Privacy

Your data stays
yours

We collect only what we need to run the Service, and we do not sell or share your personal information for advertising.

Last updated: May 18, 2026
01

Data we collect

Account & identifiers

  • Email address (required for event hosts to sign in via magic link)
  • User ID (UUID) assigned by Supabase Auth
  • Account plan tier stored in user metadata ("free", "pro", or "studio")

User content

  • Photos you upload (captured via camera or chosen from your device)
  • Event details you create (name, cover image, settings, reveal timing)
  • Film look/filter applied to each photo

Guest data

  • Guests are anonymous — we do not collect names, emails, or any personal identifiers
  • A random guest token is generated and stored in your browser's local storage to persist your session
  • Number of shots taken is tracked per guest

Local storage

  • We use your browser's local storage to cache event data when offline, remember your guest identity, and store a random analytics identifier (PostHog)
  • No cookies are used for tracking or advertising purposes

Camera & photo access

  • Camera access is requested only when you use the capture feature in the viewfinder
  • Photo library access is requested only when you choose to upload a photo from your device
  • Access requires your browser permission and is never used in the background

Analytics data

  • Page views, referring website, and browser/device information — collected via PostHog, a privacy-focused analytics platform
  • Approximate geographic location (city/country level derived from IP address)
  • This data is used only to understand usage patterns and improve the Service. We do not track individual users across sites or build behavioral profiles

What we do NOT collect

  • No names, phone numbers, or physical addresses
  • No payment or credit card information
  • No browsing history or device fingerprints
  • No advertising identifiers, cross-app tracking, or third-party tracking pixels
  • No third-party cookies or social media data
02

How we use data

We use the data we collect solely to operate and improve the Service:

  • Provide and operate the Service (create events, invite guests, upload and view photos)
  • Send authentication emails (magic links for sign-in)
  • Improve reliability and diagnose technical issues
  • Comply with legal obligations and enforce our Terms of Service

Legal bases (EEA/UK): performance of a contract, legitimate interests, and legal obligation.

03

How we share data

We do not sell your personal information. We do not allow cross-app tracking.

Within an event

  • Event details and photos are visible to participants according to the event's privacy setting ("private" or "shared")
  • Anyone with the event link or QR code can access the event and submit photos

Service providers (processors)

  • Supabase— database, authentication, and file storage
  • Netlify— web hosting and API serving
  • PostHog— privacy-focused product analytics (self-hosted or cloud)

These providers access data only to perform services for us and are contractually obligated to protect it.

04

Data retention

  • Event data is kept while the event is active and deleted when you delete the event
  • Deleting an event removes the event record, associated guest records, and photo database entries. Photo files stored in Supabase Storage may persist until manually removed
  • Account authentication data is retained by Supabase Auth until account deletion is requested
  • Aggregated or anonymized data may be retained longer for analytical purposes
05

Security

  • Encryption in transit (HTTPS/TLS) for all data transmitted to and from our servers
  • Encryption at rest provided by our cloud infrastructure
  • Row-level security policies on database tables to restrict data access
  • No security method is perfect. We cannot guarantee absolute security

If a data breach involves your personal information, we will notify you and relevant authorities when legally required.

06

Your choices and rights

In-app controls

  • Delete individual events from the dashboard at any time
  • Sign out of your account from the navigation menu
  • Clear local storage data through your browser settings at any time

Requests

Contact us at hello@flshbckz.com to access, correct, export, or delete your personal data. We may keep limited data to meet legal requirements or prevent abuse.

Region-specific rights

  • California (CCPA/CPRA): right to know, delete, and opt-out of sale (we do not sell personal information); no discrimination for exercising your rights
  • EEA/UK (GDPR): rights to access, rectification, erasure, portability, objection, and restriction; you may lodge a complaint with your local data protection authority
07

Children

flshbckz is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at hello@flshbckz.com and we will delete it.

08

International transfers

We operate primarily in the United States, and your data may be processed in the U.S. and other countries where our infrastructure providers operate. Where required by law, we use appropriate safeguards for international data transfers.

09

Changes to this policy

We will update this page when we change this policy. Material changes will be notified in-app or via email. Continued use of the Service after changes take effect means you accept the updated policy.

10

Contact

If you have questions about this privacy policy or your data, please reach out:

hello@flshbckz.comWe aim to respond within 48 hours

Start your first event free.

No credit card. No subscription. Just great photos from every guest.

Create Your Event