Privacy Policy

Last updated: April 2026

What we collect

• Photos & videos taken of you at our partner locations
• Contact details you provide: name, email, WhatsApp number, room number
• Face recognition vectors — only when you opt in to selfie matching
• Device data: browser type, IP address, viewing activity within your gallery
• Payment information — never stored by us, processed directly by Stripe

How we use it

• Deliver your photo gallery via secure magic link
• Process payment for unlocked or printed photos
• Send delivery emails & WhatsApp messages
• Match your face to photos taken at the venue (if opted in)
• Send reminders if you have unpurchased photos in your cart

Face recognition (GDPR Article 9)

Face vectors are biometric data and are treated with extra care. They are computed locally, used solely to match your selfie against photos at the same venue, and permanently deleted from our systems immediately after the match completes. They are never shared with third parties.

Third parties

• Stripe — payment processing (PCI-DSS Level 1)
• Cloudinary — image transformation & watermarking
• Cloudflare R2 — encrypted storage of original files
• Resend — transactional email delivery
• Meta WhatsApp Cloud API — message delivery

Data retention

Galleries expire 7–14 days after creation (the FOMO timer shown on each page). Original photos are deleted from cloud storage 90 days after gallery expiry unless you've purchased them. Customer records can be deleted at any time on request.

Your rights (GDPR / CCPA)

You may request a copy or deletion of all your data at any time. Emailprivacy@fotiqo.comor call our automated GDPR endpoint at POST /api/gdpr/delete with your customer email. We will respond within 30 days.

Contact

Data Protection Officer · dpo@fotiqo.com

See also: Terms of Service