Privacy & confidentiality
Your privacy, our discipline.
Version 3.1 · Updated 2026-05-15
Discretion is a professional standard at OLH Photographie, not a checkbox at the end of a contract. This policy explains, in plain language, what is collected through this site, why, where it goes, how long it stays, and the rights you have under Quebec's privacy law (commonly called Loi 25).
Privacy at a glance
- No advertising · no behavioural profiling · no cross-site tracking
- Identifiable photos are treated as personal information
- Encryption in transit and at rest, MFA on every privileged surface
- Cookieless analytics, only two functional cookies, both local-only
- Access · rectify · delete · port your data, 30-day response window
- Event albums document the events I cover; targeted or promotional use of your image (main portfolio, advertising, social campaigns, contests, or similar contexts) is done with a separate consent when required
What's new in this version
This page is rewritten when the site changes the way information is handled, never silently. Below are the most recent material updates.
-
Clarified how event-album publication is described, distinct from targeted or promotional use of your image. Event albums document the events OLH Photographie covers; identifiable attendees can naturally appear in them, and a respectful removal-request path is now stated explicitly. The "separate consent" language is reserved for main portfolio features, advertising, social media campaigns, contests, and similar promotional contexts, when that consent is required. This is a wording clarification, not a change in handling.
-
Full rewrite to a layered policy aligned with Loi 25, the Quebec Civil Code right to image, and the federal Copyright Act. Adds cross-border transfers, security, incident-handling, photography-specific section, and an explicit discretion-as-standard promise.
-
Contact-form autoresponder added. Visitor confirmation now describes the secure 60-day edit link, with a precise timing expectation and a soft fallback hint pointing to the spam folder.
-
Photo-purchase flow added (PayPal-hosted checkout). Order records retained six years per Canadian tax obligations, then deleted.
Privacy Officer (RPRP under Quebec Loi 25)
Olivier La Haye
Owner of OLH Photographie, designated Privacy Officer ("responsable de la protection des renseignements personnels", RPRP) under Quebec Loi 25 (P-39.1, art. 8.1)
For any privacy question, complaint, access request, rectification, withdrawal of consent, deletion, or data portability request, the Privacy Officer is the same person who took your photographs. Use the contact page with the subject "Privacy request" and you'll get an acknowledgement within 30 days.
Send a privacy requestInformation collected
The site only collects what it needs to do the job you came for, book a session, deliver an album, answer a question, take a payment. Tap a section to see exactly what is collected, why, how long it is kept, and where it lives. All sections are closed by default; nothing is hidden.
Contact form + secure edit link Your name, email, inquiry type, message, and any optional details, sent to me by email and stored as a private conversation thread so I can reply.
Reply to your inquiry and let you add details later via the secure 60-day link in your confirmation email. The confirmation is transactional: it is sent only because you submitted the form, contains no marketing content, and never carries your personal data in the URL.
Open conversation threads are kept until the inquiry is closed; closed threads are kept for the standard inquiry-archive window (currently 24 months, then deleted). The 60-day edit link expires automatically.
Email delivery: Resend (United States). Storage: Cloudflare D1 (United States). Both are bound by their own data-processing agreements.
Reactions and comments When you react to a photo or leave a message, the site stores a one-way hash of your IP for rate-limiting plus the optional name and message you provide.
Prevent duplicate reactions, block automated abuse, and let you sign your message if you want to.
Reactions and messages are kept until you ask me to remove them or until I do during routine moderation. The IP hash cannot be reversed to recover your original IP.
Stored on Cloudflare D1 (United States).
Anti-spam verification Comment, testimonial, and contact-form submissions are protected by Cloudflare Turnstile, a privacy-preserving alternative to image CAPTCHAs.
Distinguish real visitors from bots without making you click on traffic lights.
Turnstile may briefly analyse browser characteristics (user agent, hardware concurrency) for the challenge, this data does not track you across other websites.
Cloudflare (United States). See Cloudflare's own privacy policy for full details.
Testimonials Clients can voluntarily submit a testimonial through a private page. Submitted information includes your name, optional title or role, optional organization, optional email, and the testimonial text.
Publish testimonials on the site, but only after manual review and approval. Your email is never published.
Until you ask me to remove your testimonial or I retire it during a routine review.
Stored on Cloudflare D1 (United States). Optional anti-spam check via Turnstile.
Optional writing assistance On the testimonial and contact-form pages, you can optionally ask for spelling and grammar suggestions. Your text is sent to Google Gemini for that purpose.
Help you write a clean message without changing your tone or adding words you didn't write.
The site does not store the request server-side beyond the immediate response. The paid-API contract with Google states prompts and responses are not used to train Google models.
Google Gemini API (United States). Disabled if you don't use the suggestion feature.
Photo purchase orders When you place a photo purchase order, the site collects your name, email, and order details (selected photos, pricing).
Process the order, deliver the photos, and keep the tax records the law requires.
Order records are retained six years per Canadian tax regulations, then deleted. Your email is never used for marketing without separate, explicit consent.
Storage: Cloudflare D1 (United States). Payment: PayPal-hosted checkout (United States). The site never collects, transmits, or stores card data.
Privacy-first analytics Cloudflare Web Analytics (cookieless) for page traffic and performance. A separate, private interaction log records lightweight events (button clicks, page visits) keyed to a one-way IP hash.
Understand which pages are useful, which are slow, and whether the site is being attacked. No advertising, no behavioural profiling, no cross-site tracking.
Cloudflare Web Analytics: per Cloudflare's retention. Private interaction events: 90 days, then automatically deleted.
Cloudflare Web Analytics (United States) and Cloudflare D1 (United States) for the private events.
Album photo analytics, anonymous by default, opt-in for view time Album pages only, never the homepage, portfolio, contact, or any other surface. By default, an anonymous, daily-rotating IP hash counts which photos appear in your viewport. If you choose Accept on the inline album consent card, a random session identifier (stored only in this tab's memory) lets the photographer measure how long each photo holds your attention.
Curatorial only, to help the photographer learn which photos resonate and refine future galleries. Never used for advertising, never sold, never shared with third parties.
90 days, then automatically deleted. Declining or revoking your consent erases the session identifier from this device immediately. The daily salt rotates every 24 hours so cross-day correlation is mathematically impossible.
Cloudflare D1 (United States). The anonymous IP hash and any session identifier are computed with the Web Crypto API inside the Cloudflare worker, your raw IP, your user agent, and your session UUID are NEVER stored. Revoke any time from the inline card on an album page or from your browser settings (clear site data for olhphotographie.com).
Web fonts The site loads fonts from Google Fonts. When your browser fetches the font file, your IP is shared with Google.
Display the typeface the site is designed in.
Per Google's own font-CDN logging policy. Google states the data is not used for advertising or profile-building.
Google Fonts (United States). Self-hosting these fonts is on the operator roadmap as a future option to remove the IP share entirely.
Server security logs Standard Cloudflare edge logs (IP, user agent, request URL, response code, latency) are retained briefly for security and abuse-prevention purposes.
Detect and respond to attacks, debug outages, and protect the infrastructure that hosts your data.
Per Cloudflare's security-log retention. Not used for analytics, advertising, or profile-building.
Cloudflare (United States).
Photographs and your privacy
A photograph that identifies a person is, under Quebec law, a personal information. So three different rules apply at the same time, and they don't mean the same thing, explained side by side just below.
Discretion as a professional standard
Photographs published in event albums document the events that OLH Photographie covers — that is the purpose of the album itself, and identifiable attendees can naturally appear in this context. If you appear in an event photo or in a public sports gallery photo and would prefer it not be displayed, you can write to me through the contact page using the subject "Privacy request" to ask for its removal; requests are handled respectfully and diligently. Any more targeted or promotional use of your image — main portfolio features, advertising, social media campaigns, contests, or similar promotional contexts — is done with a separate consent when one is required. Beyond event coverage, identifiable client photographs from portrait, corporate, and editorial sessions stay private by default and are not published without your written authorization. Confidentiality remains the standard, not an afterthought.
Personal information (Loi 25)
When a photo identifies you, it is a personal information. Collection, retention, security, and the right to access, rectify, delete, or port apply.
Act respecting the protection of personal information in the private sector. CQLR c. P-39.1 §§ 1, 4-5, 17, 23, 27, 32
Right to image (Civil Code)
Your image cannot be published or used commercially without your consent, even if I own the copyright in the photograph itself.
Civil Code of Québec arts. 3, 35, 36 + Charter of Human Rights and Freedoms art. 5; Aubry v. Éditions Vice-Versa, [1998] 1 SCR 591
Copyright (federal)
I am the author and first owner of the copyright in the photograph as a creative work. That ownership does not let me publish your image, that's the right-to-image rule above.
Copyright Act, R.S.C. 1985, c. C-42 §§ 13, 14.1
Where your data is processed
OLH Photographie is based in Quebec, but several of the platforms used to run the site host data on servers located in the United States. Loi 25 §17 requires that this be assessed and disclosed. Below is the complete list of sub-processors used by this site.
Cloudflare (D1, Workers, Pages, Web Analytics, Turnstile)
Purpose
Site hosting, contact-form storage, comments, testimonials, orders, analytics, anti-spam
Region
United States (with global edge presence)
Safeguards
Encryption in transit (TLS 1.3) and at rest. Bound by Cloudflare's data-processing agreement.
Resend
Purpose
Transactional email delivery (admin notifications, visitor confirmations, secure edit-link emails)
Region
United States
Safeguards
Encryption in transit. Bound by Resend's data-processing agreement. Retention follows Resend's transactional-email policy on the active plan.
PayPal
Purpose
Photo-purchase checkout
Region
United States
Safeguards
Hosted-checkout redirect, the site never sees or stores card data. PayPal is PCI-DSS compliant.
Google (Fonts CDN, Gemini API, Places API)
Purpose
Font delivery; optional spelling/grammar suggestions on testimonial + contact pages; venue address suggestions + map-pin geocoding on the contact form (event / sports)
Region
United States
Safeguards
Fonts: IP-only request, no profiling per Google's font policy. Gemini paid API: prompts and responses are not used to train Google models. Places API: only the venue text you type (and a map-pin coordinate you choose) is sent, server-side, to look up an address; it is optional — the form works without it.
OpenFreeMap (venue map tiles)
Purpose
Optional interactive venue map on the Contact page (event / sports inquiries). Loads only when you open the map; the form works fully without it.
Region
Public open-source CDN (global edge)
Safeguards
No account, no API key, no cookies, per OpenFreeMap's published policy. Opening the map shares your IP address and standard request metadata with OpenFreeMap and its CDN. Free, commercial-use map built on OpenStreetMap data.
Your rights, and how to use them
Under Quebec's Loi 25, you have four concrete rights over the personal information held about you. Each one is one email away. Requests are acknowledged within 30 calendar days.
Access
See exactly what personal information the site holds about you, including the source, the purpose, and the categories of recipients.
Email me via the contact page with the subject "Privacy request, access" and any detail that helps me find your record (e.g. the email you used).
Rectification
Correct any information that is inaccurate, incomplete, or no longer up to date.
Reply on the same conversation thread or use the contact page with the subject "Privacy request, rectification". Tell me what is wrong and what it should be.
Withdrawal · deletion
Withdraw a consent you previously gave, or ask for the deletion of any record that is no longer needed for the original purpose. Tax-record retention takes precedence where the law requires it.
Use the contact page with the subject "Privacy request, deletion". Tell me which record (a comment, a testimonial, a conversation thread).
Portability
Receive a structured, commonly-used technological export of the personal information you provided to the site, so you can take it to another service.
Use the contact page with the subject "Privacy request, portability". A JSON export is the default; a CSV is available on request.
Security and incident handling
Photographs and the conversations around them deserve the same care given to financial data. The site enforces a layered set of technical measures, all in production today.
- TLS 1.3 with HSTS preload on every domain, no plaintext fallback.
- Encryption at rest for every data store (Cloudflare D1, Resend mailbox, PayPal vault).
- Multi-factor authentication required on every privileged surface (admin tools, mail provider, hosting).
- Hardware-encrypted disks for any local copy of unreleased photographs.
- No biometric, facial-recognition, or AI-portrait-recognition pipelines run on this site or its backend.
If something goes wrong
A confidentiality incident, unauthorized access, accidental disclosure, loss of media, is logged in the operator's confidentiality-incident register. If the incident presents a risk of serious injury to anyone affected, the Commission d'accès à l'information du Québec and the affected individuals are notified, in accordance with Loi 25.
Privacy questions, asked often
Privacy questions, asked often
I attended a public event you photographed, am I in your dataset?
Will my photographs ever appear in a portfolio or on Instagram by default?
How does Loi 25 differ from the right to image?
Do you use cookies or tracking pixels?
Do you sell or share my data?
How long do you keep my contact-form messages?
Can I get a copy of all my data?
Where can I file a complaint if I am not satisfied?
Do you use AI on my photographs without telling me?
How do I withdraw a consent I gave earlier?
A privacy question?
Whether it's an access request, a withdrawal of consent, a clarification, or a complaint, one email is all it takes. Replies arrive within 30 calendar days, usually within 48 hours.