ProLnk is built on a Privacy-by-Design architecture. Every photo uploaded through our platform is protected by five non-negotiable security measures — enforced at the infrastructure level, not as optional settings.
These protections are enforced at the server level and cannot be disabled by any user, partner, or admin.
GPS & Device ID Removed at Upload
Every photo uploaded through ProLnk is processed server-side using Sharp image processing. Before any photo is stored, all EXIF metadata is permanently stripped — including GPS coordinates, device serial numbers, camera model, and capture timestamps. This is not optional and cannot be bypassed.
GPS coordinates removed (latitude, longitude, altitude)
Device identifiers removed (camera make, model, serial number)
Capture timestamps removed from embedded metadata
Processed using Sharp (server-side, not client-side)
Original EXIF data is never logged or stored
Photos Analyzed, Never Retained by AI
When photos are submitted for AI analysis, raw image data is passed to the vision model for a single inference call. The AI model does not store, index, or learn from your photos. Analysis results (property conditions, detected items, recommended services) are stored — but the raw photo is only retained in your encrypted S3 bucket, not in any AI system.
AI receives photo URL for single-pass inference only
No photo data is sent to external AI training pipelines
Analysis results stored separately from raw photos
AI processing logs include event type and timestamp — not photo content
Partners may revoke AI analysis consent at any time
Every Access Event Recorded
Every photo access event is recorded in a tamper-evident audit log — who accessed what, when, from which IP address, and in what capacity. The log covers uploads, AI analysis events, homeowner views, and admin access. This creates a complete chain of custody for every photo in the system.
Logged events: upload (partner), AI analysis (system), view (homeowner), admin review
Each entry records: photo URL, job ID, accessor role, accessor ID, IP address, user agent, UTC timestamp
Audit log is append-only — entries cannot be modified through the application layer
Admins can review the full audit trail in Admin Portal → Photo Access Log
Supports DSAR (Data Subject Access Requests) and incident response
Photos Belong to the Homeowner
Service professionals upload photos after completing a job — they have no retrieval access after upload. Photos belong to the homeowner. Only the homeowner can view their home's photos and AI analysis results through their TrustyPro dashboard, scoped to their property. Admins have access for compliance purposes only, and all admin access is logged.
Service professionals are upload-only — no retrieval access after submission
Homeowners access their own photos and AI results scoped to their property address
API layer enforces homeowner-scoped queries — no cross-property access possible
Admin access restricted to compliance and audit purposes, fully logged
AI pipeline accesses photos as a system actor, logged separately from human access
One-Time Consent at Onboarding — Not Per Upload
Service professionals give explicit, informed consent during partner onboarding (Step 4 of the application). Consent is captured once — not on every upload — keeping the experience frictionless while maintaining full legal compliance. The consent record is timestamped, versioned, and linked to the partner's account. Consent can be revoked at any time from Settings → Security.
Consent captured in Step 4 of the Partner Onboarding Wizard — one time only
Partners explicitly informed that photos are AI-processed only and not retrievable after upload
Three granular consent flags: photo storage, AI analysis, lead routing
Consent timestamped, versioned (v1.0+), and stored with IP address and user agent
Revocation immediately disables the upload pipeline for that partner
Partner uploads photo
Base64 → Server
EXIF stripped
GPS, device ID removed
Consent verified
Partner consent checked
Stored in S3
Encrypted, access-logged
AI analyzes
Single-pass, no retention
Lead generated
Results only, not photo
ProLnk uses AI vision models to analyze job photos for property condition assessment and lead generation. This processing is subject to explicit partner consent. AI models receive photo URLs for single-pass inference only — no photo data is retained by the AI system, used for model training, or shared with third parties. All AI processing events are logged with event type, timestamp, and partner ID. Partners may revoke AI analysis consent at any time from their Settings page, which immediately halts all AI processing of new uploads.
Last updated: April 2026 · Consent version: 1.0 · Questions? Contact [email protected]
Data Subject Requests
To request deletion, export, or correction of your data, email [email protected].
Security Disclosures
To report a security vulnerability, email [email protected].
Consent Management
Partners can manage photo consent in Settings → Security.
Legal Documents
© 2026 ProLnk · Built with Privacy-by-Design · All photo security measures are enforced at the infrastructure level.