Privacy Policy

Last updated: 22 January 2026

1. Introduction

Welcome to SnapWedLock ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wedding photo sharing platform.

By using SnapWedLock, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely using industry-standard encryption)
  • Display name or full name

2.2 Guest Information

When you join an event as a guest, we collect:

  • Nickname (as provided by you)
  • Consent confirmation for sharing photos
  • Event code used to join

2.3 Event Information

When you create an event, we collect:

  • Event title, date, and details
  • Venue information (name, address)
  • Event settings and preferences
  • Hero images and other uploaded content

2.4 Photo and Media Content

When you upload photos, we collect:

  • Photo files and associated thumbnails
  • EXIF metadata (including timestamp information from the original photo)
  • Photo captions (if provided)
  • Photo section/category assignments

Note: While photos may contain embedded GPS coordinates in EXIF data, we only extract timestamp information for organisational purposes. We do not extract, store, or use GPS coordinates from your photos.

2.5 Usage Data

We automatically collect certain information when you use our service:

  • Device information (browser type, operating system)
  • IP address
  • Usage patterns and interactions with the service
  • Analytics data through Vercel Analytics (anonymised and aggregated)

2.6 Authentication Data

If you choose to authenticate using Google OAuth:

  • We receive your name and email address from Google
  • Google's privacy policy applies to the authentication process

2.7 Engagement Data

We collect data related to your engagement with events:

  • Reactions/likes on photos
  • Points earned through photo uploads and interactions
  • Achievements unlocked
  • Leaderboard rankings

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our wedding photo sharing service
  • Authentication: To authenticate your identity and manage your account
  • Event Management: To create and manage wedding events, including guest access and permissions
  • Photo Storage: To store, organise, and display photos uploaded by you and other event participants
  • Gamification: To track points, achievements, and leaderboards as part of our engagement features
  • Communication: To send you service-related communications (such as account confirmations)
  • Analytics: To analyse usage patterns and improve our service (using anonymised, aggregated data)
  • Security: To detect and prevent fraud, abuse, and security issues
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Data Sharing and Disclosure

4.1 Within Events

Photos and content you upload to an event are visible to:

  • The event creator (wedding hosts)
  • Other guests who have joined the same event
  • Anyone with access to curated share links (if enabled by event creators)

Your nickname and engagement activity (likes, points) may be visible to other event participants in leaderboards and galleries.

4.2 Service Providers

We use trusted third-party service providers to operate our service:

  • Supabase: For database, authentication, and file storage services. Your data is stored on Supabase's infrastructure, which is GDPR-compliant and uses industry-standard security measures.
  • Vercel: For hosting our application and providing analytics services. Analytics data is anonymised and aggregated.
  • Google: For OAuth authentication (if you choose to use Google sign-in). Google's privacy policy applies to the authentication process.

These service providers are contractually obligated to protect your information and may only use it for the specific purposes we have engaged them for.

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, including:

  • Court orders or subpoenas
  • Government investigations
  • To protect our rights, privacy, safety, or property
  • To enforce our terms of service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

5. Data Storage and Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Passwords are hashed using industry-standard encryption algorithms
  • Data is transmitted over encrypted connections (HTTPS/TLS)
  • We use secure cloud storage with access controls
  • Regular security assessments and updates
  • Access to personal data is limited to authorized personnel only

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations
  • Event Data: Retained for the duration specified by event creators, or until the event is deleted
  • Photo Content: Retained according to event settings and until deletion is requested by event creators or users
  • Analytics Data: Aggregated, anonymised analytics data may be retained indefinitely for service improvement purposes

You may request deletion of your account and associated data at any time. Some information may be retained for legal compliance purposes even after account deletion.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain types of processing of your information
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. Cookies and Local Storage

We use cookies and local storage for the following purposes:

  • Authentication: To maintain your login session
  • Preferences: To remember your preferences and settings
  • Guest Tokens: To store temporary authentication tokens for guest access to events
  • Analytics: To collect anonymised usage statistics

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our service.

9. Children's Privacy

Our service is not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

Our service providers (Supabase, Vercel) operate in compliance with GDPR and other applicable data protection regulations and maintain appropriate safeguards for international data transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date at the top of this policy
  • Sending you an email notification (for significant changes)

Your continued use of our service after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@snapwedlock.com
Subject: Privacy Policy Inquiry

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable data protection laws.

This Privacy Policy is effective as of the date stated above and applies to all users of SnapWedLock.