Privacy Policy

Last material changes: April 2025

Here to view our Privacy Policy & Terms before agreeing to them? Head to nowcandid.com/terms-of-use to view our Terms of Use or read on to learn more about our Privacy Policy.

Candid Color Systems, Inc. and its affiliates ("CCS", “NowCandid”, “we”, “us” or “our”) respect your privacy. When it comes to your personal information, we believe in transparency, not surprises. That’s why we’ve set out here what personal information we collect, what we do with it, and your choices and rights. By using any of our services, you confirm you have read and understood this Privacy Policy.

  • Some key terms
  • How does this Privacy Policy apply?
  • Personal information we collect
  • How we collect personal information
  • How we use personal information
  • How we share personal information
  • Your rights and choices
  • How we protect personal information
  • How we retain personal information
  • End Users’ personal information
  • Access, objection, correction, and deletion
  • End Users’ California and other State privacy rights
  • Biometric Information Retention Policy (Illinois Residents and Others)
  • Updates to this Privacy Policy

1. Some key terms

In our Privacy Policy, when we refer to “Customers”, we mean our customers who use the websites and services of Candid Color Systems, Inc. For example, Customers may refer to professional photographers who use software products offered by CCS to upload, organize, and sell their photographs to their respective end-user customers (the “End Users”). 

The users, visitors, and customers of our Customers’ Events are “End Users”. For example, End Users may refer to individuals that have had their photo(s) taken and contact info collected by a Customer or anyone working on behalf of a Customer, and/or individuals shopping or browsing on NowCandid-facilitated retail or information websites.

NowCandid Services” refers to all of the functionalities and services of NowCandid and Candid Color Systems, Inc. (and our Third-Party Service providers), including but not limited to: event creation, tablet and app usage, online registration, online selfie check-in, online retail, face matching services, image hosting, account management, and more.

2. How does this Privacy Policy apply?

This Privacy Policy describes what we do with personal information that we collect and use for our own purposes (i.e., where we are a controller), such as your account information and information about how you use and interact with NowCandid Services, including information you submit to our customer support team as well as certain information relating to your End Users. This Privacy Policy does not apply to the personal information of our employees or job applicants (except to the extent employees or job applicants are Customers). We use cookies and similar technologies. We also host and process Customer Content on behalf of our Customers.

If you are an End User of one of our Customers’ Events and want to know how a Customer handles your information, you should check with the Customer, if applicable. If you want to know about what we do (or don't do) with your information on behalf of the Customers, read on.

3. Personal information we collect

If you are an End User interacting with a CCS Customer who is engaging CCS to provide the NowCandid Services to the Customer, CCS is collecting and processing your personal information on behalf of the Customer. In such cases, CCS is acting as a data processor and is collecting and processing End User personal information on the Customers’ behalf and in accordance with their instructions. The types of information typically collected are described in detail in this section. What CCS does not collect, and End Users should not be asked by Customers to provide, are things like protected health information, financial information, social security or other government-issued identification numbers, and other sensitive personal information.

It is primarily the Customer who must ensure that End User personal information is collected and processed in accordance with data protection laws. Therefore, if you are an End User with questions or concerns about the handling of your personal data, you should contact the relevant Customer directly or refer to the Customer’s separate privacy policy(ies).

Because this Privacy Policy is directed primarily at CCS Customers (rather than a Customer’s End Users), and unless otherwise noted, the term “your”, as used in this Privacy Policy, refers to a CCS Customer(s).

The following outlines the types of personal information that CCS will typically collect through the Services on behalf of CCS Customers.

CCS collects various personal information about you or your device(s). This includes the following:

  • Information you provide to create a NowCandid account (i.e., email address, first name, last name). To receive payments from NowCandid, banking information must be provided during account creation. If you wish to use QuicPics or similar programs or features, we also receive your payment information.
  • The emails and other communications that you send us or otherwise contribute, such as customer support inquiries.
  • Information you share with us in connection with surveys, contests, or promotions.
  • Information from your use of NowCandid Services or Customers’ Events. This includes IP addresses, preferences, web pages you visited prior to coming to the retail site for a Customer’s Event, information about your browser, network, or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs, and language and other regional settings), information about how you interact with NowCandid services and Customers’ Events (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).
  • Other information you submit to us directly.

4. How we collect personal information

We obtain personal information from various sources. We do this in three main ways:

  • You (i.e., Customers) provide some of it directly (such as by creating a NowCandid account).
  • We record some of it automatically when you use NowCandid Services or Customers’ Events (such as entering contact info via a tablet or a selfie check-in webpage).
  • We receive some of it from third parties (like via an app store).

We’ve described this in more detail below.

a. Personal information Customers provide

When Customers use NowCandid Services, we collect information from Customers in a number of ways. For instance, we ask Customers to provide their names and email addresses to register and manage their NowCandid accounts. We also maintain Customers’ marketing preferences and the emails and other communications that Customers send us or otherwise contribute, such as customer support inquiries. Customers might also provide us with information in other ways, including by responding to surveys, engaging with a Customer’s NowCandid Event as an End User, submitting a form, or participating in contests or similar promotions.

Sometimes we require Customers to provide us with information for contractual or legal reasons. We’ll normally let Customers know when information is required, and the consequences of failing to provide it. If Customers do not provide personal information when requested, Customers may not be able to use NowCandid Services if that information is necessary to provide Customers with the service or if we are legally required to collect it.

b. Personal information obtained from your use of NowCandid Services

When you use NowCandid Services, we collect information about your activity on and interaction with the Services, such as your IP address(es), your device and browser type, the web page you visited before coming to our sites, what pages on our sites you visit and for how long, and identifiers associated with your devices. If you’ve given us permission through your device settings, we may collect your location information via our apps.

If you are an End User of our Customers’ events, we also get information about your interactions with their events, though we use this in anonymous, aggregated, or pseudonymized form which does not focus on you individually. We use this data to evaluate, provide, protect, or improve NowCandid Services (including by developing new products and services).

Some of this information is collected automatically using cookies and similar technologies when you use NowCandid services and our Customers’ events. Some of this information is similarly collected automatically through your browser or from your device.

c. Personal information obtained from other sources

If you use a Third-Party Service (such as using Stripe to receive payments) when using NowCandid Services, the Third-Party Service may provide us with your information on your behalf, such as your name and email address (we don’t collect or store passwords you use to access Third-Party Services). Your privacy settings on the Third-Party Service normally control what they share with us. Make sure you are comfortable with what they share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the Third Party Service.

5. How we use personal information

We use the personal information we obtain about you for the following purposes:

  • Provision of NowCandid Services - Create and manage your NowCandid account, process payments, and respond to your inquiries. This may also include enabling Third Party services. Please remember that the manner in which Third Party Services use, store, and disclose information is governed solely by the policies of such third parties, and NowCandid shall have no liability or responsibility for the privacy practices or other actions of any Third Party Service that may be enabled within the platform.
  • Communicating with you - Communicate with you, including by sending you emails about your transactions and NowCandid service-related announcements.
  • Surveys and contests - Administer surveys, contests, and other promotions.
  • Promotion - Promote NowCandid Services and send you tailored marketing communications about products, services, offers, programs, and promotions of NowCandid and measure the success of those campaigns. For example, we may send different marketing communications to you based on your photography market or what we think may interest you based on other information we hold about you.
  • Improving NowCandid Services - Analyze and learn about how NowCandid Services are accessed and used, evaluate and improve NowCandid’s Services (including by developing new products and services and managing our communications), and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized, or aggregated information which does not focus on you individually. For example, if we learn that most Customers of NowCandid Services use a particular program or feature, we might wish to expand on that program or feature.
  • Security - Ensure the security and integrity of NowCandid Services.
  • Enforcement - Enforce our Privacy Policy and other legal terms and policies.
  • Protection - Protect our and others’ interests, rights, and property (e.g., to protect Customers and/or End Users from abuse).
  • Complying with law - Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts, and law enforcement requests.

We process your personal information for the above purposes when:

  • Consent - You have consented to the use of your personal information in a particular way.
  • Performance of a contract - We need your personal information to provide you with services and products requested by you, or to respond to your inquiries. In other words, so we can perform our contract with you or take steps at your request before entering into one. For example, we need your email address so you can sign in to your NowCandid account.
  • Legal obligation - We have a legal obligation to use your personal information, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
  • Legitimate interests - We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:
    • To operate the NowCandid business and provide you with tailored communications to develop and promote our business.
    • To analyze and improve the safety and security of NowCandid Services - we do this as it is necessary to pursue our legitimate interests in ensuring NowCandid is secure, such as by implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
    • To provide and improve NowCandid Services, including any personalized services - we do this as it is necessary to pursue our legitimate interests of providing an innovative offering to our Customers on a sustained basis.
    • To comply with a court order or binding law enforcement request.
    • To anonymize and subsequently use anonymized information.
  • Protecting you and others - To protect your vital interests or those of others.
  • Others’ legitimate interests - Where necessary for the purposes of a third party’s legitimate interests, such as our Customers who have a legitimate interest in having their events function properly and securely and analyzing the usage of their events so they can understand trends and improve their services.

6. How we share personal information

We do not sell your personal information to third parties; however, we may share personal information in the following ways:

  • Customers - We share with our Customers the contact information submitted by End Users of Customers’ Events. For example, we provide a Customer with all End User contact information submitted via the selfie check-in tool, including the selfie.
  • Process payments - We transmit Customers’ personal information via an encrypted connection to our payment processor.
  • Following the law or protecting rights and interests - We disclose Customers’ personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests (such as enforcing our Privacy Policy), or prevent fraud or abuse of NowCandid or our Customers or End Users. In particular, we may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
  • Business transfers - If we're involved in a reorganization, merger, acquisition, or sale of some or all of our assets, your personal information may be transferred as part of that deal or the negotiation of contemplated deals. (Note: We do not store biometric data; as such, it will never be listed as an asset, sold, etc.)

7. Your rights and choices

Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change, or delete personal information.

You can access, update, change, or delete personal information (or that of your End Users) either directly in your Account or by contacting us at ccssupport@candid.com to request the required changes. You can exercise your other rights (including deleting your Account) by contacting us at the same email address. Please note that we may need to verify your identity in connection with your requests, and such a verification process may, if you do not have access to your Account, require you to provide us with additional information (e.g., government identification). Even if you have access to your Account, we may request additional information if we believe it’s necessary to verify your identity. If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request.

Please note that, for technical reasons, there may be a delay in deleting your personal information from our systems when you ask us to delete it. We also will retain personal information in order to comply with the law, protect our and others’ rights, resolve disputes, or enforce our legal terms or policies, to the extent permitted under applicable law.

You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law. You also may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law.

Additionally, when you register, subscribe, create an account, place an order, sign up to receive offers or emails from us, or otherwise communicate with us, you may “opt out” of receiving future communications from us for direct marketing purposes at any time by following the “unsubscribe” instructions in any such communication you receive or by emailing us at ccssupport@candid.com.

8. How we protect personal information

While no service is completely secure, we have staff dedicated to keeping personal information safe. We maintain administrative, technical, and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal information in our possession. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it), and testing for and protecting against network vulnerabilities.

9. How we retain personal information

We retain personal information regarding you or your use of NowCandid Services for as long as your Account is active or for as long as needed to provide you with NowCandid services. We also retain personal information for as long as necessary to achieve the purposes described in this Privacy Policy (for example, to comply with our legal obligations, to protect us in the event of disputes, to enforce our agreements, and to protect our and others’ interests).

The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your Account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread.

As Customers may have a seasonal business or come back to us after an Account becomes inactive, we don’t immediately delete your personal information when your account becomes inactive. Instead, we keep your personal information for a reasonable period of time, so it will be there for you if you come back.

You may delete your Account by contacting us at ccssupport@candid.com, and NowCandid will delete the personal information it holds about you (unless we need to retain it for the purposes set forth in this Privacy Policy).

Please note that in the course of providing NowCandid Services, we collect and maintain aggregated, anonymized, or de-personalized information which we may retain indefinitely.

10. End Users’ personal information

Our Customers who have created an event using NowCandid are responsible for what they do with the personal information they collect, directly or through NowCandid, about their End Users. This Section 10 and following Sections 11 through 13 are directed to such End Users.

If you’re one of our Customers, you will collect personal information about your End Users. For example, when using selfie check-in, you will ask your End Users to provide their name, email address, and cell phone number so that you can send them their image gallery.

Customers are solely responsible for complying with any laws and regulations that apply to their collection and use of End Users’ information, including personal information collected about End Users using NowCandid or using NowCandid Services.

Customers must publish their own privacy policies and comply with them. We’re not liable for Customers’ relationship with End Users or how Customers collect and use the personal information of End Users (even if Customers collect End User personal information using NowCandid's tools, services, or functionalities), and we won’t provide Customers or End Users with any legal advice regarding such matters.

We are also not liable for how Customers use any contact information they have collected from End Users or other individuals using means outside of the data collection systems we provide. If Customers use independently gathered or acquired contact information with our system, it is the Customers’ responsibility to ensure they have permission to market to the End Users and other individuals to whom such contact information belongs.

We do not keep or store any Customer or End User biometric information regarding photo content for photos uploaded to NowCandid.

SMS data- NowCandid™ does not share, sell or distribute end user SMS data to third parties. Your information is used solely for communication about the use of our services. If you have questions about our data or other policies, please contact us.

11. Access, objection, correction, and deletion

In certain jurisdictions, End Users may have the right to obtain confirmation as to whether their personal information is being processed, information about the purposes of that processing, and information about the recipients to whom their personal data has been or will be disclosed. End Users may also have the right to receive a copy of the personal data they have provided and/or request its deletion.

CCS Customers are responsible for managing any request made by their End Users regarding access to and rectification of their personal information that is transferred to us. However, if End Users have questions about their rights, End Users are free to contact us at ccssupport@candid.com.

12. End Users’ California and other State privacy rights

Important: As described above, to the extent that CCS collects personal information, it does so primarily as a service provider acting pursuant to contracts to provide the NowCandid Services to Customers. If you are an End User who provided your personal information to our Customer(s), you should contact the particular Customer to whom you provided your personal information if you have questions about your rights under the state consumer privacy laws in California and elsewhere. 

If you are a resident of California, Colorado, Connecticut, or Virginia, the laws in those states provide you with the following rights with respect to your personal information:

  • The right to know the categories or specific personal information we have collected, used, disclosed, and sold about you. To submit a request to know, you may contact us at ccssupport@candid.com. You also may designate an authorized agent to make a request for access on your behalf.
  • The right to correct personal information we have collected, used, disclosed, and sold about you. To submit a request to know, you may contact us at ccssupport@candid.com. You also may designate an authorized agent to make a request for access on your behalf.
  • The right to request that we delete any personal information we have collected about you. To submit a request for deletion, you may contact us at ccssupport@candid.com. You also may designate an authorized agent to make a request for deletion on your behalf.

When you exercise these rights and submit a request to us, we will verify your identity (or the identity and authorization of your agent) by asking you for information such as your email address, telephone number, information about your company’s contract with CCS, or the last four digits of a credit or debit card used with CCS.

Your exercise of these rights will have no adverse effect on the price and quality of our goods or services.

For the 12-month period prior to the date of this Privacy Policy, CCS has not sold any personal information about its Customers or about the End Users of its Customers, nor does it have any plans to do so in the future.   

Separate from the above-disclosed rights, California law permits California residents to request certain information regarding our disclosure of personal information to third parties for the third parties’ direct marketing purposes. CCS does not share personal information of California residents with third parties for their own direct marketing. For questions, please contact us by sending an e-mail to ccssupport@candid.com.

13. Biometric Information Retention Policy (Illinois Residents and Others)

This Biometric Information Retention Policy is provided pursuant to the Illinois Biometric Information Privacy Act (“BIPA”) and other applicable laws that govern the collection of biometric data. It also describes the purpose for which your biometric data may be collected, an applicable retention schedule, and guidelines for permanently destroying your biometric data.

Purpose of Collection. CCS’s access to or collection of your personal information in connection with the NowCandid Services, if any, may include biometric identifiers and/or biometric information (collectively, “biometric data”). CCS does not interact directly with you with respect to any collection of your biometric data. Through our Customers and at their specific direction, CCS may allow Customers to use a Face Matching tool in connection with End User photos. The Face Matching tool uses AI to analyze the facial features of a person appearing in a photo, and then identify other photos depicting that same person. To perform this analysis, the Face Matching tool may briefly collect scans of the person’s face geometry (“biometric data”). The technology vendor that offers the tool will retain such biometric data only for as long as it takes to identify other photos depicting the person. The Face Matching tool will permanently delete the biometric data as soon as this process is complete. Where required by law, CCS’s Customers must obtain consent to collect or possess an End User’s biometric data. CCS will not sell, lease, trade, or otherwise profit from an End User’s biometric data. 

Retention of Biometric Data. BIPA provides that biometric data must be destroyed at the earliest of three years of the last interaction with you or when collection purpose has been met. CCS will, therefore, destroy your biometric data, if any, within the time required by law. Specifically, CCS will permanently destroy your biometric data, if any such data is in its possession, (1) when the initial purpose for collecting or obtaining such data has been satisfied, or (2) within three years of your last interaction with our Customer, whichever occurs first. Where actually in our possession and subject to the direction of our Customers, CCS will strive to retain your biometric data only for as long as necessary for such data to be used in connection with the Face Matching tool and will then seek to permanently destroy such data within approximately 90 days.

14. Updates to this Privacy Policy

We’ll update this Privacy Policy from time to time to reflect changes in technology, law, our business operations, or any other reason we determine is necessary or appropriate. When we make changes, we’ll update the “Last material changes” date at the top of the Privacy Policy and post it on our site(s). If we make material changes to it or the ways we process personal information, we’ll notify you (by, for example, prominently posting a notice of the changes on our site(s) before they take effect or directly sending you a notification).

We encourage you to check back periodically to review this Privacy Policy for any changes since your last visit. This will help ensure you better understand your relationship with us, including the ways we process your personal information.