: until you unsubscribe.
  • Server logs: typically 90 days.

8. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — request a copy of what we hold about you.
  • Correction — ask us to fix inaccurate information.
  • Deletion — ask us to delete your information, subject to legal retention obligations.
  • Portability — receive your information in a structured, commonly used format.
  • Withdrawal of consent — at any time, for marketing or portfolio use.
  • Objection / restriction — to certain processing (EU/UK).
  • Opt out of “sale” or “sharing” (California residents under CCPA/CPRA) — we don't sell or share for cross-context advertising, but you may submit a request anyway.
  • Non-discrimination — we will not deny service for exercising any of these rights.

To exercise any of these rights, email admin@banakinstudios.com. We will respond within the time required by applicable law (typically 30–45 days).

9. Children

Our services are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with information, contact us and we will delete it.

10. Security and breach notification

We use industry-standard safeguards including encrypted connections (HTTPS), at-rest encryption for our database, row-level security to keep client data isolated, signed time-limited URLs for photo access, and access controls on the admin panel. No system is perfectly secure; we encourage you to use a strong, unique password.

In the event of a security breach affecting the personal information of Maryland residents, we will comply with the Maryland Personal Information Protection Act (Md. Code Com. Law §14-3501 et seq.), including notifying the Maryland Office of the Attorney General prior to notifying affected individuals, and providing notice to affected individuals within 45 days of discovery as required by the statute. We will also comply with the breach-notification laws of any other affected jurisdiction.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we'll post a notice on the site and update the “Effective” date above. Continued use after a change constitutes acceptance.

12. Filing a complaint

If you believe we have not adequately addressed a privacy concern, you may file a complaint with the Maryland Attorney General's Consumer Protection Division:

Office of the Attorney General · Consumer Protection Division
200 St. Paul Place, Baltimore, MD 21202
Consumer Hotline: (410) 528-8662 · Toll-Free: (888) 743-0023
marylandattorneygeneral.gov/CPD

Residents of the EU, UK, or California may file complaints with their respective data-protection authorities.

13. Contact

BanaKin Photos · Temple Hills, MD
admin@banakinstudios.com

This document is provided as a good-faith effort to inform our practices and is not legal advice. We recommend you consult an attorney for advice specific to your situation.