This Privacy Policy describes how Fotonest Studio ("Fotonest", "we", "our") collects, uses, stores, and shares information when you use the Fotonest mobile and web applications (the "Service"). By using the Service, you agree to this policy.
Contents
1. Information we collect
Profile information
When you sign in with Google, we receive your name, email address, and profile photo. We use these to identify your account and personalise your experience.
Photos you upload
If you host an event, you can upload photos to that event. Originals are stored in Google Cloud Storage. We process each photo to detect faces and generate visual signatures used for matching.
Selfies for matching
When you join an event as a guest, you can take a selfie. The selfie is converted to a numerical face embedding on our servers. The embedding cannot be reversed into a recognisable face image. Embeddings are used solely to find your photos within the events you have joined.
Event activity
We record the events you create, the events you join, and basic membership status (host or guest) to power core features like "Events I own" and "Events I joined".
Device and usage data
Fotonest does not use third-party analytics, advertising, or crash-reporting tools, and we do not build a profile of your activity. Our servers keep standard, short-lived request logs (for example, timestamps and app version) to keep the Service secure and reliable. These logs are never linked to your face embedding or selfie, and are not used for analytics or advertising.
Permissions we request on your device
- Camera — to take selfies and scan event QR codes.
- Photo library — only when you choose photos to upload to an event you host.
- Notifications — to tell you when your matches are ready or your event status changes.
2. How we use information
- Match your selfie to photos within events you have joined.
- Show your owned and joined events on your profile.
- Notify you about event status, matches, and host actions.
- Operate, secure, and maintain the reliability of the Service.
- Comply with legal obligations and enforce our Terms of Service.
We do not sell or rent your personal information. We do not use your face data for advertising. We do not train third-party generative-AI models on your photos.
3. When we share information
We share information only with the following categories of recipients:
- Service providers — Google Cloud (hosting, storage, Firebase Authentication, Firebase App Check), Razorpay (event-creation payments). These providers process data on our behalf under contractual data-protection terms.
- Event hosts — when you join an event, the host can see your name and the photos that match you within that event. Hosts cannot see your selfie or your face embedding.
- Legal compliance — if required by law, regulation, court order, or to protect the safety of users.
- Successor entity — in connection with a merger, acquisition, or sale of assets, with notice to you.
4. Your rights and choices
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Correct — update inaccurate information.
- Delete — delete your account, uploaded photos, and face embeddings.
- Withdraw consent — for example, by signing out and uninstalling the app.
- Object or restrict — object to or restrict certain processing, where applicable under your local law.
You can exercise these rights inside the app (Profile → Privacy → "Export my data" or "Delete my account") or by emailing sourav@fotoneststudio.com. We respond within 30 days. To request account deletion without signing in — including what we delete and what we may keep — see Delete your account.
5. Data retention
- Account data kept until you delete your account.
- Event photos kept until the event's lifecycle expires (set by the host) or you delete the event.
- Face embeddings kept while you remain a member of the event; deleted when you leave or the event expires.
- Server security logs kept for up to 90 days for security and reliability.
6. Security
We encrypt data in transit using TLS, and at rest using Google Cloud's default disk-level encryption. Face embeddings are stored separately from contact details. Access to production systems is restricted to authorised personnel and audited.
No service is perfectly secure. If we become aware of a breach affecting your data, we will notify you and the relevant regulators where required by law.
7. Children's privacy
Fotonest is not intended for children under 13 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
8. International transfers
Fotonest is operated from India, with infrastructure hosted on Google Cloud (United States). If you access the Service from outside these regions, your data may be transferred internationally. Where required, we rely on standard contractual clauses or equivalent safeguards.
9. Changes to this policy
We may update this policy from time to time. We will revise the "Last updated" date at the top of this page and, for material changes, give you notice in-app or by email before the change takes effect.