Privacy Policy

Last updated: 2026-05-14

1. Who we are

EventUploader (“we”, “us”) operates the service at www.event-uploader.com. This policy explains what data we collect, why, and how you can exercise your rights over it.

2. Data we collect

From event organizers

  • Account email and name (via Google OAuth).
  • Event configuration (name, description, branding, settings).
  • Billing identifiers if you subscribe (handled by Stripe; we do not store card numbers).
  • Usage logs (which events you created, storage consumed).

From attendees

  • The files (photos / videos) you upload.
  • Optional name and email you choose to provide.
  • Basic request metadata (IP, user-agent) for abuse prevention.

3. How we use it

  • Operate the upload service and deliver media to organizers.
  • Authenticate users and enforce account security.
  • Bill subscribers and prevent fraud (via Stripe).
  • Improve the product (aggregated, non-identifying analytics).
  • Communicate service updates or respond to support requests.

We do not sell personal data.

4. Storage and processors

  • Supabase (auth + Postgres database) — EU region.
  • Amazon Web Services S3 (file storage) — EU region.
  • Stripe (payments and subscriptions).
  • Vercel (hosting).
  • PostHog (privacy-aware analytics; no cross-site tracking cookies).

5. Retention

Uploaded media is retained as long as the event exists in the organizer’s dashboard. When an event is deleted, associated files are removed from S3. Account data is retained while the account is active and deleted on request (see Section 7).

6. Cookies

We use a minimal set of cookies strictly necessary for authentication (Supabase session), plus first-party analytics that do not set persistent cross-site identifiers. We do not run third- party advertising cookies.

7. Your rights (GDPR / CCPA)

You can request to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Object to processing or restrict it.

To exercise any of these rights, contact us via the support form. We respond within 30 days.

8. Security

Files are stored in private S3 buckets accessible only via short-lived signed URLs. Database access is gated by row-level security policies. We use HTTPS everywhere.

9. Changes to this policy

We may update this policy. Material changes will be announced via email or in-app notice at least 14 days before they take effect.

10. Contact

Questions about this policy: contact us.

Terms of Service
Privacy Policy | EventUploader