Privacy Policy

Last updated: 1 March 2026  ·  Effective: 1 March 2026

Eventiere ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it and your rights under applicable data protection law - including the EU General Data Protection Regulation (GDPR), UK GDPR and relevant GCC data protection frameworks.

1. Who We Are

Eventiere is an AI-powered event photo distribution platform. We operate at app.eventiere.com and provide services to event organisers globally, including in the UAE, Qatar, Saudi Arabia, India, the UK and other jurisdictions.

For data protection enquiries, contact us at: privacy@eventiere.com

2. Data We Collect

We collect different categories of data depending on whether you are an event organiser (our customer) or an event guest (end user).

For event organisers:

• Name, work email address and phone number (account registration)
• Company name and job title
• Billing information (processed by our payment provider - we do not store card numbers)
• Event details and settings you configure in the platform
• Usage data and analytics about how you use the organiser portal

For event guests:

• Name and email address (when provided for photo delivery)
• Phone number (when provided for WhatsApp or SMS delivery)
• Selfie photograph submitted for facial matching
• Biometric face embedding derived from your selfie (a mathematical representation, not the image itself)
• Event attendance record (which event you attended)
• Photo retrieval and download activity

Automatically collected data (all users):

• IP address and approximate location (country/city)
• Browser type, device type and operating system
• Pages visited and time spent on our platform
• Referral source

3. How We Use Your Data

We use personal data only for the purposes described below and only where we have a valid legal basis:

• Service delivery: To match event guests with their photographs and deliver personalised photo galleries.
• Account management: To create and manage organiser accounts, process payments and provide customer support.
• Communications: To send photo delivery emails, OTP login codes and event-related notifications. We do not send marketing emails without your consent.
• Platform improvement: To analyse usage patterns and improve our matching accuracy and user experience (using aggregated, anonymised data).
• Legal compliance: To meet our obligations under applicable law, including GDPR, UK GDPR and GCC data protection regulations.

4. Legal Basis for Processing (GDPR)

For users in the EU and UK, our legal bases for processing are:

• Contract: Processing necessary to deliver the service you have requested (organiser accounts, photo delivery).
• Consent: Processing biometric/facial data from event guests (always requires explicit, informed, freely given consent).
• Legitimate interests: Platform security, fraud prevention and aggregate analytics - where these do not override your rights.
• Legal obligation: Where required by applicable law.

5. Biometric Data and Facial Recognition

How it works: When you submit a selfie to find your event photos, we convert it into a mathematical face embedding (a vector of numbers). This embedding is used to search the event's photo index. We do not build a persistent database of faces across events.

Retention: Face embeddings for event guests are deleted within 90 days of the event date, or immediately upon your request. The selfie image itself is deleted within 24 hours of processing.

Consent: We obtain explicit consent before processing biometric data. Consent is collected at the point of selfie submission and is tied to the specific event. You can withdraw consent and request deletion at any time.

No third-party sale: We never sell, license, or transfer biometric data to third parties for any purpose.

6. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

• Event organisers: Organisers can access guest gallery activity data (e.g. how many photos were downloaded) in aggregate. They do not receive raw selfie images or face embeddings.
• Service providers: We use carefully vetted sub-processors (cloud hosting, email delivery, image processing) under data processing agreements. A list of sub-processors is available on request.
• Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of users.
• Business transfers: In the event of a merger or acquisition, personal data may be transferred to the successor entity subject to equivalent protections.

7. International Data Transfers

Eventiere operates globally. Data may be processed in the United States, European Economic Area, UAE and India. Where data is transferred outside your home jurisdiction, we ensure appropriate safeguards are in place (Standard Contractual Clauses for EU/UK transfers, or equivalent mechanisms for GCC jurisdictions).

8. Data Retention

• Organiser accounts: Retained for the duration of the account plus 3 years, unless deletion is requested earlier.
• Guest photos and galleries: Retained for the duration set by the event organiser (typically 6–12 months post-event).
• Selfie images: Deleted within 24 hours of processing.
• Face embeddings: Deleted within 90 days of the event or immediately on request.
• Contact form submissions: Retained for 12 months.

9. Your Rights

Depending on your location, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Request that we limit processing of your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw consent for biometric processing at any time, without affecting prior lawful processing.

To exercise any right, email privacy@eventiere.com. We will respond within 30 days. For GDPR erasure requests relating to biometric data, we aim to respond within 72 hours.

10. Cookies and Tracking

Our marketing website (eventiere.com) uses essential cookies only for site functionality. Our application (app.eventiere.com) uses session cookies for authentication. We do not use third-party advertising trackers or sell browsing data.

You can control cookies through your browser settings. Disabling cookies may affect platform functionality.

11. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact privacy@eventiere.com and we will delete it promptly.

For school and graduation events, organisers are responsible for obtaining appropriate parental consent before uploading student photographs.

12. Security

We implement appropriate technical and organisational security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls, regular security reviews and employee data protection training. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to registered organisers and by a prominent notice on this page. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact and Complaints

For any privacy question or concern: privacy@eventiere.com

If you are in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

---

Eventiere · privacy@eventiere.com · Terms of Service