VSCO: Photo & Video Editor
Experiment with 200+ high-quality presets
Download
We updated this Privacy Policy effective June 5, 2023. To review the updated Privacy Policy, click here.
Privacy Policy
Effective as of January 1, 2023

At VSCO, it’s important to us to be open and transparent with the creators who trust us with their data. This Privacy Policy describes our privacy practices and how we handle your data that we collect through our websites, products, services, social media, marketing activities, and other ways described in this Privacy Policy (collectively, our “Services”).

If you’re a resident of California or Virginia, check out the State Law Privacy Rights section below for some additional information about your personal information and rights under state law.

Table of Contents

  1. Data we collect
  2. How we use your data
  3. How we share your data
  4. How long we keep your data
  5. Your choices
  6. How we secure your data
  7. International data transfer
  8. General audience service
  9. Changes to this Privacy Policy
  10. How to contact us
  11. State Law Privacy Rights (California and Virginia)
  12. Privacy Notice to European Creators

Data we collect

There are three types of data we collect about you: data that you provide us, data we get through third parties, and data we collect automatically.

Here are some tables that summarize the different types of data we collect

Data You Provide Us
Examples
Account Data
We need certain information to set up your account.
Name, email address, phone number, username, password, redemption code, age, date of birth
Profile Data
You can customize your profile on our Services so other creators can get to know you better
Any information you add about yourself to your profile, such as your biographical details, photograph, social media links, interests, preferences
Our Communications With You
Sometimes we might reach out to you, or you might reach out to us.
The communications between us when you contact us with questions, comments, or support requests
Feedback
We would love to hear your thoughts on our Services.
Any feedback that you provide in any questionnaires, surveys, interviews, beta tests, or other scenarios in which we request your feedback
Payment and Transactional Data
We need certain information about you so we can process your payments
Name, country, payment card information, bank account number, billing information, subscription information, purchase history
Marketing Data
We want to honor your choices regarding our marketing efforts, and understand how our marketing campaigns are performing.
Your preferences for receiving our marketing communications and details about your engagement with them
User Generated Content
You’ll get to interact with other creators and generate your own content when you use our Services.
Images, music, videos, collages, montages, comments, tags, collaborative areas that you create, your “favorite” content, the content you repost, messages, your interactions with VSCO’s or other people’s content on our Services
Data About Others
You might want to invite your friends to use our Services.
Contacts that you share with us
Non-fungible token (“NFT”) Data
We might need NFT data related to artists and their content, curators, exhibitions, and collections.
Artist or artwork information, cryptocurrency wallet address and accounts, cryptocurrency transactions, cryptocurrency balance, keys, the content of the NFT, information on the related blockchain
Date We Collect From Third Parties
Examples
Data from Social Media Platforms
Sometimes you might connect with us on social media
Your interactions with our social media posts, your mentions of VSCO or VSCO related hashtags in your social media posts
Data from other Creators
Our creators might want to invite you to use our Services.
Contact lists that other creators sync with our Services
Data from your Single Sign On (SSO) Provider
We try to make the login process simpler for you by providing you with some SSO options.
Information related to your account with the SSO provider, such as your name, picture, username, email address, or phone number
Data We May Collect Automatically
Examples
Device Data
We receive certain information about your device and browser when you use our Services.
Operating system type and version, device type, device model, browser type, IP address, network information, unique identifiers, general location information
Online Activity Data
We learn about how you’re engaging with us and our Services online.
Your interactions with different pages on our Services, the website that referred you to us, whether you opened our marketing emails or clicked links within them
Precise Geolocation Data
Depending on whether you’ve given us permission, we might learn about your precise location.
Precise location data that we get when you authorize our mobile application to access your device’s location
Metadata about User-Generated Content
We get data about the content you contribute to our Services.
How, when, and where you created your content, how you edited your content
You may be able to configure your browser and device settings to limit some of the data we might collect about you.  Some of our automatic data collection happens through cookies or similar technologies, which you can learn more about by reading our Cookie Notice

How we use your data

Once we collect your data, we use it in a few different ways. This table summarizes the different ways we may use your data.

How We Use Your Data
What this means
Delivering our Services
We’ll use your data to provide our Services to you.
We use your data to provide and improve our Services and our business, establish and maintain your account and profile, facilitate the display and transfer of NFTs and related content, enable security features, communicate with you about our Services, understand your needs and interests as they relate to our Services, personalize your experience with our Services, respond to your requests, questions, and comments, and invite your contacts that you invite to join our Services.
Research and Development
We might use your data to help us make our Services better.
We may use your data for research and development so we can understand and improve our Services.

As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you.
Marketing
Depending on your choices, you might get marketing communications about our Services.
Direct marketing. We may send you direct marketing communications about our Services or products or services that we offer with our marketing partners. If you would rather not receive our marketing emails, you can follow the steps in the “Opt-Out of Marketing” section later in this Privacy Policy.

Interest-based advertising. We may engage third-party marketing companies and social media companies to display ads on other online services. These companies may use cookies and similar technologies with our Services, our communications and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our creators with these companies to facilitate interest-based advertising to those or similar creators on other online platforms. You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section section of our Cookie Notice.
Compliance and Protection
We may need to use your data in certain ways to make sure we provide our Services legally and safely.
To provide our Services, we must be mindful of the many legal, ethical, and contractual requirements that apply to us, while also trying to protect our creators and our Services.

To that end, we might use your data as needed to comply with the law, respond to lawful data requests (like subpoenas and warrants), protect our creators, protect our rights (including by establishing and defending against legal claims), comply with any legal, accounting, or reporting requirements, enforce our terms and policies, and prevent or investigate fraudulent, harmful, or illegal activity.

How we share your data

We might need to share your data with other parties to help us do the things mentioned above. This table summarizes the other parties that might receive your data.

Who we might share your data with
Why we might share your data with them
Affiliates
We might share your data with our corporate affiliates or subsidiaries to do the things mentioned in this Privacy Policy.
Service providers
We lean on certain companies and individuals that provide services on our behalf or help us operate our Services or our business. These service providers perform services like data hosting, information technology, customer support, email delivery, marketing, and website analytics
Advertising vendors
We may work with advertising networks, social media networks, or other adtech providers to advertise to you or to measure the effectiveness of our advertising.  You can learn about the options you have to opt-out of interest-based advertising in our Cookie Notice.
Professional advisors
We may need to share your data with our professional advisors, like our lawyers, auditors, bankers, and insurers if it’s necessary for them to provide their services.
Authorities and others
We may need to share your data with law enforcement, government authorities, and private parties if we need to do so for the compliance or protection purposes described above.
Business transferees
If we go through a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of our assets, we may share or transfer your data to the parties (or their advisors) to the transaction during the transaction or in contemplation of the transaction (including during due diligence).
Other creators and the public
Your profile and user-generated content are publicly visible and can be seen and used by others.

We may create other ways you can interact and communicate with other creators, including things like tipping and other ways you can support creators monetarily. The data related to these interactions will be visible by other creators.
We make commercially reasonable efforts to verify that any third parties who we share personal information with provide a level of protection of personal information that is consistent with this Privacy Policy.  Except for service providers and affiliates, any such third parties may use personal information as described in their own privacy policies to the extent permitted by law.

How Long We Keep Your Data

We retain data for as long as we need for the uses mentioned above. You can delete your account by following the instructions here.

When we don’t need your personal data anymore, we’ll either delete it or anonymize it, unless deletion or anonymization isn’t possible or practical (for example, because your data is in backup archives), in which case we’ll make sure your data is securely stored and isolated from further processing.

Remember that it is impossible to ensure that anything on the internet is ever completely removed. Even after your account is deleted, your content may still be visible, for example, if you’ve shared it on other platforms or if other people copied or shared your content before you deleted your account.

Your choices

You have control over your data in several ways. This table summarizes your choices concerning your data. If you’re located in California or Virginia, you can find additional information in the State Law Privacy Rights section below.

What you can do with your data
How to make it happen
Access or update your information
You can review and update certain account information by logging into your account.
Opt-out of marketing communications
You can opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of a marketing email, or by contacting us. You will continue to receive other non-marketing emails related to our Services. If you receive marketing text messages from us, you can opt out by replying STOP to our marketing message.
Set cookie preferences
To learn about the cookies we use and how you can control them, please see our Cookie Notice.
Disable mobile location data
You can disable our access to your device’s precise geolocation in your mobile device settings.
Decline to provide information
You can decide not to give us certain data, but then you may not be able to use certain features of our Services.
Configure third party platform settings
If you connect to our Services through a third-party platform (like a social media account), you may be able to use your settings in your account with that platform to limit the information we receive from it moving forward.
Delete your content and account
You can choose to delete certain user-generated content from your account. You can delete your account entirely by following the instructions here.

If you are under 18 years of age, you can also use these same instructions to exercise your right to delete your content under California’s “Online Eraser” Law.

How we secure your data

We use technical, organizational, and physical safeguards to protect your data, like firewalls and other security technology. For example, when you enter confidential information (such as login credentials or information submitted from within our Services) we encrypt the transmission of that information using secure socket layer technology (SSL). But unfortunately there is always risk when doing anything on the internet, so we can’t guarantee 100% security of your data. If we find out that we’ve had a data breach and your personal data has been compromised, we’ll notify you as required by law and take appropriate steps to investigate and remedy the vulnerability.

International data transfer

We’re headquartered in the United States and may use service providers in other countries. Your data may be processed or stored in the United States or other countries outside of where you live, which may have data protection laws that are different from those in your country. When we transfer data across borders, we take measures to comply with the relevant data protection laws governing the transfer.

General audience service

Our Services are intended for a general audience. As such, they are not directed or targeted toward children under 13 years of age and are not intended for use by children under 13. If we learn that we collected data through our Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

From time to time, we may update this Privacy Policy. If we make any material change to this Privacy Policy, we will notify you via email, through a notification posted on our Services, or as otherwise permitted or required by law. In all cases, your use of our Services after the effective date mentioned in any updated Privacy Policy indicates your acceptance of the updated Privacy Policy.

How to contact us

State Law Privacy Rights (California and Virginia)

This section applies to the use of our Services by residents of California and Virginia, and other states where they have privacy laws with similar rights as in the California Consumer Privacy Act (“CCPA”) andVirginia Consumer Data Protection Act (“VCDPA”) as may be amended, superseded or replaced.

When we use the term, “personal information” here, we mean the term as it’s used to describe what’s in scope as either “personal information” or “personal data” under the privacy laws of your state.

You have certain rights regarding your personal information, subject to certain specific exceptions in state law. We are providing a summary of your rights relating to personal information and how to exercise them. You are entitled to exercise these rights free from discrimination.

Verification. We’ll need enough detail to understand and respond to your request. We may need to verify your identity to process your requests and may also need to confirm your state residency. To verify your identity, we may require a combination of government identification, a copy of the receipt for your VSCO membership, or other information. We may also require you to login from a verified valid device or verify that the device you’re logging in from is valid.

Authorized Agents. You can have an authorized agent make a request on your behalf, but we’ll need to verify your agent’s identity. We would also need a copy of a valid power of attorney, or a written and signed permission to exercise your privacy rights on your behalf. We may still need to verify your identity and may ask you to directly confirm that you provided your authorized agent permission to submit the request on your behalf.

Sensitive Information. We only use “sensitive personal information” as defined by CCPA or "sensitive data" as defined by VCDPA, if you opt-in to this use and we don’t use that information for any purposes that California or Virginia residents can limit.

Retention. The duration of how long we retain personal information is generally based on how long we need it for the purposes for which it was collected, which includes complying with our legal obligations

Your Privacy Rights

Access. You have the right to access a copy of your personal information, which you can do by following the instructions available here, or by submitting a request here.

Correction. You have the right to request that we correct inaccurate personal information that we have collected about you. You can do so by submitting a support request here, or by submitting a request here.

Deletion. You have the right to request deletion of the personal information that we have collected from you, which you can do by following the instructions available here, or by submitting a request here. But if we delete your personal information, we might not be able to provide our Services to you.

Opting-out of tracking for targeted advertising purposes. Like many companies, we use advertising vendors that help deliver interest-based ads to you. Our use of some of these advertising vendors might be considered, understate law, “sharing” your personal information because the advertising vendors collect information about you (e.g., device data and online activity data) to help them serve ads more likely to interest you. You can opt-out of this type of “sharing”of your Personal Information by clicking Cookies Settings. Your request to opt-out will apply only to the browser and the device from which you submit the request.

You can also broadcast the GlobalPrivacy Control (GPC) to opt-out for each participating browser system that you use. Learn more at the Global Privacy Control website.

If we know that you’re 13-15 years of age, we won’t share your Personal Information unless we get your consent to do so.

Right to Know.  If you’re a California resident,you have the right to know, in the past 12 months: the categories of PersonalInformation that we collected about you, the categories of sources from whichwe collected the Personal Information, the business or commercial purpose forcollecting and/or “selling” Personal Information, the categories of thirdparties with whom we share Personal Information, the categories of PersonalInformation that we sold, shared, or disclosed for a business purpose, and thecategories of third parties to whom the Personal Information was sold, sharedor disclosed for a business purpose. You can find this information here and in the table below.

CCPA category of Personal Information (PI)
Examples of PI we collect in this category
Source of PI
Business purposes for collection
Categories of third parties to whom we “disclose” PI for a business purpose
Categories of third parties to whom we share PI for interest-based advertising
Identifiers
Account data, profile data, data about others, our communications with you, identifiers, data about others, and non-fungible token data
You or Third party sources
Delivering our Services, Research & development, Marketing, and Compliance & protection
Affiliates, Service Providers, Professional advisors, Authorities and others, Business transferees, and other users and the public
Advertising vendors
California Customer Records (as defined in California Civil Code section 1798.80)
Account data, profile data, our communications with you, feedback, payment & transactional data, user-generated content, data about others, and non-fungible token data
You
Delivering our Services, Research & development, Marketing, and Compliance & protection
Service Providers, Professional advisors, Authorities and others, Business transferees, and other users & the public
Advertising vendors
Commercial Information
Payment & transactional data, marketing data, feedback, online activity data, and non-fungible token data
You or Automatic collection
Delivering our Services, Research & development, Marketing, and Compliance & protection
Service Providers, Professional advisors, Authorities and others, and Business transferees
Advertising vendors
Online Identifiers
Profile data, device data, and non-fungible token data
You or Automatic collection
Delivering our Services, Research & development, Marketing, and Compliance & protection
Service Providers, Professional advisors, Authorities and others, Business transferees, and other users and the public
Advertising vendors
Internet or Network Information
Marketing data, device data, and online activity data
You or Automatic collection
Delivering our Services, Research & Development, Marketing, and Compliance & protection
Service Providers, Professional advisors, Authorities and others, and Business transferees
Advertising vendors
Geolocation Data
Device data, precise geolocation data, and metadata about user-generated content
Automatic collection
Delivering our Services, Research & development, Marketing, and Compliance & protection
Business partners, Service Providers, Professional advisors, Authorities and others, Business transferees, and other users & the public
Advertising vendors
Inferences
May be derived from your: Payment & transactional data, marketing data, user-generated content, device data, online activity data, non-fungible token data
N/A
Delivering our Services, Research & development, Marketing, and Compliance & protection
Business partners, Service Providers, Authorities and others, and Business transferees
Advertising vendors
Protected Classification Characteristics
We do not intentionally collect this information, but it may be revealed in identity data, user-generated content, or other information we collect
N/A
N/A
N/A
N/A
Sensory Information
User-generated content (images, video or audio)
You
Delivering our Services
Authorities and others, Service Providers, and Business transferees
N/A
Sensitive Personal Information
Precise geolocation data
Automatic collection
Delivering our Services
Service Providers, Authorities and others, and Business transferees
N/A
* Note: You might voluntarily provide additional information to us, which may contain other categories of personal information not mentioned in this table.

Privacy Notice to European Creators

The information provided in this notice applies only to individuals in the European Economic Area, United Kingdom and Switzerland (collectively, “Europe”) and explains our practices regarding personal data that we collect from you or which we have obtained about you from a third party, and the legal bases for processing your personal data. It also describes your rights in respect to our processing of your personal data.

Personal data. “Personal data” as used in this notice has the same meaning given in European data protection legislation.

Controller. VSCO is the controller of your personal data covered by this Privacy Policy for purposes of European data protection legislation.

Data protection representative. Our data protection representative in the EU and UK is VeraSafe. You may contact them at:

  • VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland
  • VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom

Legal bases for processing. We use your personal data only as permitted by law. Our legal bases for processing personal data are described in the table below.

Processing purpose

Details regarding each processing purpose listed below are provided in the section of our Privacy Policy titled “How we use your data”.
Legal basis
Processing is necessary to perform the contract governing our provision of our Services or to take steps that you request prior to signing up for our Services. If we have not entered into a contract with you, we process your personal data based on our legitimate interest in providing our Services you access and request.
These activities constitute our legitimate interests. We do not use your personal data for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Processing activities for which you have consented
Processing is based on your consent. Where we rely on your consent, you have the right to withdraw it any time in the manner indicated when you consent or in our Services.

Use for new purposes. We may use your personal data for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention. We retain personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal data we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If we anonymize your personal data (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Sensitive personal data. We ask that you not provide us with any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through our Services, or otherwise to us.

If you provide us with any sensitive personal data to us when you use our Services, you must consent to our processing and use of such sensitive personal data in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such sensitive personal data through our Services.

Your rights. You have the following rights in relation to the personal data we hold about you:

  • Right of access: You can ask us if we are processing your personal data and to provide you with a copy of it (along with certain details). If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
  • Right to erasure: You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent to our processing of your personal data (where applicable).
  • Right to restrict processing: You can ask us to 'block' or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data.
  • Right to data portability: You have the right, in certain circumstances, to obtain personal data you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Right to object: You can ask us to stop processing your personal data, and we will do so, if we are:
  • relying on our own or someone else's legitimate interests to process your personal data, unless we can demonstrate compelling legal grounds for the processing; or
  • processing your personal data for direct marketing purposes.
  • Right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
  • Right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the relevant supervisory authority. You can find your data protection regulator here.

You may submit these requests through our Help Center. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.

Cross-border data transfer. If we transfer your personal data out of Europe to a country not deemed to provide an adequate level of personal data protection for purposes of applicable data protection laws such that additional safeguards are required, the transfer will be performed:

  • pursuant to the recipient’s compliance with Standard Contractual Clauses or Binding Corporate Rules;
  • pursuant to the consent of the individual to whom the personal data pertains; or
  • as otherwise permitted by applicable laws.

You may contact us through our Help Center if you want further information on the specific mechanism used by us when transferring your personal data out of Europe.