Skip to content
GaleiraGALEIRA
Log inGet started

Legal & Policies · Galeira

Privacy Policy

Last updated: June 21, 2026

Galeira ("we", "us", "our") is an event photo-sharing platform — weddings, but also funerals, school events, company offsites, conferences, and more. This page describes what we collect, why, and how to exercise your rights. It is written in plain English because legalese is the enemy of consent.

For region-specific addenda (CCPA / CPRA, UK GDPR, LGPD, PIPEDA, Australia Privacy Act, India DPDP, Japan APPI, South Korea PIPA), see /legal/regions.

1. What we collect

From hosts (the couple paying for the event)

  • Email address — for sign-in via magic link and event notifications.
  • Event metadata — title, date, slug, plan tier you selected.
  • Optional cloud-mirror credentials — encrypted tokens or credentials for connected providers such as Google Drive, Dropbox, OneDrive, S3, or WebDAV when you opt in to auto-mirror.
  • Payment information — handled exclusively by Stripe; we never store card numbers.

From guests (anyone uploading via your event QR)

  • Photos, videos, and voice messages uploaded to the event.
  • Optional name entered on the upload page.
  • Technical metadata — IP address, user agent, EXIF data, file size, content type, and upload timestamp. This is used to debug uploads and detect abuse.
  • Face-vector data — opt-in only, host-controlled. When a host enables the optional "Find your photos" / face-grouping feature, we compute mathematical face vectors (embeddings) from uploaded photos using Amazon Rekognition. These vectors group guests across an event so each guest can find their own pictures. They are biometric data under GDPR Article 9 / Illinois BIPA / CCPA "sensitive personal information" and are treated accordingly: stored encrypted, deleted with the event, never shared, never used to train any model, never matched across events or against third-party face databases. Hosts who turn this on must obtain guest consent before the event — we provide a template wording at /legal/consent.

From everyone

  • Necessary cookies and browser preferences such as auth_session, locale, private-gallery unlock, OAuth state, theme, and consent preferences. See our Cookie Policy.
  • Optional analytics and diagnostics only when analytics consent is granted in the cookie banner, plus strictly necessary server-side security and abuse-prevention logs.

2. Why we collect it

  • To provide the service: store and serve photos, send sign-in emails, generate QR codes, run optional cloud-mirror jobs.
  • To moderate uploaded content (AI moderation via Amazon Rekognition on photos and videos).
  • To prevent abuse: rate-limit uploads, detect malicious files, comply with DMCA.
  • To improve the service: aggregate, anonymized usage analytics.

2.1 What we will NEVER do with your content

This commitment is binding:

  • We do not use any photo, video, voice message, comment, or face vector to train any AI model — neither our own models nor any third party's. Amazon Rekognition (used for moderation + the optional face-grouping feature) is contractually configured to discard the source image after the API call returns; we do not include uploads in any training corpus we control.
  • We do not sell, rent, license, or distribute your uploaded content for advertising, data brokerage, or analytics-product purposes.
  • We do not include guest content in Galeira's marketing without explicit, per-photo opt-in consent from both the host and the uploading guest.
  • We do not match face vectors across separate events, against third-party face databases, or for any purpose other than letting a single event's guests find their own photos within that event.

These commitments survive any future changes to this policy: a future revision cannot retroactively re-authorize uses we promised never to do with content uploaded before the revision. If we ever need to expand permitted uses (e.g. a new AI feature), the change applies only prospectively + only with affirmative opt-in.

3. Who we share it with

We use a small set of named processors, each contractually bound by GDPR-compliant data-processing agreements (and equivalent under UK GDPR, LGPD, PIPEDA, etc.):

ProcessorPurposeRegionTransfer mechanism
Hetzner Online GmbHApplication hosting + self-managed Postgres databaseEU (Germany)Within EEA
Cloudflare R2Object storage for uploaded mediaGlobal, EU residency availableSCCs + DPA
ResendTransactional emailEU (eu-west-1)Within EEA
StripePaymentsUS / EU / globalSCCs + DPA (PCI-DSS)
Amazon Web Services (Rekognition)Content moderation + optional face-groupingEU (eu-central-1)Within EEA
TwilioVoice-message phone line (opt-in)USSCCs + DPA
PostHogProduct analytics & session replay (consent-gated)EU (eu-central-1)Within EEA
Sentry (Functional Software, Inc.)Error and performance monitoring (consent-gated)USSCCs + DPA — Sentry is a US-based processor; we minimise PII via configured scrubbing and `denyUrls` filters
Firebase Cloud Messaging (Google LLC)Mobile push notifications (only if you install the app and accept push)USSCCs + DPA
Pusher ChannelsReal-time gallery / dashboard updatesEU (eu)Within EEA
Upstash RedisRate-limiting stateEUWithin EEA
GitHub (Microsoft)Source code, deploy artifacts (no end-user data)USSCCs + DPA
Hetzner Online GmbHApplication server hostingEU (Germany)Within EEA

We never sell your data, run advertising, build user profiles, or share it with third parties for purposes other than delivering the service you signed up for. We do not use your photos, voices, or any other content to train AI models — ours or anyone else's.

We never sell your data, run advertising, build user profiles, or share it with third parties for purposes other than delivering the service you signed up for.

4. Where data is stored

Primary infrastructure runs in EU regions (Hetzner, Germany — application + self-managed Postgres; Resend eu-west-1). Cloudflare R2 is jurisdiction-agnostic with EU residency available on request.

5. How long we keep it

  • Free tier: 30-day upload window, 60-day archive after the event.
  • Wedding tier ($29): 6-month upload window plus 24-month archive.
  • Forever tier ($59): 12-month upload window plus 5-year archival storage, plus an automatic mirror to up to 5 cloud destinations of your own — so your photos outlive our service if we ever shut down.
  • Pro tier ($29/mo per seat): per-event windows mirror the Forever tier (12-month upload, 5-year archive) under a shared workspace.
  • Account data: retained as long as your account is active. Deleted within 30 days of account closure.

6. Support diagnostics

When you contact support from the app or website, we attach technical context to your ticket so we can help faster — without making you describe your setup. We collect:

  • App version and build number, platform, device model, OS version, locale, and theme;
  • The route you were on and the last error message you saw;
  • The event the request relates to (event ID, title, date, plan) and its storage/backup state and readiness, only when you are the host or a cohost of that event;
  • The cloud provider involved (e.g. Google Drive), if any.

We never collect or store your password, OAuth access or refresh tokens, session cookies, magic-link tokens, signed file URLs, or payment card details. Free text and logs you send are scrubbed of anything that looks like a token or secret before storage.

Why: to diagnose and resolve your issue and prioritise time-sensitive, event-day problems. Who can access it: our support and engineering staff only. How long: support tickets and their diagnostics are retained for up to 24 months, then deleted or anonymised; they are removed when your account deletion completes, unless a legal or abuse hold applies. To request deletion of a support ticket, email privacy@galeira.com.

7. Your rights (GDPR, CCPA)

You have the right to:

  • Access — request a copy of all data we hold about you.
  • Rectification — correct anything wrong.
  • Erasure — ask us to delete your account and all associated uploads.
  • Portability — export your event in a structured, machine-readable format.
  • Object — opt out of any non-essential processing.

Email privacy@galeira.com for any of the above. We respond within 30 days.

8. Children

Galeira is intended for adult use. We do not knowingly collect data from anyone under 16. If a guest of an event is a minor and a parent or guardian requests removal of their image, we will action it within 7 days.

9. Security

TLS everywhere, hashed credentials, scoped API tokens, principle-of-least-privilege access, and incident response within 72 hours of detection.

10. Changes

If we make material changes, we'll email registered hosts 30 days before they take effect.

11. Abuse, takedowns, and reporting

To report content that violates our rules or your rights, use /report. Reports go to a moderation queue reviewed daily. Priority categories (CSAM, terrorism, non-consensual intimate imagery) get same-day attention; CSAM is additionally reported to NCMEC (US) and the relevant national authority (e.g. NCMEC's CyberTipline, IWF).

12. Contact

Galeira — privacy@galeira.com. Data Protection Officer inquiries: same address, subject line "DPO". EU/UK GDPR Article 27 representative: see EU representative.

This policy was drafted in good faith and reviewed against GDPR / CCPA / CPRA / LGPD / UK GDPR / PIPEDA / Australia Privacy Act / DPDP / APPI / PIPA requirements as of the date above. If you find a gap, email privacy@galeira.com and we will fix it.

Privacy Policy · Galeira