Privacy Policy

Last updated: 22 April 2026

What data we collect

We collect only the data needed to run SnapRooms:

  • Email address — when you create a room or sign in as an owner.
  • Optional guest name — when a guest uploads a photo and chooses to share it.
  • Uploaded photos — images guests add to a room.
  • Room metadata — room name, slug, creation date, and related settings.
  • IP address — implicitly collected via server logs and used for security (rate limiting).

Why we process your data

  • To create and manage rooms for event organizers.
  • To let guests upload and share photos within a room.
  • To authenticate owners and protect account access.
  • To send password recovery and room-setup emails.
  • To prevent abuse and spam through rate limiting.

How we store your data

  • Database: Room and owner data is stored in PostgreSQL (Neon).
  • File storage: Photos are stored in secure blob storage.
  • Passwords: Owner passwords are hashed with salt — we never store plain text passwords.
  • Tokens: Session and recovery tokens are time-limited and cryptographically signed.

Who can access your data

  • Room owners can view and manage the rooms and photos they own.
  • Guests can only view and upload photos to the specific room they have a link or QR code for.
  • We do not sell, share, or publicly index your data.

Security measures

  • Passwords are hashed with industry-standard algorithms.
  • Session tokens are signed and expire automatically.
  • Rate limiting protects against brute-force and spam attacks.
  • HTTPS is enforced for all traffic.

Data retention

  • Owner accounts: Retained until you delete your rooms or request account deletion.
  • Rooms: Retained until deleted by the owner.
  • Photos: Deleted automatically when the associated room is deleted.
  • Recovery tokens: Expire automatically after 30 minutes.
  • Setup tokens: Expire automatically after 24 hours.
  • Server logs: Short-term retention for debugging and security only.

Your rights (GDPR)

Under GDPR and similar privacy laws, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — request deletion of your personal data and rooms.
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a structured format.

How to request deletion

You can delete a room and its photos at any time from your dashboard. If you want us to delete all data associated with your email address, contact us at hello@snaprooms.app.

We will process deletion requests within 30 days and confirm once completed.

Contact

Questions about privacy? Reach us at hello@snaprooms.app.

← Back to SnapRooms