ShutterDrop.app (“ShutterDrop”, “we”, “us”, or “our”) is committed to protecting your personal information and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, store, and disclose personal information when you use our platform at shutterdrop.app.
1. What Information We Collect
We collect the following categories of personal information:
From Photographers (account holders)
- Name and email address — collected at registration to identify your account.
- Payment information — processed by Stripe; we do not store card details on our servers.
- Event photos — images you upload for face matching.
- Usage data — such as number of events created, uploads, and log-in activity, used to operate and improve the Service.
From Event Guests
- Full name — provided by the guest at event registration.
- Email address — used to deliver matched photos and registration confirmation.
- Selfie image (facial biometric data) — a photo taken by the guest at registration, used solely to identify which event photos the guest appears in.
2. How We Use Your Information
- To provide, operate, and maintain the Service, including AI facial recognition matching.
- To send guests a confirmation email upon registration and to notify them when their matched photos are ready.
- To process subscription payments and manage billing.
- To communicate with photographers about their account, including support and product updates.
- To detect and prevent fraud, abuse, and security incidents.
- To comply with our legal obligations under Australian law.
We do not use your personal information for advertising, profiling, or any purpose other than those stated above.
3. Facial Recognition
Guest selfies and event photos are processed using AWS Rekognition, Amazon’s AI facial analysis service. When a guest registers:
- Their selfie is uploaded to our secure storage.
- AWS Rekognition generates a mathematical facial feature vector (embedding) from the selfie and each event photo.
- These embeddings are compared to identify photos where the guest appears.
- Matched photos are linked to the guest’s record and delivered to their email.
Facial biometric data is used only for photo matching. We do not use it for identification in any other context.
4. Storage & Security
Your data is stored on the following infrastructure:
- Supabase — account data, guest records, and match data stored in a PostgreSQL database hosted in the AWS Sydney (ap-southeast-2) region.
- Supabase Storage / AWS S3 — selfie images and event photos stored in object storage in the AWS Sydney region.
- AWS Rekognition — facial feature vectors (embeddings) processed and stored in the AWS Sydney region.
We implement industry-standard security measures including TLS encryption in transit, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.
5. Data Retention
- Guest selfies are automatically deleted 30 days after the event registration. Associated facial embeddings in AWS Rekognition are deleted at the same time.
- Event photos are retained for as long as the photographer’s account is active and the event has not been deleted.
- Guest name and email are retained until the photographer deletes the event or their account.
- Account data for photographers is retained until account deletion. You may request deletion at any time by contacting us.
6. Third-Party Service Providers
We share personal information with the following third-party providers only to the extent necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|
| AWS Rekognition | AI facial recognition matching | Selfie images, event photos |
| Supabase | Database and file storage | All platform data |
| Resend | Transactional email delivery | Guest name, email address |
| Stripe | Payment processing | Billing info, email address |
All providers are required to handle personal information in accordance with applicable privacy laws. We do not sell personal information to any third party.
7. Your Privacy Rights
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you.
- Correct personal information that is inaccurate, incomplete, or out of date.
- Delete your personal information, subject to our legal obligations and legitimate operational needs.
- Withdraw consent for the processing of your facial biometric data. Note that withdrawing consent means we cannot provide the photo matching service.
- Complain to us about a privacy breach. If unsatisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC).
To exercise any of these rights, contact us at privacy@shutterdrop.app. We will respond within 30 days.
8. Children’s Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at privacy@shutterdrop.app and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered photographers of material changes by email and update the “Last updated” date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
10. Contact Us
For privacy-related questions, access requests, or complaints, please contact our Privacy Officer:
ShutterDrop Privacy Officer
Email: privacy@shutterdrop.app
Website: shutterdrop.app
Location: Melbourne, Victoria, Australia