Privacy & Imprint
Media owner and service provider
Ing. Fabian Wimberger
Am Sonnenhang 11, 4240 Freistadt, Austria
contact@fabianwimberger.at
Purpose
Lensea is a hosted platform that lets photographers publish and deliver client galleries on a studio.lensea.gallery subdomain or a connected custom domain.
Hosting
The service is hosted by Hetzner Online GmbH in Germany. On each request the web server may process IP address, timestamp, requested URL, referrer, user agent, and HTTP status for delivery, security, and troubleshooting. Logs are kept only as long as required for those purposes.
Data stored
Lensea requires authentication for studios. It stores studio accounts, password hashes, sessions, gallery metadata, uploaded photos and their generated thumbnail, web, and full-size variants, custom-domain records, and share links in a database and file volume on the server. Login-attempt rate-limit keys are kept in memory for about 15 minutes.
Cookies
Session cookies are technically necessary for studio login and are set with HttpOnly and SameSite attributes; the Secure attribute is enabled for HTTPS deployments. Opening a link- or password-protected gallery sets a technically necessary cookie that remembers access to that gallery. No analytics, third-party scripts, or profiling are used.
Signup confirmations and, where configured, notification emails are sent directly from the service’s own server through a self-hosted mailer that delivers over SMTP with DKIM signing. No third-party email service processes these messages; the only external recipient is the destination mailbox and its mail provider.
Client galleries
Galleries are private until a studio publishes them. Unpublished galleries, share links, and password-protected pages use unguessable tokens, are marked noindex, and are not crawler targets. Each studio is responsible for the content it uploads and for holding the rights to share it.
Legal basis
Processing rests on performance of the hosting agreement under Art. 6(1)(b) GDPR and on the legitimate interest in operating a secure service under Art. 6(1)(f) GDPR. No automated decision-making or profiling takes place.
Your rights
You may request access, rectification, erasure, restriction, portability, or object to processing. You may lodge a complaint with the Austrian Data Protection Authority at dsb.gv.at.