About

School and League FAQ

  • Reflections Photography is a Limited Liability Company owned and operated by Danielle Jorae in Mid-Michigan.

  • Images taken by Reflections Photography are protected under copyright law.

    What is Copyright?

    Copyright law in the United States is designed to prevent the unauthorized replication of a "work of authorship." An amendment in 1988 extended this law to encompass visual works, including photography. Though the legalese can be daunting, in simpler terms, copyright law stipulates that when you capture a photograph, you automatically become the copyright owner of that image. As the owner, you hold exclusive rights to:

    • Reproduce the photograph

    • Display the image in public

    • Distribute the photo

    • Create derivatives of the image

    When an image is purchased, whether digitally or printed, copyright laws remain intact and allows for families to display photos for non-commercial purposes.

    Certain school districts obtain a use right which is typically signed by parents at school registration.

  • As an independent contractor, I do not allow outside affiliations to influence my work.

    I practice strict adherence to FERPA regulations, data privacy, and the protection of student identities.

    I have cleared all required background checks and follow safety protocols to protect vulnerable subjects.

    I do not take, publish, or sell photos that could embarrass or harm students, staff, or the school district's reputation

Vendors

All vendors used for student image delivery are regularly vetted. These vendors have also put student safety as the priority in their organizations.

Click here for resources from our online store vendor

    • Requests for images require a Legal Process: A subpoena for basic subscriber information and a search warrant for the content of communications or stored images.

    • Evaluation of Requests: A review of requests to ensure law enforcement is entitled to the data will occur. Overly broad or vague requests will be questioned.

    • User Notification: Advanced notice will be provided to the user whose data is requested, unless legally prohibited (e.g., by a nondisclosure/gag order).

    • Voluntary Disclosure: In emergencies involving immediate threats of harm or child exploitation, Reflections Photography may voluntarily disclose data to law enforcement.

    • Data Retention: Data is generally only held for as long as necessary. 

  • Yes. I use a secure, encrypted, and compliant system (Photoday) that tracks all data, including student names, IDs, grades, and photo file names. I only collect the essential directory-level information (student name, ID, teacher) necessary for identification and matching.

    This report can be generated at the end of the school year to show what data was collected, and to verify its secure handling in compliance with FERPA

  • While I do not have an independent, third-party audit of my studio, all client data is stored and managed via Photoday or Pixieset, which is SOC 2 Type II compliant/ISO 27001 certified. I can provide their compliance documentation upon request

Reporting

  • Facial Recognition technology is used for sorting and matching photos within the ordering platform that families order images from.

    This vendor has been properly vetted and has procedures in place to protect information.

  • Never. I ensure that student images are used only for their original purpose and safeguard the images and data in accordance to privacy laws.

  • By utilizing facial recognition, Reflections Photography is able to offer customized galleries for each individual family. Doing this removes the ability for others to see, access or purchase student photos.

    Organizations may opt out of facial recognition which would result in student images being batched into one gallery for the school. Others within your school district would see the photos but not have access to any student data.

    Note: Schools that request student ID’s, Yearbooks and customized products through Reflections Photography must use facial recognition to identify each photo for these purposes.

    All options outlined above are in password protected galleries and are backed by all of the other security measures outlined in the FAQ.

  • I deliver client previews via secure, password-protected galleries that prohibit unauthorized downloading.

    For final high-resolution files, I use a secure, encrypted service which ensures only the client can access the files.

    I place visible, branded watermarks on images to deter theft and identify ownership.

    I embed my name and copyright information directly into the image file's metadata.

  • In the U.S. only.

AI, Technology & Security

  • Ethics:

    • Respect & Consent: I will always obtain consent before taking photos, especially with vulnerable populations or minors. This includes respecting privacy, personal space, and cultural norms to avoid exploitation or stereotyping.

    • Authenticity & Integrity: I am committed to truthful representation by avoiding heavy post-processing or AI manipulations that misrepresent reality.

    • Professional Conduct: Maintaining honesty in business and serving my clients safely is a top priority.

    Due Diligence:

    • Legal Protections: I utilize written Photography Contracts that clearly define payment terms, usage rights, and cancellation policies.

    • Permissions: I secure necessary Model Releases to ensure images can be legally used for their intended purpose.

    • Preparation: I conduct site scouts to identify safety hazards and research local regulations for public or private lands.

    • Data Security: I have worked hard to secure a robust backup system for digital files ensuring GDPR-compliant data handling for client information.

  • No.

  • Only with explicit parent/guardian permission.

    In the case that Reflections Photography wishes to use a student image in Marketing materials or sample galleries, the students parent/guardian will be contacted and consent requested.

Ethics

  • Yes, I am fully aware of and comply with FERPA, COPPA, and relevant state student privacy laws. I act as a 'school official' with a legitimate educational interest, ensuring that all student photos and associated data (names, IDs) are treated as confidential education records, stored securely, and used only for school-authorized purposes

    Opt Outs: I work directly with the school administration to identify students on the 'opt-out' list to ensure they are not photographed or that their photos are removed from yearbooks and digital platforms

    • FERPA (Educational Records): I do not sell, license, or publish student photos publicly without explicit written consent from the district or parents. Images are provided only to authorized school personnel or parents.

    • COPPA (Under 13 Data): I do not collect personal information directly from children under 13 online. Any required data for student identification is provided by the school district, and I do not market to these students.

    • State Privacy Laws (SOPIPA-style): I do not build profiles of students, use data for targeted advertising, or share data with third parties for non-educational purposes.

    • Data Security:

  • Reflections Photography has ongoing and regular access to an IT professional that helps safeguard our information and systems. Immediately upon discovering a data breach, the system will be secured. From there, we will complete an investigation on what data was contained in the breach so we can properly communicate to those affected. Within three weeks of receiving the details of the investigation, Reflections Photography will notify the person(s) affected.

  • Files and Images are stored for a period of 1 year after they are processed for yearbooks or the contract is discontinued by the school district.

    During that period of time, this data is stored safely behind a Nextgen firewall with deep-packet inspection and an intrusion prevention system all on a server that is password protected.

    About Next Generation Systems:

    Next generation firewall systems are security systems that go beyond traditional firewall systems.

    • Application Awareness and Control: Identifies and manages specific applications, giving us the ability to block malicious apps while allowing legitimate ones.

    • Integrated Intrusion Prevention System (IPS): Automatically scans network traffic to block known threats and vulnerabilities in real-time

    • Deep Packet Inspection (DPI): Inspects the data payload of packets, not just the header, to identify malware or suspicious activity hidden within legitimate traffic.

    • Identity Awareness: Enforces security policies based on users or user groups rather than just IP addresses.

    • Threat Intelligence Integration: Uses external, real-time data to block malicious websites, IP addresses, and newly discovered threats.

Privacy Laws, Retention and Notifications

  • Student Name, Grade, Homeroom Teacher and School Name are all used for identification so yearbooks, student ID cards and other materials can be created as requested by the school district.

  • Using a certified vendor, details for the image order are required such as purchasers name, address and email.

  • Yes. In order to complete all services provided to our schools, clients, students and athletes, Reflections Photography utilizes vendors to complete this work.

    Each Vendor is researched, verified and regularly reviewed to ensure they have sufficient security practices in place.

Data Collection & Retention

  • To protect your child's privacy and my business, I require a signed, explicit consent form for any use of images in my portfolio or social media, even if you did not order them.

  • I work directly with the school administration to identify students on the 'opt-out' list to ensure they are not photographed or that their photos are removed from yearbooks and digital platforms

Parents