Legal

Privacy policy

Last updated: 10 May 2026 (added accounts, OTP sign-in, analytics)

1. Who we are

Lightroom Tutor is operated by Joe Houghton (joe.houghton@gmail.com, houghtonphoto.com). The service is an interactive learning tool for Adobe Lightroom Classic.

Data controller and processor: Joe Houghton (sole operator). For any questions about how your data is handled, contact joe.houghton@gmail.com.

2. What data we collect and why

Account

Email address. Used to identify you across visits and to send the 6-digit verification code that proves you control the email. We don't collect or store passwords - sign-in is by one-time code only. Legal basis: performance of a contract (we cannot deliver lifetime access without an account).

Reading activity

We track which sections of the tutorial and reference you visit, and what you search for, so we know what to improve. While you're signed out this is keyed to an anonymous session ID stored in a strictly-necessary cookie. When you sign in we link the events to your account so we can show your reading history. Aggregate pageviews are also recorded by Plausible (cookieless, no individual tracking).

Feedback you submit

When you use the Send Feedback button, we store your message, the URL you were on, your browser user-agent, up to four optional screenshots, and an optional contact email if you want to be notified when your suggestion or bug fix lands. Feedback is read by Joe to improve the app.

3. How long we keep your data

Account data is kept for as long as you have an account. Inactive accounts (no sign-in for 24 months) are automatically deleted; you'll receive a warning email 30 days before deletion. You can delete your account at any time from your account page.

Feedback messages are kept for as long as the suggestion is relevant (typically until shipped or dropped from the roadmap). Screenshots attached to feedback are deleted after 12 months.

4. Sub-processors

We use the following third-party services to deliver the platform. All process data within the EU or under appropriate safeguards.

  • Vercel

    Hosts the web application and serverless API routes (US-headquartered, EU data-residency available; lightroom-tutor uses EU regions).

  • Neon (PostgreSQL)

    Stores all structured data (accounts, feedback, roadmap votes). Frankfurt region.

  • Brevo

    Sends transactional emails (verification codes, account notifications, deletion warnings, suggestion-shipped notifications). Paris-headquartered, EU-hosted.

  • Anthropic

    Powers the AI search feature. Your search query is sent to Anthropic's Claude API to generate a plain-English answer. No account data is shared; queries are not used to train Anthropic's models under their API terms.

  • Plausible

    Cookieless aggregate analytics (pageviews and referrers). No individual user tracking; no advertising cookies.

5. Your rights

Under GDPR you have the following rights. To exercise any of them, email joe.houghton@gmail.com. Most are also available directly in your account page once signed in.

  • Right of access (Art. 15)Request a copy of all data we hold about you - delivered as JSON within 30 days.
  • Right to rectification (Art. 16)Edit your name or email at any time from your account page.
  • Right to erasure (Art. 17)Delete your account from your account page. Permanent and irreversible.
  • Right to restriction (Art. 18)Pause processing while a dispute is resolved.
  • Right to portability (Art. 20)Receive your data in JSON, machine-readable format.
  • Right to object (Art. 21)Object to processing based on legitimate interest.

If you're unhappy with how your data is handled, you may also lodge a complaint with the Data Protection Commission (Ireland) at dataprotection.ie or the supervisory authority in your country of residence.

6. Cookies

Lightroom Tutor uses one strictly necessary session cookie to keep you signed in. We don't set advertising or tracking cookies. Plausible analytics is cookieless. The feedback form uses your browser's localStorage to remember your contact email so you don't have to retype it - this stays on your device and is never sent except in the feedback submission itself.

7. Security

All data is transmitted over HTTPS with HSTS preloading. We don't use passwords - sign-in is by one-time 6-digit code emailed to you, valid for 10 minutes. Codes are stored as SHA-256 hashes; the plaintext only ever exists in the email. All third-party API keys are stored in encrypted Vercel environment variables. The full security header set is active on every response (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy).

8. Minimum age

Lightroom Tutor is intended for users aged 16 and over. By registering you confirm you meet this age requirement.

9. Changes to this policy

We'll update this page when material changes happen (e.g. a new sub-processor or a different data category). Significant changes are announced on the roadmap and to all account holders by email.

10. Contact

For any privacy-related questions or to exercise your rights: joe.houghton@gmail.com