Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Moments ("we", "us", "our") collects, uses, and protects your personal information when you use our website at momentsphotos.co.uk and our event photo sharing platform.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Moments is operated by Gabriele Sinis, based in the United Kingdom. We are registered with the Information Commissioner's Office (ICO) under registration number ZC121497. If you have any questions about this policy or how we handle your data, you can contact us at hello@momentsphotos.co.uk.

2. What information we collect

We collect the following types of information:

• Account information - your name and email address when you create an account
• Payment information - processed securely by Stripe. We never store your card details
• Event details - partner names, event date, and your chosen app URL
• Guest information - names and optional email addresses entered by guests when joining an event app
• Photos - images uploaded by guests during an event, stored via Cloudinary
• Usage data - how you interact with our platform, for improving the service

3. How we use your information

We use your information to:

• Create and manage your account and event app
• Process payments for our services
• Send you important service emails (confirmation, password reset)
• Notify you of activity on your event (e.g. mission completions)
• Improve and develop our platform
• Comply with our legal obligations

4. Legal basis for processing

We process your data under the following legal bases:

• Contract - to deliver the service you have paid for
• Legitimate interests - to improve our platform and ensure security
• Consent - for optional marketing communications
• Legal obligation - where required by law

5. Who we share your data with

We use the following trusted third-party services to operate our platform:

• Stripe - payment processing (stripe.com)
• Supabase - secure database and authentication (supabase.com)
• Cloudinary - photo storage and delivery (cloudinary.com)
• Resend - transactional email delivery (resend.com)
• Netlify - website hosting (netlify.com)

We do not sell your personal data to any third parties.

6. Photo storage and guest data

Photos uploaded by guests are stored securely via Cloudinary and are only accessible to people with the event link and guest password. Event albums become read-only the day after the event date. All photos and event data are permanently deleted 30 days after the event date. Organisers can download all photos as a ZIP file at any time during this period.

Guest names and email addresses are collected solely for the purpose of identifying photo contributions within the event app. They are not used for any marketing purposes.

7. Data retention

• Account data is retained for as long as your account is active
• Event data and photos become read-only the day after the event date, and are permanently deleted 30 days after the event date
• Payment records are retained for 7 years as required by UK law
• You can request deletion of your data at any time

8. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict how we process your data
• Data portability - receive your data in a structured format
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@momentsphotos.co.uk. We will respond within 30 days.

9. Cookies

Our website uses two types of cookies:

• Essential cookies: Required to keep you logged in and remember your preferences (e.g. whether you have accepted or declined cookies). These are always active and cannot be declined.
• Analytics cookies: We use Google Analytics to understand how visitors use Moments - which pages are visited, how long people stay, and where they come from. These cookies are only set if you click Accept on our cookie banner. If you click Decline, no analytics cookies are stored and Google Analytics is not loaded.

You can change your cookie preference at any time by clearing your browser's local storage. For more information on managing cookies, visit ico.org.uk.

10. Security

We take security seriously. All data is transmitted over HTTPS, passwords are never stored in plain text, and we use industry-standard services (Supabase, Stripe) that are themselves compliant with relevant security standards.

11. Children's privacy

Our service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of any significant changes by email. The date at the top of this page shows when the policy was last updated.

13. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.