Privacy Policy

EventFrame · Last updated: 2026-06-12

EventFrame is an event photography platform that helps guests find their photos across albums shared by photographers. This policy explains what we collect, why, and how you can control or delete it.

Biometric data notice: EventFrame uses face recognition to match selfies against event photos. Your face data is encrypted, never shared with other users, and can be deleted at any time from Settings or by deleting your account.

1. Data We Collect

Account information

Biometric data (face recognition)

You must explicitly consent before we capture or process biometric data. Consent is recorded with a timestamp for audit purposes. You can withdraw consent at any time, which triggers immediate deletion of your face data.

Content you upload

Usage and device data

2. How We Use Your Data

We do not sell your data, train external AI models on your photos, or use your face data for advertising.

3. Third-Party Services

We share limited data with the following service providers strictly for the purpose of running EventFrame:

Each provider is bound by data-processing agreements and uses encrypted transit (TLS) and storage.

Face data specifically: selfies and face thumbnails are stored only in Cloudflare R2; face embeddings are stored only in MongoDB Atlas alongside your account. Face data is never sent to Sentry, PostHog, SMS providers, advertising networks, data brokers, or any analytics service. We do not sell, license, or otherwise disclose face data to any third party for their own use.

4. Connected Cloud Accounts (Google Drive, Google Photos, Dropbox)

EventFrame can optionally connect to your own Google Drive, Google Photos, or Dropbox account so that you can import existing photos into a gallery or export finished galleries for permanent storage and client delivery. Connecting is always your choice; you can use EventFrame without ever linking any of these services.

What we request and why

If you choose to connect Google, EventFrame requests the minimum scopes needed for the feature you're using:

If you choose to connect Dropbox, EventFrame requests files.content.read (for imports), files.content.write (for exports), and account_info.read (to display your account email so you can confirm you're connecting the right account).

EventFrame's use of information received from these Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we do with the data

Disconnecting and revoking access

5. Data Protection and Security

EventFrame applies the following data protection mechanisms to all user data, with stricter controls for sensitive data (OAuth tokens, face embeddings, account credentials, and photos accessed via Google API scopes).

Encryption in transit

Encryption at rest

Access control

Sensitive data isolation and minimization

Token revocation and account deletion

Vulnerability management and incident response

6. Data Retention

7. Your Rights

You have the right to:

8. GDPR / CCPA / BIPA Compliance

For users in the European Union, California, or Illinois, EventFrame complies with applicable data-protection laws including:

9. Children

EventFrame is not directed at children under 13. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete the account.

10. Changes to This Policy

We may update this policy. Material changes will be communicated in-app and require renewed biometric consent if applicable.

11. Contact Us

Questions about privacy? Email future.vision3069@gmail.com.