Privacy Policy

Introduction

This policy explains how GuestShoot collects, uses and protects your personal data under applicable data protection laws, including the GDPR where relevant. The data controller is La Taberna del Pasaje S.L. (CIF B73572562), Calle Corredera 50, Spain. Contact: guestshootapp@gmail.com, +34 644 722 887.

Data we collect

• Account data: name, email and authentication identifiers when you register or access protected areas.
• Event data: event name, description, configuration and album organization you provide to manage your event.
• Uploads: photos, videos, voice messages and guestbook entries shared by you or your guests, including timestamps and basic metadata.
• Technical metadata: device/browser information, IP address, language, approximate location from IP, and usage logs to ensure security, diagnostics and performance.
• Payments: billing name, email and transaction identifiers handled by Stripe. We do not store full card details.
• Communications: messages you send to our support channels (email or in-app) and interaction history.
• Cookies: session cookies, preference cookies and analytics cookies. Optional cookies are only used with consent where required.

Purposes of processing

We process data to provide and maintain the service, enable event collaboration features, authenticate users, moderate content, prevent fraud and abuse, improve functionality and performance, manage payments and invoicing, send essential communications related to your account or event, and respond to support requests.

Legal bases

We rely on (a) contract for providing the service you request; (b) legitimate interest in ensuring security, preventing abuse and improving the product; and (c) consent for optional features such as certain cookies, marketing or non-essential notifications where applicable.

Sharing and processors

We use processors strictly to operate GuestShoot and only share data necessary for those purposes: Firebase by Google (hosting, authentication, database), Stripe (payment processing), and Cloudflare R2 (media storage and delivery). These providers process data on our behalf under contractual terms. We do not sell personal data.

International transfers

Some processors may store or process data outside your country. Where applicable, we rely on appropriate safeguards, including standard contractual clauses and technical measures, to protect your data.

Retention

We retain personal data only for as long as necessary. Account data persists while the account is active. Event content follows product-specific retention periods (e.g., free tiers may have shorter retention). Backups and logs are kept for limited periods for security and compliance.

Your rights

You may request access, rectification, deletion, restriction and portability of your data, and you may object to processing based on legitimate interests. You can withdraw consent at any time where processing relies on consent. To exercise rights, contact guestshootapp@gmail.com. If you reside in the EU/EEA, you may also lodge a complaint with your local supervisory authority (in Spain, AEPD).

Security

We apply technical and organizational measures including encryption in transit, secure hosting, access controls, monitoring, and content moderation to protect accounts and uploads. No online service can guarantee absolute security, but we work to prevent misuse and unauthorized access.

Children

GuestShoot is intended for adults and event organizers. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete it.

Contact

For privacy requests or questions, contact guestshootapp@gmail.com or +34 644 722 887.