Privacy Policy

Last updated: April 2026

Product-ready draft. This Privacy Policy is a product-ready draft intended to govern how SnapRooms handles your data. It is provided as-is and does not constitute legal advice.

What data we collect

We collect only the data needed to run SnapRooms:

  • Email address — when you create an event or sign in as an owner.
  • Optional guest name — when a guest uploads a photo and chooses to share it.
  • Uploaded photos — images guests add to an event.
  • Event metadata — event name, slug, creation date, and related settings.
  • IP address — implicitly collected via server logs and used for security (rate limiting).

Why we process your data

  • To create and manage events for event organizers.
  • To let guests upload and share photos within an event.
  • To authenticate owners and protect account access.
  • To send password recovery and event-setup emails.
  • To prevent abuse and spam through rate limiting.

How we store your data

  • Database: Event and owner data is stored in PostgreSQL (Neon).
  • File storage: Photos are stored in secure blob storage.
  • Passwords: Owner passwords are hashed with salt — we never store plain text passwords.
  • Tokens: Session and recovery tokens are time-limited and cryptographically signed.

Who can access your data

  • Event owners can view and manage the events and photos they own.
  • Guests can only view and upload photos to the specific event they have a link or QR code for.
  • We do not sell, share, or publicly index your data.

Security measures

  • Passwords are hashed with industry-standard algorithms.
  • Session tokens are signed and expire automatically.
  • Rate limiting protects against brute-force and spam attacks.
  • HTTPS is enforced for all traffic.

Data retention

  • Owner accounts: Retained until you delete your events or request account deletion.
  • Events and photos: retained according to your plan (Free: 90 days; Pro Event: 12 months; Wedding Pro: 24 months; Professional: while active + 90-day grace period after cancellation). The SnapRooms Vault add-on extends retention while active.
  • Photos: Deleted automatically when the associated event is deleted.
  • Recovery tokens: Expire automatically after 30 minutes.
  • Setup tokens: Expire automatically after 24 hours.
  • Server logs: Short-term retention for debugging and security only.
  • Before automatic deletion, we may send you a reminder email so you can download your data.

Your rights (GDPR)

Under GDPR and similar privacy laws, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — request deletion of your personal data and events.
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a structured format.

How to request deletion

You can delete an event and its photos at any time from your dashboard. If you want us to delete all data associated with your email address, contact us at hello@snaprooms.app.

We will process deletion requests within 30 days and confirm once completed.

Contact

Questions about privacy? Reach us at hello@snaprooms.app.

← Back to SnapRooms