Legal
Privacy policy
Last updated: [DATE] — TEMPLATE: have an attorney review before launch.
What we collect
Hosts: email address, event details you provide (names, dates, messages), and billing handled by Stripe (we never see full card numbers). Guests: the photos/videos you upload, the optional name you enter, and standard technical logs (IP address, browser type) used for security and abuse prevention. We do not require guest accounts and do not build guest profiles.
How we use it
To operate the service: storing and delivering media to the event host, processing payments, sending transactional emails (sign-in links, receipts, storage reminders), and preventing abuse. We do not sell personal information and we do not use your photos or videos for advertising or to train AI models.
Who can see uploads
Media uploaded to a gallery is visible to that gallery's host (and, for vendor-managed galleries, the vendor who operates it). Galleries are accessed via unguessable links; treat the link and QR code like a key.
Service providers
We use Supabase (authentication and database), Cloudflare R2 (media storage), Stripe (payments), and our hosting provider. Each processes data only to provide their service to us.
Retention and deletion
Media is retained for 12 months from the event date, then deleted. Hosts can request earlier deletion of a gallery at any time. Account data is deleted on account closure, except records we must keep for tax or legal reasons.
Your rights
Depending on where you live, you may have rights to access, correct, delete, or export your personal information. Guests who appear in photos should contact the event host, who controls the gallery; we'll assist hosts with such requests. Contact us at [CONTACT EMAIL].
Children
The service is not directed at children under 13, and host accounts must be created by adults.