Privacy Policy
Last updated: April 13, 2026
1. Introduction
Gaze ("we," "our," or "us") operates the Gaze platform at gaze.photo. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our digital photobooth platform, including our website, capture experiences, kiosk mode, live display walls, galleries, and related services (collectively, the "Service").
This policy applies to event organizers who create and manage events through Gaze, and to event guests who interact with capture experiences, view galleries, or receive photos through the Service.
We believe in transparency. This policy is written in plain language so you can understand exactly what data we collect and why. If anything is unclear, please contact us at support@gaze.photo.
2. Information We Collect
We collect information in three ways: information you provide directly, information collected automatically when you use the Service, and information from third-party authentication providers.
2.1 Information You Provide
| Data Type | When Collected | Examples |
|---|---|---|
| Account information | When you sign up or update your profile | Name, email address, company name, profile avatar |
| Authentication credentials | When you create an account or sign in | Email and password, email magic link, or Google account credentials |
| Event details | When you create or configure an event | Event name, description, location, dates, branding settings, gallery passwords, kiosk PIN codes |
| Event content | When photos or videos are captured | Photos, videos, GIFs, boomerangs, and associated metadata (file dimensions, duration, file type) |
| Delivery information | When a guest receives photos | Photos are delivered via QR code, AirDrop, or direct download at the kiosk. No email address or contact information is collected from guests. |
| Payment information | When you subscribe to a paid plan | Subscription plan selection (note: full payment card details are collected and processed directly by Stripe and never touch our servers) |
2.2 Information Collected Automatically
| Data Type | Purpose | Details |
|---|---|---|
| IP address | Security, rate limiting, and abuse prevention | Collected from request headers on API calls (uploads, session creation, gallery access, and other operations) |
| Device information | Service functionality and session management | Device type (desktop, tablet, mobile, kiosk), browser user agent string |
| Device identifier | Session management across page loads | A randomly generated UUID stored in your browser's localStorage (client_device_id) |
| Usage analytics | Event performance insights for organizers | Session counts, capture types, and anonymized usage events — collected only when analytics are enabled for an event. |
| Session replay analytics | Understanding how organizers use the platform | We use Microsoft Clarity on our marketing and organizer dashboard pages for anonymized session replay analytics (click heatmaps, scroll depth tracking, and session recordings). Clarity does not record keystrokes in password or payment fields. Clarity is not loaded on guest-facing pages (galleries, photo downloads, capture experiences, live walls, or kiosk). You can learn more about Clarity's data practices at clarity.microsoft.com/terms. |
2.3 Cookies & Local Storage
We use a minimal set of cookies and browser storage:
| Item | Type | Purpose | Category | Duration |
|---|---|---|---|---|
sb-*-auth-token | Cookie | Authenticates your session with our platform | Essential | ~1 hour (refreshed automatically) |
gallery_* | Cookie | Verifies you entered the correct gallery password | Essential | 1 hour |
client_device_id | localStorage | Identifies your device for session management | Essential | Persistent until cleared |
gaze-offline-queue | IndexedDB | Temporarily stores photos taken offline until they can be uploaded | Essential | Until upload completes |
_clck | Cookie | Microsoft Clarity user identifier (marketing and organizer dashboard pages only) | Analytics | 1 year |
_clsk | Cookie | Microsoft Clarity session identifier (marketing and organizer dashboard pages only) | Analytics | 1 day |
Essential cookies are strictly necessary for the Service to function and do not require consent. Analytics cookies (Microsoft Clarity) are set only on marketing and organizer dashboard pages and are not loaded on guest-facing pages. Where required by applicable law (including the GDPR ePrivacy Directive), we will obtain your consent before setting analytics cookies. You may opt out of analytics cookies at any time through your browser settings or cookie preferences. Microsoft may set additional operational cookies per the Microsoft Privacy Statement.
We do not use advertising or marketing cookies.
2.4 Information We Do NOT Collect
- We do not collect precise geolocation data.
- We do not use facial recognition, facial analysis, or biometric identification on captured photos or videos. Photos and videos are stored and delivered as standard media files only. We do not extract, store, or process biometric identifiers or biometric information as defined under any applicable biometric privacy law.
- We do not knowingly collect personal information from children under 13 years of age. See Section 8 (Children's Privacy) for details.
3. How We Use & Share Your Data
3.1 How We Use Your Data
We process your personal information for the following purposes:
- Providing the Service — storing, processing, and delivering photos to event guests; managing events and galleries; running kiosk and live wall experiences
- Account management — authenticating users, managing profiles and subscriptions
- Billing — processing subscription payments and managing plan entitlements
- Analytics — generating event performance insights for organizers (session counts, capture breakdowns)
- Security — rate limiting, fraud prevention, abuse detection, and protecting the integrity of the platform
- Communication — sending transactional emails (account verification, password resets, photo delivery)
Legal bases for processing (for EU/EEA/UK users under GDPR):
- Contract performance — processing necessary to provide the Service you signed up for
- Legitimate interest — security, fraud prevention, and platform improvement
- Consent — for analytics cookies where required by law
3.2 Third-Party Service Providers
We share data with the following service providers, strictly for the purposes described. We do not sell, rent, or trade your personal information.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting, user authentication, file storage | Account data, event data, media files |
| OAuth sign-in (optional) | Email, name, profile picture (only if you choose to sign in with Google) | |
| Stripe | Payment processing | Email, subscription details (Stripe handles card data directly — we never see or store full card numbers) |
| hCaptcha | Bot prevention during signup | Captcha challenge tokens |
| Resend | Transactional email delivery (magic link authentication, account notifications) | Email address, email content |
| Microsoft | Session replay analytics on marketing and organizer dashboard pages (heatmaps, scroll depth, anonymous session recordings) | Anonymized interaction data, page URLs, device/browser info |
3.3 Sub-Processors
For event organizers acting as data controllers under GDPR: the service providers listed above are our sub-processors. A complete list of sub-processors with entity names, processing locations, and purposes is maintained at gaze.photo/subprocessors. We will notify organizers by email at least 30 days before adding a new sub-processor, and organizers may object to a new sub-processor during that period.
3.4 Other Disclosures
We may also disclose your information:
- To comply with legal obligations — in response to a subpoena, court order, or other lawful government request
- To protect rights and safety — to enforce our Terms of Use, protect our rights, or protect the safety of our users or the public
- In a business transfer — if Gaze is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction; we will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy
4. Your Rights & Controls
4.1 Rights for All Users
Regardless of where you are located, you can:
- Access your personal data by viewing your account profile and event data
- Correct inaccurate information through your account settings
- Delete your account and associated data through account settings or by contacting us
- Export your event media and data using the data export feature in your account settings
4.2 Additional Rights for EU/EEA/UK Users (GDPR)
If you are located in the European Union, European Economic Area, or the United Kingdom, you also have the right to:
- Rectification — request correction of inaccurate personal data
- Erasure ("Right to be Forgotten") — request deletion of your personal data
- Data portability — receive your data in a structured, commonly used, machine-readable format
- Restrict processing — request that we limit how we use your data
- Object to processing — object to processing based on legitimate interest, including the right to object to Microsoft Clarity analytics
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
- Lodge a complaint — file a complaint with your local data protection supervisory authority (for UK users, this is the Information Commissioner's Office at ico.org.uk)
We will respond to GDPR requests within 30 days.
4.3 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, under the California Consumer Privacy Act and California Privacy Rights Act you have the right to:
- Right to Know — request what personal information we have collected, used, and disclosed about you in the past 12 months
- Right to Delete — request deletion of your personal information
- Right to Correct — request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing — we do not sell or share your personal information for cross-context behavioral advertising, so no opt-out is necessary
- Right to Limit Use of Sensitive Personal Information — photos captured through the Service may constitute sensitive personal information; we process this data only as necessary to provide the Service
- Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights
We will respond to CCPA/CPRA requests within 45 days.
4.4 Additional Rights Under Other US State Privacy Laws
If you are a resident of Virginia, Colorado, Connecticut, Oregon, Texas, Montana, or other states with comprehensive privacy laws, you may have similar rights to access, correct, delete, and port your personal data, and to opt out of certain processing activities. We honor the Global Privacy Control (GPC) signal as a valid opt-out request where required by applicable law. To exercise your rights, contact us using the methods described in Section 4.6.
4.5 Rights for Canadian Users (PIPEDA)
If you are located in Canada, under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, you have the right to:
- Access — request access to the personal information we hold about you
- Correction — request correction of inaccurate or incomplete personal information
- Withdrawal of consent — withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions
- Challenge compliance — file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not handled your personal information in accordance with PIPEDA
We collect, use, and disclose your personal information only for the purposes identified in this Privacy Policy and with your knowledge and consent, except where otherwise permitted or required by law. We will respond to PIPEDA access and correction requests within 30 days.
To exercise your rights, contact us using the methods described in Section 4.6.
4.6 How to Exercise Your Rights
To exercise any of the rights above:
- Account holders (organizers): Delete your account or update your information through your account settings, or email support@gaze.photo with the subject line "Privacy Rights Request"
- Event guests: Because event organizers act as data controllers for guest data captured at their events, guests should direct privacy requests (access, deletion, correction) to the event organizer who hosted the event. If the organizer does not respond within 14 days, or you are unable to reach them, you may contact us at support@gaze.photo with the subject line "Guest Privacy Rights Request" and we will make reasonable efforts to assist.
For account holders, we will verify your identity by confirming your account email address. For guest requests routed through us, we will verify your identity by confirming the contact information you provided at the event. For requests made on behalf of another person, we may require authorized agent documentation. We will not charge a fee for processing reasonable requests.
4.7 Event Organizer Responsibilities
If you are an event organizer using Gaze, you are responsible for:
- Informing your event guests that photos are being captured and how they will be used
- Obtaining any necessary consent from guests before capturing their photos, including verifiable parental or guardian consent for children under 13
- Posting visible signage at events where photos may be displayed on live walls or shared publicly
- Configuring appropriate data retention and gallery privacy settings for your events
- Complying with all applicable biometric privacy laws when operating events in jurisdictions with such laws
Gaze acts as a data processor on behalf of event organizers (who act as data controllers) with respect to guest data captured at events. Event organizers who require a Data Processing Agreement (DPA) can access one at gaze.photo/dpa.
5. Security & Updates
5.1 How We Protect Your Data
We implement industry-standard security measures to protect your personal information:
- Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS (HTTPS)
- Secure file storage — media files are stored in private cloud storage buckets and can only be accessed via time-limited signed URLs (1-hour expiry for event media; up to 24 hours for non-sensitive assets such as profile avatars)
- Authentication security — session tokens are cryptographically signed using HMAC-SHA256; passwords and PINs are hashed using PBKDF2-SHA256 with 100,000 iterations
- Rate limiting — API endpoints are protected against abuse with per-IP rate limiting
- Access controls — database tables are protected with row-level security policies; sensitive fields (gallery passwords, kiosk PINs) are stripped before client-side storage
- Kiosk session isolation — kiosk sessions are isolated between guests; each session is cleared upon completion to prevent access by subsequent users
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
5.2 Security Incident Response
In the event of a data breach that compromises your personal information, we will:
- Notify affected event organizers (as data controllers) without undue delay and within 72 hours of becoming aware of the breach, where feasible
- Notify relevant supervisory authorities as required by applicable law (including GDPR and applicable US state breach notification laws)
- Notify affected individuals as required by applicable law
- Provide details of the nature of the breach, the data involved, and the measures taken to address it
5.3 Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Retained until you delete your account |
| Event media | Retained for the duration configured by the event organizer, then permanently deleted |
| Analytics data | Retained for 12 months, then automatically purged |
| Payment records | Retained as required by applicable tax and financial regulations |
| Inactive account data | If an organizer account has no login activity for 12 consecutive months, we will notify the account holder by email. If there is no response within 30 days, the account and all associated event data will be permanently deleted |
| Rate limiting data | Held in server memory only; cleared on each deployment |
| Microsoft Clarity data | Subject to Microsoft's retention policies; see Microsoft Privacy Statement |
5.4 Data After Termination
When you delete your account, your data — including your profile, events, media, and settings — is deleted from active systems immediately. Database backups containing your data are cycled out within 7 days. Payment records processed by Stripe are retained by Stripe in accordance with applicable tax and financial regulations. We recommend exporting your data before deletion using the data export feature in your account settings or by contacting support@gaze.photo.
5.5 International Data Transfers
Your data is processed and stored in the United States via our infrastructure provider (Supabase). If you are accessing the Service from outside the United States, your data will be transferred to the US. For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission. For transfers from the United Kingdom, we rely on the International Data Transfer Addendum (IDTA) to the SCCs as approved by the Information Commissioner's Office. Where applicable, we also rely on the EU-US Data Privacy Framework.
5.6 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last updated" date at the top of this page
- For significant changes, we will notify you by email or through a prominent notice on the Service
Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
5.7 Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
- Email: support@gaze.photo
6. Children's Privacy
The Service is not directed at children under 13 years of age. Gaze does not knowingly collect personal information from children under 13. However, we recognize that events may include minor attendees.
Event organizers are solely responsible for obtaining verifiable parental or guardian consent before capturing photos of children under 13 at their events, in compliance with the Children's Online Privacy Protection Act (COPPA) and any other applicable child privacy laws. Gaze does not collect email addresses, phone numbers, or other contact information from event guests (including children) — photos are delivered via QR code, AirDrop, or direct download only.
If we learn that personal information has been collected from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. Parents or guardians may contact us at support@gaze.photo to request deletion of a child's data.