Privacy Policy

1. Information We Collect

Personal Information:

• Account Information: Name, email address, and encrypted passwords
• Authentication Data: Session tokens and login credentials
• Event Information: Event names, descriptions, custom URLs, and settings
• Payment Information: Payment history and transaction records via Stripe (no credit card data stored)
• Subscription Data: Tier information, upgrade/downgrade history, and billing status

Multi-Cloud Storage Integration:

• OAuth Tokens: Encrypted access tokens for Google Drive, OneDrive, and Dropbox
• Refresh Tokens: Long-term authentication tokens (encrypted and securely stored)
• Cloud Folder Access: We create and access only specific folders for your events
• File Metadata: File names, sizes, types, upload timestamps, and uploader information
• Provider-Specific Data: Different metadata based on cloud provider APIs

Usage and System Information:

• Upload Activity: Detailed upload statistics, file counts, and transfer volumes
• Access Logs: IP addresses, session data, and request timestamps for security
• Error Tracking: Comprehensive error logs with severity classification and context
• Performance Metrics: Service performance data and system health monitoring
• Guest Messages: Message content and generated Canvas image cards

Database Storage (Neon PostgreSQL):

• User Data: Complete user profiles with role-based access control
• Event Data: Full event configurations and sharing settings
• File Upload Records: Complete tracking of all file transfers
• Message Records: Guest messages with metadata (guest name, message text, timestamp, cloud file ID)
• Error Logs: 30-day retention of system errors and incidents
• MSAL Cache: Microsoft authentication token caching for OneDrive integration

2. How We Use Your Information

We use your information to:

• Core Service Delivery: Enable photo/video uploads to Google Drive, OneDrive, or Dropbox
• Account Management: Maintain user accounts, tier restrictions, and access controls
• Multi-Cloud OAuth: Authenticate with multiple cloud providers on your behalf
• Payment Processing: Process tier upgrades and additional event purchases via Stripe
• Message System: Generate Canvas message cards and manage guest communications
• Service Improvement: Monitor performance, track usage patterns, and optimize functionality
• Security and Abuse Prevention: Monitor for unauthorized access, spam, and service abuse
• Error Resolution: Track and resolve technical issues through comprehensive logging
• Email Communications: Send account notifications, service updates, and support messages
• Admin Functions: Provide system monitoring and user support through admin dashboard
• Demo Mode: Provide sample data and functionality for free tier users

3. Data Storage and Security

Database Storage (Neon PostgreSQL):

• Production Database: Account and event data stored in secure Neon PostgreSQL database
• Encrypted Storage: All OAuth tokens and sensitive data encrypted using industry standards
• JSONB Format: Complex data structures stored efficiently with proper indexing
• No File Storage: Files stream directly to your cloud storage - never stored on our servers
• Connection Pooling: Optimized database connections for security and performance
• Backup Systems: Regular automated backups with cloud storage integration

Comprehensive Security Measures:

• Token Encryption: AES-256-GCM authenticated encryption for OAuth tokens with authentication tags to prevent tampering
• HTTPS/TLS Enforcement: All communications secured with TLS, automatic HTTP to HTTPS redirect in production
• Security Headers: Comprehensive CSP, HSTS, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy via Helmet
• Session Security: Cryptographically secure session management with 4-hour timeouts and secure cookies
• Input Validation: Comprehensive validation and sanitization on all endpoints
• Rate Limiting: Authentication endpoints limited to 10 requests per 15 minutes per IP to prevent brute force attacks
• OAuth Security: Redirect URI whitelist validation, secure memory clearing after token use, token refresh on expiration
• Path Traversal Protection: Security middleware preventing file system attacks
• Error Handling: Privacy-safe error logging with no token values or sensitive data exposure
• Request ID Tracking: UUID-based request correlation for security auditing and incident response
• Access Controls: Role-based permissions and authentication middleware
• Production Validation: Server startup validation to prevent insecure configurations

4. Multi-Cloud Provider Integration

Google Drive Integration:

• OAuth 2.0 Scope: drive.file scope - only access to files and folders our app creates
• Google APIs Client: Native streaming integration with googleapis package
• Folder Management: Hierarchical folder structure with parent/child relationships
• Thumbnail Generation: Direct REST API calls with response piping

Microsoft OneDrive Integration:

• Microsoft Graph API: MSAL-node authentication with custom token management
• Upload Sessions: Large file support with resumable uploads
• Folder Management: Path-based structure with drive item references
• Thumbnail Handling: Buffer conversion (cannot pipe Graph responses directly)

Dropbox Integration:

• Dropbox SDK: Native API client with OAuth 2.0 authentication
• Upload Sessions: Chunked uploads for large files
• Folder Management: Path-based with namespace handling
• Thumbnail Handling: Base64 encoding with API-specific formatting

What We Do Across All Providers:

• Create dedicated folders in your chosen cloud storage for each event
• Upload guest photos/videos directly using provider-specific streaming
• Generate sharing links and gallery access based on provider capabilities
• Provide download functionality optimized for each provider's API
• Monitor API quotas and provide alerts for storage space limits
• Automatic token refresh and health monitoring for all connected providers

5. Data Sharing and Third Parties

We DO NOT:

• Sell your personal information to anyone
• Share your data with advertisers or marketing companies
• Use your photos for any purpose other than providing the service
• Access your personal cloud storage files outside of event folders we create
• Share your information with unauthorized third parties
• Use your data for training AI or machine learning models

Authorized Third-Party Services:

• Google Services: Drive API, OAuth 2.0 authentication, and Google login integration
• Microsoft Services: Graph API, OneDrive integration, and MSAL authentication
• Dropbox Services: Dropbox API and OAuth 2.0 for file storage
• Stripe: Payment processing, subscription management, and billing (PCI compliant)
• Neon Database: PostgreSQL database hosting with encryption and security
• Email Services: SMTP providers for account notifications and communications

Data Processing Purposes:

• Cloud storage providers process files according to their own privacy policies
• Payment data is processed by Stripe according to PCI compliance standards
• Database services provide secure hosting with encryption and backup
• Email services handle notifications and password reset communications

6. Data Retention and Automatic Cleanup

Automated Data Retention Service (GDPR Compliant):

• Inactive Free Accounts: Free tier accounts with no login activity for 2 years (730 days) are automatically deleted with cascade to all events and data. All paid tiers (Single Event, Premium, Pro) are protected from automatic deletion.
• OAuth Tokens: Tokens are retained indefinitely and automatically refreshed when they expire. Tokens are only removed when you manually disconnect a cloud provider or delete your account.
• File Upload Records: Wedding photo metadata is retained indefinitely as this is a permanent photo sharing service. Actual files are stored in YOUR cloud storage.
• Error Logs: 30-day automatic retention with cleanup of older error data for privacy and storage optimization.

Manual Retention Controls:

• Account Data: Retained while your account is active, deleted within 30 days of account deletion
• Event Data: Retained while events exist, removed when events are deleted by you
• Payment History: Retained for legal compliance (typically 7 years) via Stripe
• Files: Stored in YOUR cloud storage - we don't control retention policies
• Session Data: Cleared upon logout or automatic 4-hour expiration
• Message Data: Retained while events exist, deleted with event removal
• Demo Data: Sample data for free tier users, not tied to real accounts

7. Your Rights and Choices

You Can:

• Access: View all your account, event, and usage data through comprehensive dashboards
• Update: Modify account information, event settings, and privacy preferences
• Delete: Remove events, disconnect cloud providers, or delete your entire account
• Download: Export all uploaded files from any connected cloud storage provider
• Revoke Access: Disconnect any cloud provider integration independently
• Data Portability: Request data export in machine-readable formats
• Payment Control: Manage subscriptions, view payment history, and cancel services
• Communication Preferences: Control email notifications and communications
• Error Data: Request deletion of error logs associated with your account

Admin Users Can:

• System Monitoring: View aggregate system health and error statistics
• User Support: Access limited user data for support purposes (no file access)
• Service Management: Monitor API quotas and system performance

8. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

9. International Users and Data Transfer

Data Processing Locations:

• Primary Database: Neon PostgreSQL - data processed in secure cloud infrastructure
• Cloud Storage: Your files stored in your chosen provider's global infrastructure
• Google Services: Data processed according to Google's global data centers
• Microsoft Services: Data processed through Microsoft's worldwide infrastructure
• Dropbox Services: Data processed through Dropbox's global network
• Payment Processing: Stripe processes payments globally with local compliance

Cross-Border Transfers:

• Your data may be transferred to and processed in multiple countries based on your cloud provider choice
• We ensure appropriate safeguards are in place for international data transfers
• Each cloud provider maintains their own data residency and compliance policies
• Payment data is processed according to international PCI compliance standards

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification for significant changes
• Displaying a notice on the service for major changes

11. Contact Information

← Back to Home