Privacy Policy

Last updated: May 27, 2026 · Effective: May 27, 2026

Festoso ("we", "us", "our") provides a shared event camera app and slideshow service at festoso.app and through the iOS and Android apps. This policy explains what personal information we collect, how we use it, and the choices you have.

1. Information we collect

Information you provide

Email address when you create a venue account or contact support.
Event name and password when you create or join an event (passwords are stored hashed; we cannot recover them).
Display name (optional) you choose when joining an event.
Photos and videos you capture, upload, or edit through the app for use in event feeds.
Payment information processed entirely by Stripe; we do not store full card numbers. We retain Stripe-issued IDs (customer ID, charge ID) for billing reconciliation.

Information collected automatically

Anonymous device identifier (a UUID generated per install) used to attribute uploads, throttle abuse, and link your guest session to the right event.
EXIF metadata embedded in photos you upload — including GPS coordinates if your camera recorded them. Used to show the location chip on each photo and to organize bulk-download ZIPs by day. You can strip GPS at capture time in your phone's camera settings.
Basic usage data — pages viewed, errors encountered, build/version of the app. Used to fix bugs and prioritize features. No advertising identifiers are collected.

Information we do not collect

Contacts, calendar, microphone (unless you opt into video recording), or browsing history.
Advertising identifiers (IDFA, AAID).
Precise location outside of EXIF data already embedded in your photos.
Biometric data. Face recognition is a future feature (v1.1+); when it ships, it will require explicit per-event opt-in consent, and a separate "delete my face data" path will be available. Festoso does not currently process biometric data.

2. How we use information

Run your event. Show photos to the right people, route uploads to the right S3 bucket, and broadcast new media to other guests on the event.
Bill paid features. Run Stripe Checkout, charge add-ons, and reconcile refunds and chargebacks.
Send transactional email. Organizer event links, retention reminders, and password-reset flows. We do not send marketing email without a separate opt-in.
Improve the product. Aggregate usage stats inform bug fixes and feature priorities. No personally-identifiable usage stats are shared with third parties.
Enforce abuse limits. Detect spam, denial-of-service, and content that violates our Terms.

3. Where data lives

Festoso is hosted on Amazon Web Services in the United States (region us-west-2). Photos and videos are stored in S3 with server-side encryption (SSE-S3 / AES-256), and all network traffic uses TLS 1.2+.

Photo and video files live in a per-venue S3 bucket scoped to your venue.
Event metadata and account records live in DynamoDB, encrypted at rest with AWS-owned keys.
Billing records are stored in Stripe under their own terms; see stripe.com/privacy.

4. Retention

How long we keep your event content depends on your tier:

Free tier: photos and videos are deleted 7 days after the event ends.
Event ($34) and Event Plus ($59) tiers: 90 days after the event ends.
Pro tier ($69/month): 90 days after each event ends.
Retention Extension add-on: adds 90 days to any paid event for $10.

After the retention window, photos and videos are permanently deleted from S3. Account records (email, venue, billing references) are retained as long as your account is active and for up to 7 years after deletion for tax and accounting purposes (or longer where required by law).

You can request earlier deletion at any time by emailing support@festoso.app.

5. Sharing and third parties

We share data only with:

AWS — our hosting and infrastructure provider. Operates under AWS's Data Processing Addendum; data does not leave the US region without explicit configuration changes.
Stripe — payment processing. Handles card numbers and tax compliance.
AWS Rekognition — when you opt into the AI Moderation add-on, photos are analyzed for nudity, violence, and weapons. Photos are not retained by Rekognition.
Apple App Store and Google Play — for app distribution and (where applicable) in-app purchases.
SES (AWS email) — to send organizer event links and retention reminders.

We never sell your data. We do not share data with advertisers or data brokers. We disclose data in response to lawful legal process (subpoena, court order), and we will notify you unless prohibited by law.

6. Your rights

You can:

Access your account and event data by signing in.
Export your event photos and videos at any time via the in-app bulk-download feature.
Delete an event (and all its media) from the organizer dashboard.
Delete your account by emailing support@festoso.app.

If you are located in the European Economic Area, United Kingdom, or California, you may have additional rights under GDPR or CCPA — including the right to portability, to object to processing, or to request that we restrict processing. Contact privacy@festoso.app to exercise these rights.

7. Children

Festoso is not intended for users under 13. If you become aware that a child under 13 has provided us with information, contact privacy@festoso.app and we will delete it.

8. Security

We use industry-standard safeguards including TLS in transit, encryption at rest, scoped credentials (per-event STS tokens), hashed passwords (bcrypt), and per-venue isolation of S3 storage. No system is perfectly secure; we will notify affected users without undue delay if we determine that a breach has occurred.

9. Changes to this policy

We may update this policy. Material changes (new categories of data collected, new third-party sharing) will be announced via email and via an in-app notice at least 30 days before they take effect.

10. Contact

Questions or concerns about this policy: privacy@festoso.app. General support: support@festoso.app.