Privacy Policy

Welcome to snapshare! snapshare is a subsidiary of Znorm Pvt Ltd, incorporated in Bengaluru, India, and your trust is important to us.

At snapshare.ai, we are committed to safeguarding the privacy of our visitors, customers, and users. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data in connection with our AI-driven event photo-sharing platform.

Our services leverage facial recognition technology to enable event attendees to locate and access their photos efficiently. This Policy is crafted to comply with the General Data Protection Regulation (GDPR), the Digital Personal Data Protection Act (DPDPA), and other applicable data protection laws.

For clarity within this Policy:

• User: An individual or organization that creates an account on snapshare.ai to upload photos and facilitate event photo-sharing.
• Guest User: An event attendee who uses our facial recognition feature to retrieve photos via an event link created by a User, without registering an account.
• Personal Data: Any information relating to an identified or identifiable natural person, including biometric data such as facial recognition templates.

We collect the following categories of personal data:

• Photos: Images uploaded by Users containing identifiable individuals attending events.
• Biometric Data: Facial recognition templates derived from uploaded photos (for Users) and face scans provided by Guest Users to access their photos.
• Account Information: Details provided by Users during registration, including name, email address, and phone number.
• Usage Data: Technical information such as device identifiers, IP addresses, and platform interaction logs collected during your use of our services.

We process your personal data to:

• Deliver our photo-sharing service by identifying individuals in event photos using facial recognition technology.
• Facilitate User account creation, authentication, and event management.
• Enable Guest Users to access their event photos through event links.
• Enhance our platform, including the improvement of AI algorithms, using anonymized and aggregated data.
• Communicate with Users and Guest Users regarding account updates, event details, or service-related matters.
• Analyze usage trends and monitor platform performance for service optimization.
• Comply with legal obligations, including those under GDPR and DPDPA, and prevent fraudulent activities.

snapshare.ai provides Partner’s event galleries allowing organizers to deliver photo experiences under their own branding and domain.

In Partner’s use, snapshare.ai processes personal data—including photos and optional biometric/face-matching data—solely to provide the service.

The Organizer is the primary data controller for all visitor and end-user data.

snapshare.ai acts as a data processor and follows the Organizer’s instructions.

Our systems support compliance with applicable laws such as the EU/UK GDPR and India’s DPDPA.

The Organizer remains responsible for required notices, consents, and compliant configuration of the service.

Further details are available in the “Organizer / Partner’s Privacy & Data Protection Notice”

We process personal data in accordance with GDPR and DPDPA on the following legal grounds:

• Explicit Consent: Processing of biometric data (e.g., facial recognition templates and face scans) is based on your explicit consent.
• Contractual Necessity: Processing of User’s account information and uploaded photos is necessary to fulfill our contractual obligations in providing the service.
• Legitimate Interests: Processing of usage data supports our legitimate interests in improving platform functionality, ensuring security and conducting analytics.

Your personal data is stored on secure cloud servers managed by reputable providers. Biometric data is encrypted and access is restricted to authorized personnel only. We ensure that storage practices align with industry standards and the requirements of GDPR and DPDPA.

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy:

• Photos and Biometric Data: Retained for 30 days following the conclusion of an event, unless a User requests an extension or legal requirements mandate otherwise.
• Account Information: Retained for the duration of an active User account and for a reasonable period thereafter to comply with legal obligations.
• Usage Data: Retained for up to 6 months (if needed) to support analytics and service enhancements.

Upon expiration of the retention period or upon your request, personal data is securely deleted or anonymized in accordance with our data management protocols and applicable legal requirements.

We may disclose personal data to the following categories of third parties to deliver our services:

• Cloud Service Providers: For secure data storage and processing.
• AI Technology Partners: To support and refine our facial recognition capabilities.
• Analytics Providers: To evaluate platform usage and performance.

All third-party partners are subject to stringent data protection agreements ensuring compliance with GDPR and DPDPA. We do not disclose personal data to third parties for independent processing unless required by law.

We employ robust technical and organizational measures to protect your personal data, including:

• Encryption of data during transmission and storage.
• Access controls limiting data access to authorized personnel.
• Regular security assessments to identify and mitigate risks.

Our security practices comply with GDPR and DPDPA requirements.

Under GDPR and DPDPA, you have the following rights concerning your personal data:

• Right to Access: Request copies of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data.
• Right to Restriction: Limit processing of your data under certain conditions.
• Right to Object: Oppose processing based on legitimate interests.
• Right to Data Portability: Obtain your data in a structured, machine-readable format.
• Right to Withdraw Consent: Revoke consent for biometric data processing at any time.

To exercise these rights, please contact us at nahas@snapshare.ai. We will respond within one month. You may also lodge a complaint with an EU or Indian supervisory authority if you believe your rights have been infringed.

Our services may involve processing personal data of children attending events (e.g., family gatherings). We do not knowingly process data of individuals under 16 years of age without verifiable parental consent, as required under GDPR and DPDPA. Parents or guardians may review, manage, or request deletion of their child’s data by contacting us at nahas@snapshare.ai.

As a company based in India, snapshare.ai may transfer personal data outside the European Economic Area (EEA). We ensure such transfers comply with GDPR and DPDPA through:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Other lawful safeguards as required.

These measures guarantee your personal data remains protected irrespective of location.

By engaging with snapshare.ai, you or your legal representative:

• Acknowledge you have read and understood this Privacy Policy.
• Confirm that, if under 16 years of age, parental consent has been obtained as per GDPR and DPDPA.
• Consent to the processing of your personal data, including biometric data, for accessing event photos.
• Understand that consent is voluntary and may be withdrawn at any time by contacting nahas@snapshare.ai, which may affect your ability to use certain features.

For inquiries or to withdraw consent, please reach out to us via the email above.

We may revise this Privacy Policy periodically to reflect updates in our practices or legal obligations, including those arising from GDPR and DPDPA. Significant changes will be communicated via our website (https://snapshare.ai/) and, where appropriate, by direct notification to Users.

For questions, concerns, or to exercise your data protection rights, please contact: