James Micklethwait
CEO of GotPhoto
If you’ve been following the news lately, you know that data privacy, especially when it involves children, is at the forefront of everyone’s mind. As a parent myself, I know that when a school photographer captures a student’s smile, they aren’t just taking a picture; they are being entrusted with a piece of that family’s story.
At GotPhoto, we don’t take that trust lightly. Since we started in Germany back in 2011, we’ve grown into a global community across North America and Europe. While our business has expanded, our “North Star” has remained the same: The privacy and security of customer data processed through GotPhoto is our absolute top priority.
I wanted to take a moment to pull back the curtain and show you exactly how we keep data safe, and, just as importantly, what we promise to never do.
Following the Gold Standard
Because we operate in both the US and Europe, we play by the strictest rules in the book. On top of our SOC2 compliance, we also adhere to GDPR (the European standard), which is widely considered the most stringent data law in the world.
What does this really mean? We have independent experts regularly audit our systems to make sure our “digital locks” are as strong as they can be.
Doing it Right: The GotPhoto Way
We are proud supporters of the School Photographers of America (SPOA). When it comes to how we handle data, we follow a simple rule: “Only what’s necessary.”
- Limited Info Only: We only process the basics, like subject names and classes or teams, provided by schools and sports leagues to ensure the right photo gets to the right people. We never touch sensitive stuff like Social Security numbers, medical records, or grades.
- Top-Tier Storage: We use Amazon Web Services (AWS) technology to store images with high-level encryption.
- Strict Access: Not just anyone at GotPhoto can see a subject’s image. We use "Role-Based Access Control," which means only specific employees who need to see an image to do their jobs (like tech support) can access them.
Our "No-Go" List
Trust is built on transparency. To keep your data safe, here is what we don’t do:
- No Direct Collection: We don't go out and "harvest" student data. You, as the photographer, must work directly with schools to ensure information is handled through the proper channels.
- Controlled Access & Vetting: We strictly limit system access to authorized GotPhoto employees and vetted third-party sub-processors essential for our operations. We never sell your data or grant access to investors. Any external partner must meet our high security standards and contractual obligations before processing any information.
The Bottom Line
We know that behind every data point is a student, a family, and a school that is counting on us. Whether it’s through secure login requirements, regular security assessments, or encrypted transmissions, we are working around the clock to stay ahead of the curve.
Parents and schools can sleep a little easier knowing that we are safeguarding their memories with the respect and security they deserve.
Want to dive deeper into the technical side? You can check out our full Data Privacy Policy here.
Stay safe and keep smiling,
James Micklethwait
CEO of GotPhoto