Privacy Policy
Last updated: 5 May 2026
1. Data controller
Snaptory is the data controller for the personal data you provide when using this platform. You can contact us at support@snaptory.co for any privacy-related request.
2. What we collect
Account holders (event creators)
- Registration data: Name, email address, password (hashed).
- Payment data: We use Stripe for payments. We receive a payment confirmation and booking reference — we never see or store card details.
- Event data: Event name, date, description, and configuration settings you choose.
- Uploaded content: Photos and (on eligible plans) videos you or your guests upload.
- Usage data: IP address, browser type, pages visited — collected via server logs for security and performance.
Guests (photo uploaders)
- Guests do not need to register. We collect only the photos/videos they upload and the IP address of the upload request (for abuse prevention).
- Guest uploads are associated with the event — the event host can see and download them.
3. How we use your data
- To provide the service: Store your events, serve photos, generate QR codes and PDFs.
- To process payments: Pass payment details to Stripe; store a record of your purchase.
- To communicate with you: Send transactional emails (event confirmation, payment receipts). We do not send marketing emails without opt-in consent.
- To ensure security: Detect abuse, prevent fraud, and protect other users.
- To improve the product: Aggregate, anonymised usage analytics only.
4. Legal basis (GDPR)
| Processing activity | Legal basis |
|---|---|
| Running your account & events | Contract (Art. 6(1)(b)) |
| Payment processing | Contract (Art. 6(1)(b)) |
| Security & abuse prevention | Legitimate interest (Art. 6(1)(f)) |
| Transactional emails | Contract (Art. 6(1)(b)) |
| Marketing emails | Consent (Art. 6(1)(a)) |
| Analytics (anonymised) | Legitimate interest (Art. 6(1)(f)) |
5. Where data is stored
All data — including uploaded photos — is stored on Hetzner Object Storage, Helsinki (Finland), EU. Data does not leave the European Economic Area.
Our application server also runs within the EU (Hetzner Cloud, Falkenstein, Germany).
6. How long we keep data
- Free events: Deleted automatically 7 days after the event date.
- Paid events: Retained for the duration of your plan (30–180 days), then deleted.
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Payment records: Retained for 7 years as required by EU accounting law.
- Server logs: Retained for 90 days, then purged.
7. Third parties
We share data with the following processors only to the extent necessary to operate the service:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | EU / US (SCCs) |
| Hetzner | Hosting & object storage | EU (Germany / Finland) |
| SendGrid / SMTP provider | Transactional email | EU |
We do not sell, rent, or share personal data with advertisers or data brokers.
8. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten") — you can delete your account and all events at any time.
- Restrict or object to processing.
- Data portability — export your photos and event data.
- Withdraw consent at any time where consent is the legal basis.
- Lodge a complaint with your national data protection authority (e.g. the UK ICO or the Finnish Data Protection Ombudsman).
To exercise any of these rights, email us at support@snaptory.co. We will respond within 30 days.
9. Cookies
We use a small number of essential cookies to keep you logged in and prevent cross-site request forgery. We do not use advertising or tracking cookies. See our full Cookie Policy for details.
10. Children
Snaptory is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has uploaded personal data to our platform, please contact us at support@snaptory.co and we will remove it promptly.
11. Changes to this policy
We may update this Privacy Policy. When we do, the "Last updated" date will change. For material changes, we will notify registered users by email at least 14 days in advance.