LEGAL

Privacy Policy

This Privacy Policy describes how Fotowall collects, uses, shares, and protects personal data — whether you are an event organizer, an authorized admin, a guest uploading photos at an event, or a visitor to fotowall.io.

Last updated: · Effective: May 17, 2026

1. Who we are and our role

The "Fotowall" service is operated by [FOTOWALL_LEGAL_ENTITY] ("Fotowall," "we," "us"). For questions: privacy@fotowall.io.

Our role under data protection law depends on the data:

  • Account holders / event organizers: we act as a controller of your account, billing, and support data.
  • Guest uploads (photos, captions, optional uploader name and email): we act as a processor on behalf of the event organizer, who is the controller. The event organizer's privacy notice governs guest data; this policy explains how we handle it as a processor. See our DPA.
  • Website visitors and leads: we are a controller of cookies, analytics, and inquiry-form data.

If you submitted a photo at an event and want it removed, use our photo removal request form.

2. What personal data we collect

2.1 From account holders and event admins

  • Name, work email, company name, role.
  • Authentication identifiers (Firebase Auth user ID, optional SSO claims).
  • Billing details (handled by Stripe — we receive transaction metadata, not card numbers).
  • Event configuration entered by you (event name, date, venue, branding, sponsor logos, custom fields).
  • Support correspondence and feedback.

2.2 From event guests (collected on the controller's behalf)

  • Photos uploaded via the QR code page.
  • Optional uploader display name and email (if the organizer enabled those fields).
  • Optional caption text.
  • Upload metadata (timestamp, approximate IP-derived region, user-agent — used for abuse prevention and rate-limiting).

2.3 From website visitors

  • Lead-inquiry form submissions (name, email, event details, message).
  • Aggregate analytics (page views, geographic region, referrer, browser/device class) via Google Analytics 4, gated by consent.
  • Cookies — see Cookie Policy.

We do not intentionally collect sensitive categories of data (health, racial/ethnic origin, religion, sexual orientation, biometric identifiers, precise geolocation, government IDs). We do not perform automated decision-making with legal or similarly significant effects.

3. Why we process it (legal bases)

PurposeData categoriesLegal basis (GDPR)
Provide and operate the ServiceAccount, event, guest contentContract (Art. 6(1)(b)); for guest content, on the organizer's instructions as processor
Billing and tax complianceBilling identifiers, invoicesContract; legal obligation (Art. 6(1)(c))
Service security, fraud prevention, App CheckAuth tokens, IP, user-agent, audit logsLegitimate interests (Art. 6(1)(f)) — securing the Service
Product analytics and improvement (aggregated)Usage telemetry, page viewsConsent for cookie-based analytics; legitimate interests for aggregated counts
Customer support and account communicationsContact info, correspondenceContract; legitimate interests
Marketing emails to existing customersContact infoLegitimate interests with opt-out (soft opt-in where required)
Lead inquiries from /get-started or /contactForm fieldsPre-contract steps at your request (Art. 6(1)(b)); consent where required
Legal compliance and dispute defenseAs neededLegal obligation; legitimate interests

4. Who we share data with

We do not sell personal data and do not "share" it for cross-context behavioral advertising (as defined by the CPRA). We disclose data only as needed to:

  • Sub-processors who help operate the Service. Current sub-processors are listed at /subprocessors and include: Google Cloud Platform / Firebase (hosting, database, storage, auth), Cloudflare (DNS, edge protection), Stripe (payments), and Resend (transactional email).
  • Event organizers — guest content uploaded at their event is visible to their authorized admins.
  • Professional advisers (auditors, lawyers, accountants) under confidentiality.
  • Government, regulators, or courts when compelled by valid legal process. We will narrow scope where possible and, where lawful, notify you.
  • An acquirer in a merger, acquisition, or asset sale, with notice and continuity of this policy or a successor.

We have data processing agreements with all sub-processors that include confidentiality, security, and instruction-bound processing obligations.

5. International transfers

Our default infrastructure is hosted by Google Cloud Platform in us-east1 (United States). If you access Fotowall from outside the United States, your data will be transferred to and processed in the U.S.

For customers and data subjects in the European Economic Area, United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (2021/914) with the UK International Data Transfer Addendum where applicable. We perform transfer impact assessments and apply supplementary measures (encryption in transit and at rest, access controls, audit logging).

Enterprise customers may request EU data residency (Google Cloud europe-west1 or europe-west3). Contact privacy@fotowall.io.

6. Retention periods

Data categoryRetention
Guest photos — Essential plan90 days after event
Guest photos — Signature / Premier1 year after event
Guest photos — Agency / EnterpriseConfigurable (30–365 days), default 1 year
Account dataLifetime of account + 30-day soft-delete grace, then hard-purged
Lead inquiries (no contract signed)90 days, then auto-purged
Billing records and invoices7 years (tax / regulatory requirement)
Audit logs (deletion records, DSAR actions, admin approvals)5 years
Support tickets and correspondence3 years
BackupsRolling 35 days, encrypted

Earlier deletion is honored on request unless we have a legal obligation to retain (e.g., tax records, an active dispute).

7. Your rights and how to exercise them

Depending on where you live, you may have the right to:

  • Access — receive a copy of personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure ("right to be forgotten") — request deletion.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — limit our processing.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Non-discrimination for exercising privacy rights.
  • Lodge a complaint with your supervisory authority (e.g., your EU DPA, the ICO in the UK, or your U.S. state Attorney General).

How to exercise:

  • Account holders: use the "Export my data" and "Delete account" buttons in your admin dashboard, or email privacy@fotowall.io. Exports delivered as a ZIP via signed URL, valid 7 days.
  • Guests who appear in a photo: submit a photo removal request. We route to the event admin queue. We respond within 30 days; urgent live-event requests are prioritized.
  • Lead inquiry deletion: email privacy@fotowall.io from the address used to submit the form.

We may need to verify your identity (e.g., confirm control of the email address). We will respond within 30 days (one 60-day extension is permitted for complex requests with notice). Authorized agents can submit requests on your behalf with written authorization.

8. Cookies and analytics

We use a small set of cookies and similar technologies. Strictly necessary cookies (auth, session, consent state) are always on. Analytics cookies run only after explicit consent via our banner. Details and a full cookie table are at /cookies.

We implement Google Consent Mode v2 with default-denied analytics, ad_storage, ad_user_data, and ad_personalization signals. We do not run advertising cookies.

9. Security

  • TLS 1.2+ in transit; Google Cloud KMS at rest.
  • Role-based access controls; principle of least privilege for staff.
  • Firebase App Check (reCAPTCHA Enterprise) on public-facing write endpoints.
  • Audit logging on administrative actions and data exports.
  • Backups encrypted, with a 35-day rolling retention.
  • Vulnerability disclosure: security@fotowall.io (PGP key on request).
  • Independent SOC 2 Type II audit is planned — see the Trust Center for current status.

No method of transmission or storage is 100% secure. If we become aware of a personal data breach, we will notify affected customers without undue delay and within 72 hours where applicable.

10. Children

Fotowall is intended for use at events organized by adults. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA where local law sets that age). Event organizers must use the Service appropriately — at weddings, family events, or any event with minors present, organizers are responsible for parental notice and consent.

If you believe a child's data has been uploaded without proper consent, contact privacy@fotowall.io or submit a photo removal request and we will act promptly.

11. Region-specific rights

11.1 California (CCPA / CPRA)

California residents have the rights described above plus the right to know categories and specific pieces of personal information collected, the right to delete, the right to correct, and the right to limit use of "sensitive personal information." We do not sell personal information and do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months. We do not use or disclose sensitive personal information for purposes that would require a right-to-limit notice. Authorized agents may submit requests with written authorization.

To exercise California rights: privacy@fotowall.io. We honor Global Privacy Control (GPC) signals as an opt-out where applicable.

11.2 EEA, UK, and Switzerland (GDPR / UK GDPR / FADP)

Our UK/EU representative will be appointed prior to a material EEA customer base; until then, contact privacy@fotowall.io for any matter that would normally route to a representative. You have the right to lodge a complaint with your local supervisory authority.

11.3 Other U.S. state laws

We extend equivalent access, deletion, correction, and opt-out rights to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and other U.S. states with comprehensive privacy laws. Contact privacy@fotowall.io.

12. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date at the top and, for material changes, notify account holders by email and post a notice in-product at least 30 days before the change takes effect. Continued use after the effective date constitutes acceptance.

13. Contact