A Statement on Image Security

from PhotoDay’s CEO, Alex Kovacevic

The start of the year is always an exciting time, with our industry gathering together at Imaging USA, SPAC, and SYNC. I love the opportunity they bring to catch up with long-time partners and friends, as well as to make new connections. Our volume photography community is a special group of people, and it is always energizing to kick off a new year surrounded by entrepreneurs who have dedicated their lives to capturing priceless memories.

This year, there is very clearly one subject on everyone’s mind: security.

Parents, schools, organizations, and photographers are rightfully asking tough questions about who can access kids' photos, personal data, and how safe everything really is. 

Recent news stories in our industry have made people even more concerned—and I get it.When it comes to children's images, there's no room for "maybe" or "probably safe."

At PhotoDay, we have always been at the cutting edge of image and data protection.

Security runs in our blood at PhotoDay. Our original CEO and Co-Founder worked on the front lines in law enforcement for decades before founding PhotoDay. The track record of PhotoDay, and our continuing position at the forefront of security in volume photography, speaks for itself:

• PhotoDay was one of the first certified and audited SOC2-compliant volume photography platforms in the world. SOC 2 is an independent, rigorous audit (done by outside experts) that checks how well we protect customer data against unauthorized access, breaches, and other risks. It covers security, privacy, and more. For you, it means trusted third parties have verified our systems and processes are solid.
• Every image in the PhotoDay database is protected by a significant security firewall, and any image access requires authenticated login access.
• To our knowledge, PhotoDay is the only platform in the photography industry that requires mobile or email verified accounts before anyone can access a picture day gallery. This provides an extra layer of verification and security that helps ensure only authorized customers can access the gallery.

Aside from employees at the specific studio that photographed the images (and only then behind an authentication wall), and the end consumers who have to set up a verified account, and who even then can only access galleries through the information explicitly provided by their photographer—certain employees of PhotoDay are the only other people who can ever access images on the PhotoDay platform. 

Only select full-time employees at PhotoDay have access to images and data whose job responsibilities require it. No investors, board members, parent company staff, or anyone outside those specific roles can ever access images or data. We never sell or provide access to photos to anyone outside of the PhotoDay ecosystem. All PhotoDay employees, whether they have access or not, go through extensive background checks before employment starts and as part of our annual SOC2 compliance audit.

Security is a constant battle against both technological advancements and bad actors, which requires ongoing vigilance, testing, and a total commitment to staying up to date with emerging threats. At PhotoDay, there is nothing we take more seriously. 

— Alex Kovacevic
CEO, PhotoDay