This policy is a best-practices draft. Legal counsel review is pending before production launch.

Wording below reflects how the Fotiqo platform actually processes data today; final contractual language is subject to review by qualified counsel.

Privacy Policy

Last updated: 2026-04-20

Lodging a complaint

Users in Italy (and residents of Italy more broadly) may lodge a complaint with the Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma — www.garanteprivacy.it. Residents of other EEA countries may file with their own national supervisory authority. Full details and our SLA are in the GDPR Rights page.

1. Data Fotiqo collects

Account data — name, email, phone, billing address, and role (Venue vs. Photographer).
Customer contact — end-guest WhatsApp, email, and room number where provided by a Venue.
Content — photos, videos, and metadata uploaded to the platform.
Usage data — page views, clicks, device type, IP (truncated where feasible).
Payment data — processed by Stripe; Fotiqo never stores full card numbers.

2. How Fotiqo uses data

To deliver the Service (gallery hosting, widgets, messaging).
To send transactional messages (gallery delivery, booking confirmations, review requests) via WhatsApp and email.
To process payments and issue receipts.
To analyse product performance in aggregate and improve the Service.
To meet legal, tax, and compliance obligations (including the audit trail described in COMPLIANCE.md §6).

3. Data sharing

Fotiqo engages the following sub-processors to run the Service. A comprehensive list is maintained in the Data Processing Agreement.

Stripe, Inc. — payments and Stripe Connect split payouts.
Cloudinary Ltd. — image transformation, watermarking, and serverless archive generation.
Cloudflare, Inc. (R2) — encrypted object storage for photos, videos, and archives.
Resend — transactional email delivery.
Meta Platforms (WhatsApp Cloud API) — customer messaging.

4. Your GDPR rights

If you are in the EEA, UK, or Switzerland (and in equivalent regimes elsewhere) you have the right to:

Access the personal data we hold about you (Art. 15).
Rectify inaccurate data (Art. 16).
Erasure of your data subject to retention obligations (Art. 17).
Data portability in a machine-readable format (Art. 20).
Object to processing based on legitimate interests (Art. 21).
Lodge a complaint with your supervisory authority.

Submit requests to privacy@fotiqo.com. We respond within 30 days.

5. Cookies

Fotiqo uses cookies for strictly necessary functions (authentication, session state) and, with your consent, for analytics and marketing. Manage your preferences via the cookie banner or the cookie preferences control in the site footer. The full list of cookies, durations, and providers is at Cookie Policy.

6. Face recognition data

Face-recognition vectors used for selfie matching are treated as special-category biometric data under GDPR Art. 9. Fotiqo uses two retention modes depending on how the feature is activated — we describe both honestly here rather than claiming a single “ephemeral” behaviour that wouldn't be accurate for Digital Pass holders.

One-time identification (non-pass customers). When a customer takes a selfie at the kiosk to find their gallery, we compute a face vector in memory, match it against the photos in the relevant gallery, and delete the vector within seconds of the match returning. Nothing is persisted to disk tied to the customer.
Digital Pass holders. Guests who have bought a Digital Pass opt-in to automatic photo delivery: we enrol a face vector at pass activation so the speed-camera system can recognise them on the ride / at the water park and push their photos to their phone in real time. The vector is stored on the Customer.faceVector record for the duration of the pass (typically 7–14 days, never longer than 90 days even for the longest package). On pass expiration the vector is purged within 24 hours by our daily retention job.
Immediate deletion on request. You can request deletion of your face vector (and all other personal data) at any time — see GDPR Rights (Art. 17) for the process. We action erasure requests within 30 days and the face vector specifically is purged within 24 hours of confirmation.

The schema field in question is Customer.faceVector Bytes?; the retention job lives in src/app/api/cron/gdpr-retention/; the erasure endpoint is /api/gdpr/delete. See COMPLIANCE.md §2.1 for the engineering guarantees and test coverage.

7. Data retention

Retention schedules for each data type (customer contact, galleries, review requests, face vectors, etc.) are enumerated in COMPLIANCE.md §2.2 and in our Data Processing Agreement. As a summary: operational data is retained for the duration of the relationship plus statutory periods (6–10 years for tax and compliance records).

8. International transfers

Where personal data is transferred outside the EEA, Fotiqo relies on the European Commission’s Standard Contractual Clauses (Module 2 or Module 3, 2021/914) with sub-processors, supplemented by technical measures (encryption in transit and at rest) and organisational measures.

9. Security

Fotiqo maintains administrative, technical, and physical safeguards appropriate to the sensitivity of the data processed (GDPR Art. 32), including encryption, access controls, logging, and incident response. Detailed security measures are available under NDA to enterprise customers.

10. Children

Fotiqo is not directed at users under 16 and does not knowingly collect personal data from anyone under that age. Photos of minors may appear in Venue galleries under the supervision and consent of a parent or legal guardian; such consent is the responsibility of the Venue and/or parent, not Fotiqo.

11. Contact / Data Protection Officer

Privacy questions: privacy@fotiqo.com.

Data Protection Officer: dpo@fotiqo.com.
Postal address: to be added pending counsel review (registered office + street address).

For the full list of data subject rights and how to exercise each, see the GDPR Rights page.