Privacy Policy

Account Information

When you create an account, we collect:

• Email address (for login and communications)
• Password (encrypted and never stored in plain text)
• Account creation date and last login time

Event Information

When you create a wedding event, we collect:

• Event name (e.g., "Sarah & John's Wedding")
• Event date and location
• Custom guest access PIN (if you enable guest uploads)

Photos & Media

When you or your guests upload photos:

• Photo files (JPEG, PNG, HEIC, etc.)
• Video files (MP4, MOV, etc.)
• Upload timestamp and file metadata (size, type)
• IP address of uploader (for security and abuse prevention)

Payment Information

When you subscribe to a paid plan:

• Billing name and email
• Payment information is processed by Stripe (we never see your full card details)
• Subscription status and billing history

Usage Data

To improve our service, we collect:

• Device information (browser type, operating system)
• IP address and general location (country/region)
• Pages visited and features used
• Performance and error logs

Photo Storage

Your wedding photos are stored in Cloudflare R2, a secure cloud storage service:

• Private Bucket: Photos are NOT publicly accessible. Direct URLs will not work.
• Encryption at Rest: All files are encrypted using AES-256 encryption on disk
• Encryption in Transit: All data transfers use HTTPS/TLS encryption
• Temporary Access Links: Photos are accessed via signed URLs that expire after 24 hours
• Complete Isolation: Your photos are stored in event-specific folders. Other customers cannot access your media.

Database Security

Account and event information is stored in a secure PostgreSQL database:

• Passwords are hashed using industry-standard bcrypt algorithm
• Database access is restricted to authenticated application servers only
• All queries use parameterized statements to prevent SQL injection
• Multi-tenant isolation ensures customers cannot access each other's data

Infrastructure

KnotShots is hosted on:

• Vercel: Application hosting with automatic HTTPS and DDoS protection
• Cloudflare R2: Photo storage with global edge network
• Vercel Postgres: Secure, managed database with automated backups

Administrative Access

As the service provider, KnotShots administrators have technical access to the storage infrastructure for operational purposes. This is standard practice for all cloud storage services (Google Photos, Dropbox, iCloud, etc.).

Our Policy: We only access customer photos when:

• Responding to a specific customer support request
• Investigating reported abuse or Terms of Service violations
• Troubleshooting technical issues affecting your account
• Required by law (e.g., valid legal subpoena)

All administrative access is logged and audited for security purposes.

Guest Access Controls

You control who can upload and view photos:

• Share your unique guest PIN privately (don't post publicly)
• Guests can only access events for which they have the PIN
• You can change your PIN anytime to revoke access
• Access links expire after 24 hours for security

Stripe (Payment Processing)

All payment information is processed directly by Stripe. We never see or store your full credit card details.

• Purpose: Process subscriptions, billing, and refunds
• Data shared: Email, billing name, subscription plan
• Privacy Policy: stripe.com/privacy

Resend (Email Delivery)

Transactional emails (welcome, receipts, notifications) are sent via Resend.

• Purpose: Deliver account and subscription emails
• Data shared: Email address, name, email content
• Privacy Policy: resend.com/legal/privacy-policy

Cloudflare R2 (Photo Storage)

Photos and videos are stored in Cloudflare's secure object storage.

• Purpose: Store and serve your wedding photos securely
• Data shared: Photo files, metadata
• Privacy Policy: cloudflare.com/privacypolicy

Vercel (Hosting & Infrastructure)

Application hosting, database, and infrastructure management.

• Purpose: Host the KnotShots application and database
• Data shared: Account data, usage logs, application data
• Privacy Policy: vercel.com/legal/privacy-policy

Access Your Data

View all your account information, events, and photos anytime via your dashboard.

Download Your Photos

Download individual photos or entire events. You own your photos—we're just storing them for you.

Delete Your Data

You can delete:

• Individual Photos: Delete specific photos from your gallery anytime
• Entire Events: Delete an event and all associated photos permanently
• Your Account: Request account deletion via email to hello@knotshots.qzz.io

⚠️ Deletion is permanent and cannot be undone. Please download your photos before deleting.

Export Your Data

Request a copy of all your data in machine-readable format by emailing hello@knotshots.qzz.io

Opt-Out of Emails

You can unsubscribe from marketing emails (we don't send many), but we'll still send:

• Important service updates and security notifications
• Subscription receipts and billing notices
• Responses to your support requests

Update Your Information

Change your email, password, or event details anytime via your dashboard.

Active Accounts

We retain your data as long as your account is active and you maintain your subscription.

Canceled Subscriptions

If you cancel your paid subscription:

• Your account is marked as cancelled - access blocked immediately
• Photos are retained for 30 days, then permanently deleted
• You should download your photos before cancellation or contact support within 30 days

Deleted Accounts

When you request account deletion:

• Photos: Permanently deleted within 30 days
• Account Data: Removed from active systems within 30 days
• Backups: Purged from backups within 90 days
• Billing Records: Retained for 7 years for tax and legal compliance

Inactive Accounts

Accounts inactive for 2+ years may be deleted after email notification. We'll give you 90 days notice to download your photos before deletion.