Privacy Policy

Last Updated: 16 June 2025

1. Introduction

Welcome to Snapshare! Snapshare is a subsidiary of Znorm Pvt Ltd, and your trust is important to us.

At Snapshare.ai, a subsidiary of Znorm Pvt Ltd which is incorporated in Bengaluru, India, we are committed to safeguarding the privacy of our visitors, customers, and users. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data in connection with our AI-driven event photo- sharing platform. Our services leverage facial recognition technology to enable event attendees to locate and access their photos efficiently. This Policy is crafted to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Policy applies to:

• Users: Individuals or entities who register an account on our platform to upload event photos and manage events.
• Guest Users: Event attendees who access their photos via facial recognition without creating an account.
• Website Visitors: Individuals browsing our website (https://snapshare.ai/).

This Policy does not govern personal data processed by third parties independently of our services. For details on third-party involvement, refer to the “Third Parties” section below.

2. Definitions

For clarity within this Policy:

• User: An individual or organization that creates an account on Snapshare.ai to upload photos and facilitate event photo-sharing.
• Guest User: An event attendee who uses our facial recognition feature to retrieve photos via an event link created by a User, without registering an account.
• Personal Data: Any information relating to an identified or identifiable natural person, including biometric data such as facial recognition templates.

3. Information We Collect

We collect the following categories of personal data:

• Photos: Images uploaded by Users containing identifiable individuals attending events.
• Biometric Data: Facial recognition templates derived from uploaded photos (for Users) and face scans provided by Guest Users to access their photos.
• Account Information: Details provided by Users during registration, including name, email address, and phone number.
• Usage Data: Technical information such as device identifiers, IP addresses, and platform interaction logs collected during your use of our services.

4. Purpose of Collecting Information.

We process your personal data to:

• Deliver our photo-sharing service by identifying individuals in event photos using facial recognition technology.
• Facilitate User account creation, authentication, and event management
• Enable Guest Users to access their event photos through event links
• Enhance our platform, including the improvement of AI algorithms, using anonymized and aggregated data.
• Communicate with Users and Guest Users regarding account updates, event details, or service-related matters.
• Analyze usage trends and monitor platform performance for service optimization.
• Comply with legal obligations and prevent fraudulent activities.

5. Legal Basis for Processing

We process personal data in accordance with GDPR on the following legal grounds:

• Explicit Consent: Processing of biometric data (e.g., facial recognition templates and face scans) is based on your explicit consent.
• Contractual Necessity: Processing of Users’ account information and uploaded photos is necessary to fulfill our contractual obligations in providing the service.
• Legitimate Interests: Processing of usage data supports our legitimate interests in improving platform functionality, ensuring security, and conducting analytics.

6. Storing Personal Data

Your personal data is stored on secure cloud servers managed by reputable providers. Biometric data is encrypted and access is restricted to authorized personnel only. We ensure that storage practices align with industry standards and legal requirements.

7. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy:

• Photos and Biometric Data: Retained for 30 days following the conclusion of an event, unless a User requests an extension or legal requirements mandate otherwise.
• Account Information: Retained for the duration of an active User account and for a reasonable period thereafter to comply with legal obligations.
• Usage Data: Retained for up to 6 (If needed) months to support analytics and service enhancements.

Upon expiration of the retention period or upon your request, personal data is securely deleted or anonymized in accordance with our data management protocols.

8. Third Parties

We may disclose personal data to the following categories of third parties to deliver our services:

• Cloud Service Providers: For secure data storage and processing.
• AI Technology Partners: To support and refine our facial recognition capabilities.
• Analytics Providers: To evaluate platform usage and performance.

All third-party partners are subject to stringent data protection agreements ensuring GDPR compliance. We do not disclose personal data to third parties for independent processing unless required by law.

9. Security of Personal Data

We employ robust technical and organizational measures to protect your personal data, including:

• Encryption of data during transmission and storage.
• Access controls limiting data access to authorized personnel
• Regular security assessments to identify and mitigate risks.

10. Data Protection Rights

Under GDPR, you are entitled to the following rights concerning your personal data:

• Right to Access: Request copies of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request the deletion of your data.
• Right to Restriction: Limit the processing of your data under certain conditions.
• Right to Object: Oppose processing based on legitimate interests.
• Right to Data Portability: Obtain your data in a structured, machine- readable format.
• Right to Withdraw Consent: Revoke consent for biometric data processing at any time.

To exercise these rights, please contact us at nahas@snapshare.ai. We will respond within one month. You may also lodge a complaint with an EU supervisory authority if you believe your rights have been infringed.

11. Children's Information

Our services may involve processing personal data of children attending events (e.g., family gatherings). We do not knowingly process data of individuals under 16 years of age without verifiable parental consent. Parents or guardians may review, manage, or request the deletion of their child’s data by contacting us at nahas@snapshare.ai .

12. International Data Transfers

As a company based in India, Snapshare.ai may transfer personal data outside the European Economic Area (EEA). We ensure such transfers comply with GDPR through:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Other lawful safeguards as required.

These measures guarantee that your personal data remains protected irrespective of its location.

13. Acknowledgement and Consent

By engaging with Snapshare.ai, you or your legal representative:

• Acknowledge that you have read and understood this Privacy Policy.
• Confirm that, if under 16 years of age, parental consent has been obtained.
• Consent to the processing of your personal data, including biometric data, for the purpose of accessing event photos.
• Understand that consent is voluntary and may be withdrawn at any time by contacting nahas@snapshare.ai, though this may affect your ability to use certain features.

For inquiries or to withdraw consent, please reach out to us at the email address provided above.

14. Changes to This Policy

We may revise this Privacy Policy periodically to reflect updates in our practices or legal obligations. Significant changes will be communicated via our website (https://snapshare.ai/) and, where appropriate, by direct notification to Users.

15. Contact Information

For questions, concerns, or to exercise your data protection rights, please contact: