Privacy Policy

Last updated: May 27, 2026 · Effective: May 27, 2026

Festoso, LLC, a Florida limited liability company ("Festoso", "we", "us", "our"), provides a shared event camera app and slideshow service at festoso.app and through the iOS and Android apps. This policy explains what personal information we collect, how we use it, and the choices you have.

1. Information we collect

Information you provide

Email address when you create a venue account or contact support.
Event name and password when you create or join an event (passwords are stored hashed; we cannot recover them).
Display name (optional) you choose when joining an event.
Email address (optional) you choose to share when joining an event. See Optional email at join below for how it is used and your control over organizer contact.
Photos and videos you capture, upload, or edit through the app for use in event feeds. If you opt into the auto-add feature, Festoso also reads new photos you take with your phone's camera during an event so it can offer to add them to the feed. Auto-add is off by default, requires an explicit in-app opt-in plus the operating system's Photo Library prompt, and never uploads anything without you tapping Add in the confirmation sheet. Festoso never modifies or deletes anything in your library.
Payment information processed entirely by Stripe; we do not store full card numbers. We retain Stripe-issued IDs (customer ID, charge ID) for billing reconciliation.

Information collected automatically

Anonymous device identifier (a UUID generated per install) used to attribute uploads, throttle abuse, and link your guest session to the right event.
EXIF metadata embedded in photos you upload — including GPS coordinates if your camera recorded them. Used to show the location chip on each photo and to organize bulk-download ZIPs by day. You can strip GPS at capture time in your phone's camera settings.
Basic usage data — pages viewed, errors encountered, build/version of the app. Used to fix bugs and prioritize features. No advertising identifiers are collected.

Information we do not collect

Contacts, calendar, microphone (unless you opt into video recording), or browsing history.
Advertising identifiers (IDFA, AAID).
Precise location outside of EXIF data already embedded in your photos.
Biometric data. Face recognition is a future feature (v1.1+); when it ships, it will require explicit per-event opt-in consent, and a separate "delete my face data" path will be available. Festoso does not currently process biometric data.

Optional email at join

When you join an event, you may choose to share your email address with the event host. You also choose whether to allow that host to email you about that event. If you don't opt in, your email is stored only for re-joining the event you provided it for (so you can return without re-entering); the host cannot use it for outreach. If you opt in, the host may send you up to a few event-related emails (e.g., links to the photos, event recap). You can unsubscribe at any time via the link in any of those emails. Festoso does not share, sell, or use your email for marketing or for any purpose other than letting that specific host contact you about that specific event.

2. How we use information

Run your event. Show photos to the right people, route uploads to the right S3 bucket, and broadcast new media to other guests on the event.
Bill paid features. Run Stripe Checkout, charge add-ons, and reconcile refunds and chargebacks.
Send transactional email. Organizer event links, retention reminders, and password-reset flows. We do not send marketing email without a separate opt-in.
Improve the product. Aggregate usage stats inform bug fixes and feature priorities. No personally-identifiable usage stats are shared with third parties.
Enforce abuse limits. Detect spam, denial-of-service, and content that violates our Terms.

3. Where data lives

Festoso is hosted on Amazon Web Services in the United States (region us-west-2). Photos and videos are stored in S3 with server-side encryption (SSE-S3 / AES-256), and all network traffic uses TLS 1.2+.

Photo and video files live in a per-venue S3 bucket scoped to your venue.
Event metadata and account records live in DynamoDB, encrypted at rest with AWS-owned keys.
Billing records are stored in Stripe under their own terms; see stripe.com/privacy.

4. Retention

How long we keep your event content depends on your tier:

Free tier: photos and videos are deleted 7 days after the event ends.
Event ($34) and Event Plus ($59) tiers: 90 days after the event ends.
Pro tier ($69/month): 90 days after each event ends.
Retention Extension add-on: adds 90 days to any paid event for $10.

After the retention window, photos and videos are permanently deleted from S3. Account records (email, venue, billing references) are retained as long as your account is active and for up to 7 years after deletion for tax and accounting purposes (or longer where required by law).

You can request earlier deletion at any time by emailing support@festoso.app.

5. Sharing and third parties

We share data only with:

AWS — our hosting and infrastructure provider. Operates under AWS's Data Processing Addendum; data does not leave the US region without explicit configuration changes.
Stripe — payment processing. Handles card numbers and tax compliance.
AWS Rekognition — when you opt into the AI Moderation add-on, photos are analyzed for nudity, violence, and weapons. Photos are not retained by Rekognition.
Apple App Store and Google Play — for app distribution and (where applicable) in-app purchases.
SES (AWS email) — to send organizer event links and retention reminders.
Plausible Analytics — for marketing site (festoso.app) traffic analytics. Cookie-less, no personal data, no cross-site tracking. See plausible.io/privacy.

We never sell your data. We do not share data with advertisers or data brokers. We disclose data in response to lawful legal process (subpoena, court order), and we will notify you unless prohibited by law.

6. Your rights

You can:

Access your account and event data by signing in.
Export every event you organize as a single ZIP from Account > Your data > Export my data in the app. Guests can export their own contributions from the Export my contributions button at the bottom of the event page they joined (festoso.app/j/...). Download links are valid for 7 days.
Delete an event (and all its media) from the organizer dashboard.
Delete your account from Account > Your data > Delete account in the app. This permanently erases your venue, every event under it, every photo and video, and cancels any active Pro subscription. Hard delete is immediate; S3 versioning retains a 30-day recovery window on the storage layer for our own incident-response use, after which objects are unrecoverable.
Turn auto-add on or off, including per event. Festoso's Photo Library auto-add (the "Welcome back" sheet) is opt-in. The first time you'd see the prompt we show an onboarding sheet asking you to enable it; you can change your mind any time from Account > Auto-add photos in the app. The same screen lets you override the default for a specific event ("on for this one only", "off for this one only", or "use my default"). Nothing uploads automatically — every match still requires you to tap Add in the confirmation sheet.

If you are located in the European Economic Area, United Kingdom, or California, you may have additional rights under GDPR or CCPA — including the right to portability, to object to processing, or to request that we restrict processing. Contact privacy@festoso.app to exercise these rights.

7. Children

Festoso is not intended for users under 13 and we do not knowingly collect personal information from anyone under 13. Users aged 13 to 17 may use Festoso with a parent or legal guardian's supervision and consent. If you become aware that a child under 13 has provided us with information, contact privacy@festoso.app and we will delete it.

Festoso's App Store rating is 12+ (Apple) / 13+ Teen (Google Play IARC). Face-recognition and biometric features are NOT collected or processed in this version of the app; if those features ship in a future version, the App Store rating, this policy, and the in-app disclosures will be updated together before they go live.

8. Security

We use industry-standard safeguards including TLS in transit, encryption at rest, scoped credentials (per-event STS tokens), hashed passwords (bcrypt), and per-venue isolation of S3 storage. No system is perfectly secure; we will notify affected users without undue delay if we determine that a breach has occurred.

9. Changes to this policy

We may update this policy. Material changes (new categories of data collected, new third-party sharing) will be announced via email and via an in-app notice at least 30 days before they take effect.

10. Contact

Questions or concerns about this policy: privacy@festoso.app. General support: support@festoso.app.