Eventiere is built privacy-first. Facial recognition data is never sold, never shared and deleted after processing. Enterprise security as standard - not an upsell.
Photos, biometric vectors and contact details are encrypted in transit (TLS 1.3) and at rest (AES-256). Nothing moves between services in plaintext.
Face vectors are stored in a separate, isolated database with no link to personal details. You cannot reconstruct a face from the numbers we store - and they're gone after the retention window closes.
No face is processed without the guest choosing to opt in first. That choice is logged with a timestamp and can be reversed at any point - we don't make withdrawal difficult.
We're built for events across the GCC, UK, India and Southeast Asia, which means covering GDPR, UAE PDPL, India DPDPA and Singapore PDPA. Need data to stay in a specific region? We can do that.
Biometric data purges on a schedule you set, defaulting to 30 days after the event. If your legal team needs a written deletion certificate, we provide one.
Organisers, photographers and admins each see only what they need to. Every action is audit-logged. A guest's photos are visible only to that guest - no shared galleries, no browsing other people's images.
A lot of companies say "privacy-first" without showing their working. Here's the full pipeline from photo upload to deletion, with nothing left out.
Your photographer's images go into a private, locked folder only your team can access. Nothing is public-facing.
Our AI creates a mathematical fingerprint for each face it finds. The original photos stay untouched and the fingerprint can never be used to recreate a face.
When a guest takes a selfie, we compare it against those fingerprints to find their photos. Only their results come back - we never mix guests or share results across events.
Photos are sent directly to the guest via WhatsApp or email. Download links stop working after 72 hours and we never store guest contact details with the delivery provider.
The facial fingerprints are wiped automatically on a schedule you set - 30 days by default. Photos follow your own policy.
| Regulation | Region | Status | Key requirement met |
|---|---|---|---|
| GDPR | European Union | ✓ Compliant | Explicit consent, right to erasure, data portability, DPO available on request |
| UAE PDPL | United Arab Emirates | ✓ Compliant | Consent-based processing, data localisation options, breach notification within 72 hours |
| India DPDPA 2023 | India | ✓ Compliant | Notice and consent framework, data fiduciary obligations, grievance redressal |
| PDPA | Singapore | ✓ Compliant | Purpose limitation, accuracy obligation, retention limits, transfer restrictions |
| PDPA | Qatar | ✓ Compliant | Lawful basis for processing biometric data, data subject rights |
| UK GDPR | United Kingdom | ✓ Compliant | Post-Brexit UK adequacy, Article 9 special category data safeguards |
Yes. Guests can submit a data removal request at any time via our GDPR / Data Removal page or by contacting privacy@eventiere.com. We process all requests within 72 hours and provide confirmation.
They aren't. Face vectors stay inside Eventiere's infrastructure and are never sold, licensed or passed to any third party. Our cloud providers process encrypted data only - they have no access to the embeddings themselves.
By default we use the AWS region closest to your event. If your legal or procurement team needs data to stay in a specific country, UAE, India, EU and Singapore are all available - just let us know before the event is set up.
We have a documented breach response plan with a 72-hour notification commitment to affected organisations and relevant authorities. Every system action is logged to a tamper-evident audit trail, so we can trace exactly what happened and when.
Yes. A standard DPA is available for all paid plans. Custom DPAs are available for enterprise customers. Contact privacy@eventiere.com to request your DPA.
We don't train on guest data. A guest's face is used for one purpose only - finding their photos at your event - and nothing else. Once the retention period ends, it's gone.