Privacy Policy

1. Introduction

Event Selfie Studio ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at eventselfiestudio.com and any associated subdomains (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your business name, email address, chosen subdomain, and password (stored in hashed form). If you are a tenant administrator, we may also collect your full name and role within your organisation.

2.2 Event Content

Our Service enables event guests to upload photos and selfies. We collect and store these images on behalf of the event organiser (the tenant). This content may include metadata such as file size, format, upload timestamp, and device information embedded in image EXIF data.

2.3 Usage Data

We automatically collect certain information when you visit, use, or navigate the Service. This includes your IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages, and other diagnostic data. This information is used primarily to maintain the security and operation of the Service.

2.4 Payment Information

When you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full credit card number or banking details on our servers. We may retain your Stripe customer ID, subscription status, plan type, and billing history for account management purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

To provide, operate, and maintain the Service
To manage your account, registration, and subscription
To process payments and send billing-related communications
To enable event creation, photo uploads, moderation, and slideshow features
To send transactional emails such as password resets and account notifications
To monitor usage patterns and improve the Service
To detect, prevent, and address technical issues or abuse
To comply with legal obligations

4. Information Sharing

We do not sell your personal information. We may share your information with the following third-party service providers who assist us in operating the Service:

4.1 Amazon Web Services (AWS)

We use AWS for cloud hosting, storage (S3 for uploaded images), and infrastructure services. Data stored on AWS is subject to their security practices and may be processed in data centres located in the EU or US regions.

4.2 Stripe

We use Stripe for payment processing. When you provide payment information, it is transmitted directly to Stripe's servers. Stripe's handling of your data is governed by their Privacy Policy.

We may also disclose your information if required by law, in response to valid legal requests by public authorities, or to protect our rights, privacy, safety, or property.

5. AI Image Moderation

5.1 What Data Is Processed

Uploaded images may be analysed by our AI-powered moderation system. The system processes the visual content of each image to detect potentially inappropriate, offensive, or unsafe material. Only the image data is processed; no personal information or metadata is sent to the moderation service.

5.2 Data Storage

The AI moderation system returns a classification result (safe, flagged, or rejected) and a confidence score. These results are stored alongside the upload record in our database. The original image is retained regardless of the moderation result to allow for manual review by the event organiser.

5.3 Flagged Content Handling

Images flagged by the AI system are placed in a moderation queue. Event organisers can review flagged content and make a final determination to approve or reject. Rejected images are excluded from public slideshows and event galleries but may be retained for a limited period for audit and appeal purposes.

5.4 Data Controller

Event Selfie Studio acts as the data controller for moderation processing. The event organiser (tenant) is the data controller for the event content itself. We process images on behalf of the tenant for content moderation purposes.

5.5 Your Rights Regarding AI Processing

You have the right to request information about how the AI moderation system has processed your content, to contest automated decisions, and to request human review of any moderation decision. Contact us at privacy@eventselfiestudio.com to exercise these rights.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide you with the Service. Event content (uploaded images) is retained for the duration specified by the event organiser's subscription plan. When an event is deleted or an account is terminated, associated content is permanently deleted within 30 days.

We may retain certain information as required by law or for legitimate business purposes, such as resolving disputes, enforcing our agreements, and complying with legal requests.

7. Security

We implement appropriate technical and organisational measures to protect your personal information. These include encryption of data in transit (TLS/SSL), hashed password storage (bcrypt), role-based access controls, multi-tenant data isolation, and regular security assessments.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your personal data
Restriction: Request that we restrict the processing of your data
Portability: Request a machine-readable copy of your data
Objection: Object to the processing of your personal data
Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@eventselfiestudio.com. We will respond to your request within 30 days.

9. Cookies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyse Service usage. The types of cookies we use include:

Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
Functional cookies: Store your preferences such as theme selection (light/dark mode) and language settings.
Analytics cookies: Help us understand how visitors interact with the Service, enabling us to improve performance and user experience.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@eventselfiestudio.com.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from those in your jurisdiction. We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data when transferred internationally.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send an email notification to registered users. Your continued use of the Service after any modifications constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email:privacy@eventselfiestudio.com
Service: Event Selfie Studio (eventselfiestudio.com)