Privacy Policy

Who we are

Momento is operated by Jyoti Traders. The Service is available at https://momento.camera. For privacy, legal, or support requests contact cameramomento@gmail.com.

Momento is a digital product made with love by Jyoti Traders.

Roles: When you host an event, you decide who is invited and what is collected — you are typically the data controller for guest photos in your event. Momento processes that data on your behalf as a processor to provide the Service. For your host account, Momento is the controller.

Overview

This policy covers https://momento.camera, the Momento web app, and the Momento mobile app (together, “Momento,” “we,” or the “Service”). We collect only what we need to run the Service. We do not sell your personal information or use it for advertising.

What we collect

• Hosts: Email address and name (Supabase Auth). Google account info if you choose Google sign-in.
• Guests: A nickname you choose when joining. A guest token stored on your device so you can upload and manage your photos. No email or account required.
• Photos you upload: Images guests and hosts upload to an event.
• Generated recaps: AI recap videos created for your event (not guest-uploaded video files).
• Event metadata: Event name, type, dates, reveal settings, and host configuration.
• Payments: Purchase records processed by Razorpay. We do not store card numbers.
• Device info: IP address for rate limiting and abuse prevention only. We do not use analytics cookies or ad tracking.
• Face grouping (optional): On supported browsers, face grouping runs on your device only — face data is not sent to our servers.

Legal bases (EEA/UK)

• Contract: Providing the Service you request (host account, event, uploads, recap).
• Legitimate interests: Security, fraud prevention, abuse detection, and improving reliability — balanced against your rights.
• Consent: Where required (e.g. optional features). You may withdraw consent by stopping use or deleting data.
• Legal obligation: Tax, accounting, and lawful requests.

We do not use automated decision-making that produces legal or similarly significant effects.

How we use data

• To provide the Service: event creation, photo uploads, gallery, recap generation, awards, and sharing.
• To authenticate hosts and manage event ownership.
• To process payments and prevent fraud.
• To enforce rate limits and protect the Service from abuse.
• We do not sell your data. We do not serve ads. We do not share your information with third parties for marketing.

Photo access & storage security

• Photos belong to the person who took them. Uploading grants Momento a license to store, display, and include photos in the event gallery and AI recap.
• Event hosts can view, moderate, and delete photos in their events. Guests can delete their own uploads with their guest token.
• Photos are stored on Supabase Storage (AWS infrastructure), encrypted in transit (HTTPS/TLS) and at rest.
• Gallery APIs return time-limited signed URLs — direct storage links expire and are not indexed publicly.
• Events are private by default, not listed in search engines, and only accessible via QR code, share link, or event code.

Third-party processors

• Supabase — database, authentication, file storage
• Vercel — web hosting and APIs
• Razorpay — payment processing (paid plans)
• Google — optional OAuth sign-in only

These providers process data on our behalf under their own terms and security standards.

Data retention

• Event data is kept while the event exists. Hosts can delete an event at any time, which permanently removes photos, guests, recaps, and related records.
• Deleted accounts: personal data removed within 30 days of confirmed deletion (hosted events are deleted immediately).
• Purchase records may be kept up to 7 years for tax and legal compliance.
• Photos you uploaded to someone else's event may remain in that event; your attribution can be anonymized on account deletion.

Your choices & rights

• Delete photos: Guests delete their own uploads from the gallery (guest token required).
• Delete events: Hosts delete entire events from host settings.
• Delete account: Hosts use Dashboard → Delete account, or mobile Settings → Delete Account. Type DELETE to confirm.
• Access / export / correction: Download JSON from Dashboard → Download your data, or email cameramomento@gmail.com — we aim to respond within 48 hours.

Regional rights

• India (DPDP Act): Access, correction, and erasure. Grievance officer: Jyoti Traders (India). Email cameramomento@gmail.com — we respond to privacy grievances within 30 days.
• California (CCPA/CPRA): Right to know, delete, and correct. We do not sell or share personal information for cross-context behavioral advertising. Submit requests to cameramomento@gmail.com.
• EEA/UK (GDPR): Access, rectification, erasure, restriction, portability, and objection where applicable. Lodge a complaint with your supervisory authority. EU/UK representative: contact cameramomento@gmail.com (we will appoint a representative if required by volume).
• Brazil (LGPD): Confirmation, access, correction, anonymization, portability, and deletion — cameramomento@gmail.com.
• Canada (PIPEDA): Access and correction — cameramomento@gmail.com.
• Australia: Access and correction under the Privacy Act — cameramomento@gmail.com.

Grievance redressal (India)

Grievance officer: Jyoti Traders (India). Email cameramomento@gmail.com — we respond to privacy grievances within 30 days.

For access, correction, or deletion requests that are not resolved through the app, email cameramomento@gmail.com with your event link or account email.

Photos of other people

Uploading a photo that includes other people may affect their privacy. Guests and hosts must have a lawful basis to share those images (e.g. consent at a private event, or public-interest context). If you appear in a photo without consent, contact cameramomento@gmail.com or ask the event host to remove it. See our Copyright & Takedown policy.

Children

Momento is not directed at children under 13 (or under 16 in the EEA/UK without parental consent). We do not knowingly collect personal information from children below these ages. Contact cameramomento@gmail.com if you believe a child has provided data. Event hosts must not invite minors to upload without appropriate parental permission where required by law.

Security & breaches

We use encryption in transit, role-based access, rate limiting, and image validation. No method is 100% secure. If a breach affects your personal data, we will notify you and regulators when legally required.

International transfers

Data may be processed in India, the United States, and other countries where our processors operate. We use appropriate safeguards where required by law.

Changes

We will update this page when the policy changes. Continued use after changes take effect means you accept the updated policy.

Contact

Privacy questions, access, or deletion requests: cameramomento@gmail.com