Juracich HDR

Legal

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy describes how Juracich Holdings LLC (“Juracich HDR”, “we”, “us”) handles information when you use the Juracich HDR service at hdr.juracich.com and its associated integrations.

What we collect

  • Account data: email address, name, and the verification token used to issue your magic-link sign-in.
  • Photos you upload: the original images you submit for editing, and the processed outputs we return. These are stored in your private workspace on DigitalOcean Spaces.
  • Edit metadata: the preset or prompt you chose, processing status, and timing.
  • Integration tokens:OAuth access & refresh tokens for any cloud storage providers (Dropbox, Google Drive) you connect. Tokens are encrypted at rest with AES-256-GCM.
  • API keys: for desktop plugins (Lightroom Classic, Capture One) we store a SHA-256 hash of the key; the raw value is shown to you once on creation and never stored.

What we don’t do

  • We do not train any AI model on your photos.
  • We do not sell or share your data with advertisers.
  • We do not use your photos for marketing without written permission.

How we use your data

We use the data above strictly to:

  • Run the photo-editing pipeline you requested.
  • Show you your own edit history and outputs.
  • Bill you (Stripe payment details handled by Stripe directly).
  • Maintain integration syncs with the providers you authorized.

Third parties we send data to

  • Replicate, Inc. — runs the image-editing model on our behalf. Photos are transmitted via HTTPS and Replicate retains them per their stated retention window.
  • DigitalOcean — stores your input and output photos in our private Space, and hosts our database.
  • Resend — sends the magic-link sign-in email.
  • Dropbox / Google Drive — only the folder(s) you explicitly grant access to; we never list anything outside those.

Retention & deletion

You can delete any edit at any time from the dashboard. Deleting your account removes your photos, edits, integrations, and API keys within 30 days. Contact hello@hdr.juracich.com to request a full data export or accelerated deletion.

Security

Sign-in is passwordless (magic-link via Resend). OAuth tokens are encrypted at rest. All traffic is over HTTPS. Workspace boundaries are enforced by user-scoped queries in our application layer.

Children

Juracich HDR is not directed at children under 13. We do not knowingly collect data from children.

Changes

Material changes to this policy are emailed to all active accounts at least 14 days before they take effect.

Contact

Questions? Email hello@hdr.juracich.com.