Privacy Policy

1. Who we are

ShootCorp is the trading name of RDNZ Media LLC dba ShootCorp(the "Company", "we", "us", or "our"). We operate the website at shootcorp.com (the "Site") along with the customer portal, vendor dashboard, and admin tooling that support our photography and videography services. This Privacy Policy explains how we handle the personal information of clients, vendors, applicants, and site visitors. You can reach us at hello@shootcorp.com with any privacy-related question.

We provide services primarily within the United States. If you access the Site from outside the United States, you understand that your information will be transferred to and processed in the United States, and you consent to that transfer.

2. Scope of this policy

This policy covers personal information we collect through the Site, through our customer portal and vendor dashboard, through the booking and payment flow, through the vendor application form, and from email we exchange with you about our services. It does not cover the services of any third party we link to. It does not constitute the terms of your contract with us — see our Terms of Service for that. For details on cookies specifically, see our Cookie Notice.

3. Information we collect

We collect different categories of information depending on whether you are a client booking our services, a vendor we have invited or approved into our network, a vendor applicant, or a casual site visitor.

3.1 Information collected from clients

When you book a shoot we collect your full name, business name (if applicable), email address, phone number, billing and event address, the details of the event you are booking (date, venue, type, scope, any creative direction you share), and the metadata of any contract you electronically sign through our flow. Signature image data is stored alongside the signed contract for the lifetime of that agreement. Payment card numbers are entered directly into our payment processor (Stripe); we do not see or store full card numbers, only Stripe's tokenized references and the partial card brand and last-four digits Stripe surfaces to us for reconciliation.

3.2 Information collected from vendors and applicants

When a vendor applies to join our network we collect the name, email, phone number, primary discipline (photographer, videographer, editor, or multi-discipline), Las Vegas availability category, years of experience, optional portfolio URL, optional day rate, optional short biography, and an optional headshot image. When we move an applicant into the qualification stage we additionally collect a mailing address, a full headshot, signed copies of our Vendor Service Agreement and Non-Disclosure Agreement, and any work samples or scheduling availability the vendor uploads.

For payout and tax-reporting purposes we collect each vendor's Taxpayer Identification Number — Social Security Number for sole proprietors or Employer Identification Number for entities — along with the legal name and tax address associated with that identification number. This information is required by U.S. tax law for 1099-NEC reporting once a vendor crosses the reporting threshold. It is stored in our database with restricted access (see Section 7) and displayed in any administrative interface only in masked form (for example, ***-**-1234).

3.3 Information collected automatically from site visitors

When you visit the Site we automatically receive your IP address, browser user-agent string, the URL you came from (referrer), and the pages you view. We use Cloudflare Turnstile on public forms to distinguish humans from automated bots; Turnstile may collect additional signals about the browser environment in service of that determination. Our hosting provider (Vercel) records server-side request logs for operational and security purposes. We do not use any third-party advertising cookies or cross-site tracking pixels, and we do not embed analytics scripts that build a cross-site profile of you.

4. How we use information

We use the information described above to:

• Deliver the services you have booked or applied for, including assigning vendors, generating quotes and contracts, delivering finished files, and handling logistics.
• Process payments and refunds through Stripe, and reconcile those payments with our internal records.
• Communicate with you transactionally — booking confirmations, invite emails, payout notifications, contract reminders, and replies to your questions.
• Comply with U.S. tax law, including issuing IRS Form 1099-NEC to qualifying vendors and maintaining the underlying records for the periods the IRS requires.
• Detect, investigate, and prevent fraud, abuse, and security incidents — for example, rate-limiting public forms and reviewing unusual access patterns.
• Improve our services by reviewing aggregate, de-identified usage patterns and customer feedback.

We do not use your personal information for behavioral advertising and we do not sell your personal information.

5. How we share information

We share personal information only with the third-party processors we need to operate the service, with the vendors we pair you with for the work you book, and where required by law.

Our service providers include Supabase (database and authenticated file storage), Vercel (application hosting and runtime), Stripe (payment processing), Resend (transactional email delivery), Cloudflare (bot protection via Turnstile), and Google (calendar coordination for vendor interviews via Google Calendar). Each of these processors receives only the information they need to perform their function and is contractually bound to use it only for that function.

When we assign a vendor to your event we share with that vendor the information they need to perform the work: the event date and time, venue address, scope, on-site contact details (which may be you or someone you designate), and any creative direction you have provided. Vendors are independent contractors and are contractually prohibited from soliciting our clients or using your information for any purpose other than fulfilling the booked engagement.

We may disclose personal information if required to do so by law, by a valid court order, by subpoena, or by other lawful process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of the Company, our clients, our vendors, or the public. In the event of a merger, acquisition, or sale of substantially all of our assets, personal information may be transferred to the acquiring entity, in which case we will give notice on this Site before any transfer becomes effective.

6. How long we keep your information

We retain personal information for as long as your account or engagement with us is active, and afterward only for as long as we have a legitimate operational, legal, or tax reason to keep it.

• Client and vendor account records: retained while the account is active and for seven years after the last interaction, to support tax records and dispute resolution.
• Payment records (Stripe transaction metadata, invoices, contracts): retained for seven years from the date of the transaction, in line with IRS recordkeeping norms.
• Signed agreements (booking contracts, vendor service agreements, NDAs): retained for the life of the agreement plus seven years.
• Vendor tax-reporting records (TIN, W-9-equivalent data, 1099 filings): retained for the periods required by 26 U.S.C. § 6001 and related Treasury Regulations.
• Server-side request logs from Vercel (our hosting provider): retained according to Vercel's standard retention.
• Email logs from Resend: retained according to Resend's default retention schedule.

7. How we protect your information

We protect personal information in transit using industry-standard TLS encryption and at rest using Supabase's encryption-at-rest defaults. Access to our database is restricted by Postgres row-level-security policies; sensitive fields such as tax identification numbers are readable only via the service-role connection used by our trusted server-side code, and never exposed to authenticated browser sessions. Any display of a tax identification number in our administrative interfaces is masked to show only the last four digits. The one exception is the IRS 1099-NEC CSV file we generate at year end: that file necessarily contains unmasked tax identification numbers, is downloadable only by an administrator from an authenticated admin-only route, and is delivered as a streamed download (not stored in browser-cached JSON).

No method of transmission over the internet or method of electronic storage is perfectly secure. While we use reasonable means to protect your information, we cannot guarantee absolute security.

8. Your privacy rights

Depending on where you live, you may have certain rights with respect to the personal information we hold about you.

8.1 California residents (CCPA / CPRA)

If you are a California resident you have the right to request the categories and specific pieces of personal information we have collected about you, the right to request that we delete personal information we have collected from you, the right to correct inaccurate information, and the right to opt out of any sale or sharing of personal information. We do not sell or share personal information for behavioral advertising purposes. To exercise any of these rights, contact us at the email address in Section 12.

8.2 EU and UK residents (GDPR / UK GDPR)

If the GDPR or UK GDPR applies to you, you additionally have rights of access, rectification, erasure, restriction of processing, portability, and the right to object to processing carried out on the basis of our legitimate interests. You may also lodge a complaint with your local supervisory authority. To exercise these rights, contact us at the email address in Section 12.

8.3 All other users

Regardless of where you live, you can email us to request access to, correction of, or deletion of personal information we hold about you. We will respond as required by applicable law, and we will request reasonable proof of identity before fulfilling any request, so that we are not disclosing information to the wrong person.

9. How to exercise your rights

Send your request from the email address associated with your ShootCorp account to hello@shootcorp.com and describe in plain language what you want us to do. We may need additional verification before we can act, particularly for deletion requests, because deleting the wrong account would be its own privacy violation. We aim to respond within thirty (30) days, and will tell you if we need longer for a particular request.

10. Cookies and tracking

We use a small number of essential cookies and an analytics mechanism to operate the Site. We do not use cookies for behavioral advertising. For details see our Cookie Notice.

11. Children's privacy

The Site and our services are intended for adults engaging us for professional photography and videography services. We do not knowingly collect personal information from children under the age of thirteen (13). If you believe a child has provided us with personal information, please contact us and we will take prompt action to delete it.

12. Changes to this policy + contact

We may update this Privacy Policy from time to time. When we make a material change we will update the "Last updated" date above and, if appropriate, notify active account holders by email. Continued use of the Site or our services after the new effective date constitutes acceptance of the revised policy.

If you have any question about this policy or about how we handle your personal information, please write to hello@shootcorp.com.