What we collect, how we use it, and your rights.

Collin Stark photography is operated by Stark Method LLC. You can reach us at cs@collinstark.com for any privacy question.

We collect three categories of information:

1. Information you give us — name, email, phone, professional details (agency, social handles), and anything you write in a booking form or send us by email. Provided voluntarily when you contact us, book a session, or join our casting list.
2. Information we collect automatically — pages visited, links clicked, emails opened, IP address, device, browser. Collected through standard analytics, cookies, and email tracking pixels.
3. Information from third parties — when an agency or referral introduces you, we receive the basic profile data they share.

• To deliver the photography or video services you've requested
• To send emails you've subscribed to (you can unsubscribe anytime)
• To consider you for future casting opportunities (if you joined the casting list)
• To improve our work, content, and offers
• To comply with legal obligations (tax records, model releases, fraud prevention)

We do not sell your data. We do not share it with advertisers. We do not use it to profile you for purposes you didn't agree to.

We use these service providers to run our business. They receive only the data needed to do their job:

• Klaviyo — email delivery and analytics
• Cloudflare — content delivery and DDoS protection
• Vercel — website hosting
• Supabase — database and authentication
• Google (Gmail, Drive, Calendar) — email, file storage, scheduling
• Frame.io — video review (where applicable)
• Stripe / PayPal — payment processing

Each provider has its own privacy policy. We've reviewed and signed Data Processing Agreements where required.

• Active casting list members: until you unsubscribe or request removal
• Past clients: up to 7 years for tax/legal records, then deleted
• Inquiry forms / leads: up to 2 years if no engagement, then deleted
• Session imagery and footage: kept indefinitely as part of our archive, subject to your model release terms
• Analytics / behavior data: up to 24 months in identifiable form, then aggregated

You can:

• Access — request a copy of every piece of data we hold on you
• Correct — fix anything that's wrong
• Delete — ask us to wipe your data entirely (subject to legal retention windows and existing model releases)
• Port — get your data in a machine-readable format to take elsewhere
• Object — tell us to stop processing for specific purposes
• Unsubscribe — every email has an unsubscribe link; works one-click

Email cs@collinstark.com with the subject "Privacy request" and we'll respond within 30 days.

For EU residents: you also have the right to lodge a complaint with your local Data Protection Authority. For California residents: see our CCPA disclosure section below.

We use a small number of cookies and tracking pixels:

• Essential cookies — let the site work (login, language)
• Analytics cookies — let us see which pages get read and which links get clicked
• Email tracking pixels — let us see open and click rates on emails you've subscribed to

We don't use third-party advertising trackers. We don't sell cookie data.

Photography and video produced during your session is governed by the model release and contract you signed before the shoot. Within those terms, we retain creative ownership of the work and may use it for portfolio, editorial, advertising, and case-study purposes consistent with your release.

Our galleries are monitored for unauthorized access and image theft. By accessing any gallery you consent to that monitoring. Reproducing, downloading, or redistributing imagery outside the terms of your release may result in legal action and licensing fees.

We protect your data with:

• HTTPS / TLS encryption in transit
• Encryption at rest on all databases
• Row-level access controls on every table holding personal data
• Daily encrypted backups
• Rotated keys and limited access roles
• Incident response plan with 24-hour notification window

We can't promise breaches are impossible. We can promise we've put the right defenses in place and that we'll tell you fast if something goes wrong.

Our services are not directed at anyone under 16. We don't knowingly collect data from children. If you believe we have, email cs@collinstark.com and we'll delete it.

We may update this policy as the business evolves. Material changes will be flagged at the top of the page and emailed to anyone on our list. The "Last updated" date always reflects the current version.

Questions, complaints, requests — all to: cs@collinstark.com