Skip to content
jepex
  • Features
  • Roadmap
  • Pricing
  • FAQ
Get Jepex
Privacy

Privacy Policy

How we collect, use, and protect your personal data, and the rights you have over it.

Last updated 15 June 2026 · Version 2026-06-15

Contents

  1. What we collect
  2. Why we use it & legal bases
  3. Cookies & analytics
  4. Content that is public
  5. Who we share data with
  6. International transfers
  7. How long we keep it
  8. Your rights
  9. Children
  10. Security
  11. Changes to this policy
  12. Contact & authorities

This Privacy Policy explains how SIA Karto (“Jepex”, “we”, “us”) handles personal data when you use the Jepex website (jepex.app) and the Jepex applications for macOS and iOS. We are the data controller for that processing. You can reach us at privacy@jepex.app, and our full company details are on the Legal Notice page.

What we collect

Account & sign-in

Your email address. We sign you in with a one-time code sent to that address. There is no password, and none is stored. If you sign in with Apple or Google, we receive the identifier and basic profile details (such as email and name) that you authorise them to share.

Profile

Your display name, username, bio, avatar image, any links you add to your other profiles, and the camera models you list.

Content you create

The recipes you make (camera settings, descriptions, tags), the photos you attach to them, and your favourites. When you upload a photo we remove all embedded metadata (EXIF, including GPS location) from the image file before it is stored. The shot details relevant to the recipe (camera make and model, lens, focal length, aperture, shutter speed and ISO) may be read from the photo at upload and saved as part of the recipe; like the rest of the recipe, they are public if you publish it.

The photo library you browse and edit in the apps stays on your device. We do not upload it. Only the photos you choose to attach to a recipe are uploaded. When you match a photo against recipes, the photo is analysed on your device or in your browser and is never sent to our servers.

Subscription & payment

Payments are handled by Stripe. We receive your subscription tier and status and a Stripe customer reference. If you subscribe through an app store (Apple App Store or Google Play, where available), the store processes your payment instead, and we receive your subscription status through RevenueCat, our subscription-management provider for app-store purchases. In no case do we receive or store your full card number. Stripe collects the billing details it needs to take payment and to calculate the correct VAT.

Usage analytics

We use analytics at two levels:

  • Anonymous, aggregate measurement: we count overall traffic, such as page views and which pages are popular, using cookieless, privacy-first web analytics (Cloudflare). It sets no cookies, builds no profile, and cannot single you out. Because of that it runs for all visitors, including in the EU, under our legitimate interest in understanding how the site is used; your IP address and browser type are processed only transiently to produce the aggregate counts.
  • Identified product analytics: more detailed product-usage events (which recipes or features are used) and app diagnostics such as crash and error events, using PostHog, hosted in the European Union and linked to you. Whether we ask first depends on where you are:
    • Regions that require opt-in consent (such as the EU/EEA, the United Kingdom and Switzerland): this runs only if you opt in, and stays off otherwise. Signed-in users are asked through a short in-product prompt and can change the choice in Account settings; it is never on by default.
    • Everywhere else: it may run by default, and you can opt out at any time through the “Cookie settings” link in the footer or, when signed in, in your Account settings.

We determine your region from your IP address at the time of your visit. For signed-in users, the identified-analytics choice is stored with your account and applies on web and in the apps, and an explicit opt-out is never overridden by a regional default. We do not use session recording.

Waitlist

If you join our waitlist, your email address, used to send you a confirmation and launch updates. These emails are delivered through Resend.

Technical & security data

Your IP address, browser and device information, and server logs, processed by our hosting and content-delivery provider (Cloudflare) to deliver and protect the service, including when the apps check for updates, together with the cookies described below. To apply plan limits we also count certain actions against your account (for example, how many photo matches a free plan has used).

Terms-acceptance records

When you accept our Terms of Service or this Privacy Policy (when you create your account, and again after any material update) we record which document and version you accepted, the date and time, and the method of acceptance, together with the IP address and browser/device (user-agent) information of the request, so that we can demonstrate which terms applied to your account.

Why we use it & legal bases

Under the EU General Data Protection Regulation (GDPR), we rely on:

  • Performance of a contract: to create and run your account, provide the apps and website, process your subscription, and apply plan limits.
  • Consent: for usage analytics and affiliate cookies in regions that require opt-in consent, and for waitlist/marketing emails everywhere. You can withdraw consent at any time.
  • Legitimate interests: to keep the service secure, prevent fraud and abuse, measure anonymous aggregate traffic (cookieless, for all visitors), and understand how the product is used at an identified level (in regions where opt-in consent is not required, with an opt-out available at any time), balanced against your rights and freedoms, and to keep the terms-acceptance records described above for the establishment and defence of legal claims.
  • Legal obligation: to keep invoices and accounting records as required by Latvian law.

Cookies & analytics

We use a small number of cookies and similar technologies:

  • Strictly necessary: session cookies that keep you signed in (for example sb_access_token and sb_refresh_token, which are HttpOnly). These are required for the site to work and do not need consent.
  • Analytics: PostHog cookies, for identified product analytics. In regions that require opt-in consent they are set only if you opt in; elsewhere they may be set by default. Data is hosted in the EU. Our aggregate traffic measurement (Cloudflare) is cookieless and stores nothing on your device.
  • Affiliate: Rewardful cookies, used to credit referrals from our affiliates, set on the same regional basis as identified analytics.

You can change your analytics choice at any time through the “Cookie settings” link in the footer of every page. For signed-in users the choice is saved to your account and applies on web and in the apps; it can also be changed in Account settings.

Content that is public

Published recipes and public profiles are public by design. Your display name, username, bio, avatar, links, camera list, and any photos you attach to published recipes (together with any camera, lens and exposure details saved with them) are visible to anyone and can be indexed by search engines. We submit published pages for indexing. Please don’t include anything in them you wouldn’t want to be public.

Marketing use of published content. Under the content licence in our Terms of Service, we may feature published recipes and their attached photos in Jepex marketing (on our own channels and on third-party platforms such as Instagram, TikTok, YouTube and X) and we credit you by your display name (or another identifier you have set). The legal basis is the performance of that contract. If you unpublish or delete the content, we stop using it in new marketing, and you can object to a particular use at any time by emailing privacy@jepex.app.

Who we share data with

We share data only with service providers who process it on our behalf, each under a data processing agreement. We do not sell your personal data.

ProviderPurposeLocation
SupabaseDatabase, authentication, photo storageEU (Ireland)
PostHogProduct usage analytics (see Cookies & analytics)EU
StripePayments and subscription billingEU / US
RevenueCatApp-store subscription status (where you subscribe via an app store)US
CloudflareHosting, content delivery, security, and cookieless aggregate web analyticsGlobal edge
ResendWaitlist and transactional emailUS
RewardfulAffiliate referral attribution (see Cookies & analytics)US
Apple, GoogleSign in with Apple / GoogleGlobal

We may also disclose data where required by law, or to protect our rights, our users, or the public.

International transfers

Your core data (account, content, and analytics) is stored in the European Union (Supabase in Ireland; PostHog in the EU). Some providers (Stripe, RevenueCat, Cloudflare, Resend, Apple, Google) may process data outside the EU, including in the United States, under appropriate safeguards such as the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework.

How long we keep it

  • Account & profile: while your account is active, and deleted within about 30 days of a deletion request (residual copies in backups are purged on their normal cycle).
  • Invoices & accounting records: about 5 years, as required by Latvian law.
  • Terms-acceptance records: while your account exists, plus up to 10 years after it closes, in line with the general limitation period for contract claims under Latvian law.
  • Analytics: about 14 months.
  • Waitlist: until you unsubscribe.

Your rights

If you are in the EU/EEA, you have the right to access your data, correct it, delete it, restrict or object to processing, receive it in a portable format, and withdraw consent at any time. To exercise any of these, email privacy@jepex.app. We respond within one month (for particularly complex requests the law allows an extension, and we will tell you if we need one).

You can request deletion of your account at any time by emailing privacy@jepex.app, and directly in the app where that option is available. You also have the right to complain to a data protection supervisory authority (see section 12).

Children

Jepex is not directed at children. You must be at least 16 years old to create an account. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact privacy@jepex.app and we will delete it.

Security

We protect your data with encryption in transit (HTTPS), passwordless sign-in (one-time email codes, there is no password to steal), row-level access controls in our database, removal of all embedded photo metadata, and access limited to what is needed to run the service. No method of transmission or storage is completely secure, but we take reasonable measures to protect your data.

Changes to this policy

We may update this policy from time to time. Each version carries a version date, shown at the top of this page, and the app records which version you accepted. When we make a material change, we will notify you in the app or by email and ask you to accept the updated policy; for minor changes we will simply post the new version with a revised date.

Contact & authorities

For any privacy question or request, contact privacy@jepex.app.

  • EU / Latvia: our lead supervisory authority is the Data State Inspectorate of Latvia (Datu valsts inspekcija), dvi.gov.lv. You may also complain to the authority in your own EU country.
  • United Kingdom: you may complain to the Information Commissioner’s Office (ICO), ico.org.uk.
  • California: you have the right to know, delete, and correct your personal information, and to opt out of its “sale” or “sharing”. We do not sell or share your personal information. We will not discriminate against you for exercising these rights.
  • Canada: you have rights under PIPEDA and may contact the Office of the Privacy Commissioner of Canada, priv.gc.ca.
  • Brazil: you have rights under the LGPD and may contact the National Data Protection Authority (ANPD), gov.br/anpd.
Get Jepex App

Jepex App

  • Features
  • Roadmap
  • Pricing
  • FAQ

Company

  • hello@jepex.app
  • Privacy
  • Terms
  • Withdraw from contract
  • Affiliate Terms
  • Legal

Social

Jepex App · Built for SOOC photographers
© 2026 All rights reserved.