Start a project →

Legal

Privacy policy.

Effective 05.21.2026 · Last updated 05.21.2026

This Privacy Policy explains how Grainframe ("Grainframe," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with the website at https://grainframe.nyc, including its contact form, project inquiry pages, portfolio pages, services pages, journal pages, and related communications.

Grainframe is a Brooklyn-based photo and video studio working with hospitality, food and beverage businesses, artists, craft makers, and independent brands in New York City and the surrounding area.

This Privacy Policy does not replace any separate client agreement, production agreement, licensing agreement, model release, talent release, location release, or statement of work that may apply to a photography or video project.

1. Contact details

The privacy contact for Grainframe is:

Grainframe
Brooklyn, New York, United States
Email: hi@grainframe.nyc

2. Information we collect

We collect personal information in the ways described below.

Information you provide through the contact form

When you submit a project inquiry through the website, we collect the information you choose to provide, including:

  • your name;
  • email address;
  • project or business name;
  • sector, such as hospitality, food and beverage, artist or creative, craft maker, or other;
  • project need, such as photography, video, both, or not sure yet;
  • rough budget range;
  • project message;
  • timing information;
  • any other information you include in the form.

The contact form is currently submitted through Web3Forms, a third-party form delivery provider. Web3Forms processes the form submission so it can be delivered to Grainframe by email.

Information you provide by email or direct communication

If you contact us by email, social media, phone, or another channel, we collect your contact details and the contents of your message. This may include project details, venue information, brand information, proposed shoot dates, billing details, and other information needed to respond to your inquiry or work with you.

Client and project information

If you become a client or prospective client, we may collect information needed to plan, quote, produce, deliver, license, and archive a photography or video project, including:

  • client and business contact details;
  • names and contact details for project stakeholders;
  • shoot locations, schedules, call sheets, concepts, briefs, shot lists, references, and production notes;
  • budget, invoice, deposit, and payment status information;
  • contracts, licensing terms, releases, permissions, and approvals;
  • images, video, audio, behind-the-scenes materials, selects, edits, and final deliverables;
  • names, likenesses, voices, signatures, or other information included in project materials or releases.

Where a client provides personal information about employees, guests, talent, artists, makers, customers, or other people, the client is responsible for providing any required notices and obtaining any required rights, consents, releases, or permissions.

Website, device, and log information

When you visit the website, we and our hosting and technical service providers may automatically receive technical information, including:

  • IP address;
  • browser type and version;
  • device type and operating system;
  • referring pages and links;
  • pages requested and time of request;
  • server logs, security logs, and diagnostic information;
  • approximate location inferred from IP address.

The website may also use local storage in your browser to remember display preferences, such as visual theme or interface settings. Local storage stays on your device unless you clear it.

Third-party services loaded by the website

The website currently uses third-party services that may receive limited technical information from your browser when pages load or forms are submitted, including:

  • hosting and server infrastructure providers;
  • Web3Forms for contact form delivery;
  • Google Fonts for font delivery;
  • email providers used to receive and respond to inquiries;
  • Instagram or other third-party platforms if you click external links.

These third-party services handle information under their own privacy policies.

3. Sensitive information

Please do not submit sensitive personal information through the website contact form unless it is necessary for your inquiry. Sensitive information may include government ID numbers, financial account numbers, health information, precise personal location, information about children, or other highly private information.

For production work, project materials may sometimes include personal information that is sensitive or private, such as images of people, minors, private spaces, events, or location details. We handle that information as needed to perform the project and as described in the applicable client agreement, release, or project terms.

4. How we use personal information

We use personal information to:

  • operate, maintain, secure, and improve the website;
  • receive, route, and respond to inquiries;
  • evaluate project fit, scope, budget, and timing;
  • schedule calls, meetings, shoots, and project work;
  • prepare estimates, proposals, statements of work, contracts, releases, invoices, and deliverables;
  • provide photography, video, editing, licensing, and related studio services;
  • communicate with clients, prospective clients, collaborators, vendors, talent, and project stakeholders;
  • maintain business, tax, accounting, licensing, and project records;
  • prevent spam, fraud, abuse, and security incidents;
  • protect our legal rights and comply with law.

We do not use website contact form submissions for automated decision-making that produces legal or similarly significant effects.

5. Legal bases where required

Where laws such as the GDPR or UK GDPR require a legal basis, we rely on:

  • Contract: to respond to project inquiries, prepare proposals, enter into agreements, and perform studio services.
  • Legitimate interests: to operate and secure the website, respond to business inquiries, manage client relationships, improve services, maintain records, and protect legal rights.
  • Consent: where you opt in to a mailing list, optional marketing, or other consent-based processing.
  • Legal obligation: to comply with tax, accounting, court, regulatory, and other legal obligations.

You may withdraw consent where we rely on consent. Withdrawal does not affect processing that occurred before withdrawal.

6. How we disclose personal information

We may disclose personal information to the following categories of recipients.

Service providers

We disclose information to service providers that help us run the website and studio, such as:

  • website hosting providers;
  • form delivery providers, including Web3Forms;
  • email providers;
  • cloud storage or file delivery providers;
  • accounting, invoicing, payment, and bookkeeping providers;
  • project management, scheduling, and production tools;
  • professional advisers, such as lawyers, accountants, and insurance providers.

These providers are authorized to use personal information only as needed to provide services to us or as otherwise permitted by law.

Project collaborators and clients

For photography and video work, we may disclose relevant project information to clients, crew, assistants, editors, producers, stylists, talent, venues, agencies, publicists, printers, labs, licensing partners, or other collaborators as needed to plan, produce, edit, deliver, license, or publish the work.

Public portfolio and promotional use

We may display selected project work, including photos or video that may depict people, venues, products, businesses, or events, on our website, portfolio, social media, proposals, awards submissions, or promotional materials where permitted by the applicable client agreement, release, license, consent, or law.

Legal, safety, and enforcement

We may disclose information if we believe it is reasonably necessary to:

  • comply with law, legal process, or government requests;
  • enforce contracts, terms, licenses, releases, or policies;
  • protect the rights, safety, privacy, property, or security of Grainframe, clients, website visitors, or others;
  • investigate or respond to fraud, spam, abuse, security incidents, or technical issues.

Business transfers

If Grainframe is involved in a merger, acquisition, reorganization, financing, sale of assets, or similar transaction, personal information may be disclosed or transferred as part of that transaction.

With your direction or consent

We may disclose information when you direct us to do so or give us permission.

7. Cookies, local storage, and tracking

As of the Last Updated date, Grainframe does not use advertising pixels, retargeting tags, or analytics cookies on grainframe.nyc.

The website may use browser local storage to remember display preferences. Hosting providers may also maintain standard server logs for security, diagnostics, and operations.

If Grainframe adds analytics, advertising pixels, newsletter tools, or non-essential cookies in the future, Grainframe will update this Privacy Policy and, where required by law, provide notice and obtain consent before setting non-essential cookies or similar technologies.

8. Sale, sharing, and targeted advertising

Grainframe does not sell personal information for money. Grainframe also does not share personal information for cross-context behavioral advertising or use personal information for targeted advertising as those terms are used under U.S. state privacy laws.

If that changes, we will update this Privacy Policy and provide any legally required opt-out link or mechanism, such as a "Do Not Sell or Share My Personal Information" link.

We do not knowingly sell or share personal information of children under 16.

9. Data retention

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to respond to inquiries, provide services, maintain business records, resolve disputes, comply with law, and protect legal rights.

Our general retention periods are:

CategoryTypical retention period
Contact form inquiriesUp to 3 years after the last meaningful interaction, unless converted into client records
Client and project recordsFor the duration of the client relationship, then as needed for portfolio, licensing, tax, accounting, legal, insurance, and archival purposes
Contracts, releases, invoices, and payment recordsUsually 7 years or longer where required for legal, tax, accounting, licensing, or rights-management purposes
Email communicationsAs long as needed for business, legal, client relationship, and archival purposes
Website server and security logsTypically up to 24 months, unless needed longer for security, fraud, diagnostics, or legal reasons
Marketing preferences, if anyUntil you opt out or we no longer maintain the relevant list

Because photography and video work may have ongoing copyright, licensing, portfolio, release, and archival value, project materials may be retained for longer than ordinary contact records unless a contract requires otherwise.

10. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. These safeguards may include access controls, secure hosting, HTTPS, limited access to inquiries and project files, vendor review, backups, and security monitoring.

No website, email system, or online service can be guaranteed completely secure. Please avoid sending highly sensitive information through the contact form or unencrypted email.

11. International transfers

Grainframe is based in New York, United States. Our service providers may process personal information in the United States and other countries where they operate.

If applicable law requires safeguards for international transfers, we will use appropriate mechanisms, such as standard contractual clauses, data processing terms, or other lawful transfer mechanisms.

12. Your choices and rights

Depending on where you live, you may have rights to:

  • access personal information we hold about you;
  • request correction of inaccurate information;
  • request deletion of certain information;
  • receive a copy of certain information in a portable format;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • opt out of sale, sharing, targeted advertising, or certain profiling, if applicable;
  • appeal a denied privacy request where applicable;
  • lodge a complaint with a privacy regulator.

To make a privacy request, contact hi@grainframe.nyc. We may ask for information needed to verify your identity and process the request.

Some information may be exempt from deletion or access requests, including information we need to keep for legal, tax, accounting, contract, copyright, licensing, release, portfolio, security, or dispute-resolution purposes.

13. California notice at collection

This section is for California residents and is intended to describe the categories of personal information Grainframe collects and how we use and disclose that information.

CategoryExamplesSourcesPurposesDisclosed toSold or shared?Retention
IdentifiersName, email address, IP address, business contact detailsYou, your device, service providersRespond to inquiries, provide services, communicate, secure the websiteService providers, clients or collaborators where needed, legal recipientsNoSee Section 9
Customer records informationContact details, billing contact details, contracts, invoicesYou, clients, service providersClient management, billing, accounting, project records, legal complianceAccounting, payment, legal, insurance, and service providersNoSee Section 9
Commercial informationProject interest, budget range, service needs, client historyYou, clientsEvaluate inquiries, quote services, provide studio servicesService providers, project collaborators where neededNoSee Section 9
Internet or network activityIP address, server logs, pages requested, browser informationYour device, hosting providersWebsite operation, security, diagnostics, spam preventionHosting, security, and technical providersNoSee Section 9
Approximate geolocationApproximate location inferred from IP address; shoot location if providedYour device, you, clientsSecurity, diagnostics, project planningService providers, project collaborators where neededNoSee Section 9
Audio, visual, or similar informationPhotos, video, audio, likenesses, project materialsClients, talent, project participants, Grainframe-created materialsProduce, edit, deliver, archive, license, and display project work where permittedClients, collaborators, editors, vendors, portfolio viewers where publishedNoSee Section 9
Professional or employment informationBusiness name, role, company, sector, project stakeholdersYou, clients, project contactsRespond to inquiries, plan projects, communicateService providers, clients, collaborators where neededNoSee Section 9
InferencesProject preferences or likely service fit based on inquiry detailsYouRespond to inquiries, tailor proposalsService providers where neededNoSee Section 9
Sensitive personal informationNot intentionally collected through the website; may appear in project materials if providedYou, clients, project participantsOnly as needed for project, legal, contract, or security purposesService providers, clients, collaborators where neededNoSee Section 9

California residents may contact hi@grainframe.nyc to exercise CCPA rights. We do not discriminate against you for exercising privacy rights.

14. EEA, UK, and Swiss users

The website is operated from the United States and is primarily directed to clients in New York City and the surrounding area. If you are located in the European Economic Area, United Kingdom, or Switzerland and applicable law gives you privacy rights, you may contact hi@grainframe.nyc to exercise those rights.

You may also have the right to lodge a complaint with your local data protection authority.

15. Children's privacy

The website is intended for business and professional inquiries, not for children. We do not knowingly collect personal information directly from children under 13 through the website.

If a photography or video project involves minors, the responsible client, parent, guardian, school, venue, agency, or project organizer must obtain all legally required permissions and releases before the work is created, submitted, published, or licensed.

16. Third-party links

The website may link to third-party websites or platforms, such as Instagram. Those third parties are responsible for their own privacy practices. We encourage you to review their privacy policies before using their services.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last Updated" date and provide additional notice where required by law.

18. Contact us

For privacy questions or requests, contact:

Grainframe
Brooklyn, New York, United States
Email: hi@grainframe.nyc