Privacy Policy | SnapFind AI Face Recognition Event Photo Album Platform

SnapFind values your privacy. This policy explains how we collect, use, store, and protect your personal data.

1. Scope of Application

This Privacy Policy applies to all services provided by SnapFind, including but not limited to: registered users using our album management features, guests uploading selfies to search for event photos, and use of our website or other online services.

2. Information We Collect

2.1 Information You Provide

Registration information: including name, email address, and other necessary details.
Photos and content: selfies, event photos, or other multimedia content you upload.
Payment information: payment details processed through third-party payment processors.

2.2 Information Collected Automatically

Device and connection information: including IP address, device type, operating system, browser type and version.
Usage data: visit dates and times, feature usage records, click behavior, etc.
Cookies and tracking technologies.

2.3 Information from Third-Party Sources

We may obtain certain information about you from third parties (such as social media platforms or partners), but only within the scope you have authorized.

3. How We Use Your Information

3.1 Service Delivery and Operations

Uploading, classifying, and storing photos.
Performing face recognition matching for guests.
Providing customized album management features.

3.2 Service Optimization and Improvement

Analyzing user behavior to improve service quality.
Developing new features and products.

3.3 Marketing and Promotions

Sending service updates, promotional offers, and marketing communications (you may opt out at any time).

3.4 Legal Compliance

Ensuring compliance with applicable laws and regulations.
Responding to lawful requests from law enforcement authorities.

3.5 Lawful Basis for Processing (GDPR Article 6)

Where GDPR applies, our processing of your personal data is based on one or more of the following legal bases:

Performance of a contract (Art. 6(1)(b)): providing the photo management and face search service you have signed up for.
Consent (Art. 6(1)(a) and Art. 9(2)(a)): biometric processing of facial data, non-essential cookies, and marketing communications. You may withdraw consent at any time.
Legitimate interests (Art. 6(1)(f)): service security, fraud prevention, aggregate analytics, and product improvement, where these do not override your rights and freedoms.
Legal obligation (Art. 6(1)(c)): keeping tax and billing records, and responding to lawful requests from authorities.

4. Data Sharing and Disclosure

4.1 We may share data with:

Service providers: such as cloud storage, payment processing, and face recognition technology providers.
Legal authorities: disclosing data as required by law or upon lawful request.

4.2 We will not:

Sell or rent your personal data to third parties.
Publicly disclose any sensitive information without permission.

4.3 Categories of Recipients

In accordance with GDPR Article 13(1)(e), we share personal data with the following categories of third-party subprocessors strictly as necessary to deliver the service:

Cloud infrastructure providers — storage, compute, and face recognition services; primary hosting region: Singapore.
Payment processors — to process subscription payments and issue invoices.
Transactional email service providers — for account verification, notifications, and service communications.
For international transfers we rely on Standard Contractual Clauses and each subprocessor's own GDPR compliance programme. A detailed named list is available to business clients on request under an appropriate confidentiality agreement.

5. Data Storage and Protection

5.1 Storage Location and International Transfers

Your data is stored on secure enterprise-grade cloud infrastructure, with the primary storage region in Singapore. For transfers of personal data from the European Economic Area (EEA) to Singapore, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Article 46.

5.2 Security Measures

We employ industry-standard technical and administrative measures (such as AES-256 encryption at rest, TLS encryption in transit, firewalls, and access controls) to protect your personal data from unauthorized access, use, or disclosure.

5.3 Retention Periods (GDPR Article 5(1)(e))

We retain personal data only for as long as necessary for the purposes described in this policy. Typical retention periods are:

Account profile data: for the lifetime of the account; deleted within 30 days after account closure, except where we are legally required to retain it.
Event photos and albums: for the lifetime of the event; deleted when the event is deleted.
Biometric (facial) data and search records: for the lifetime of the event; deleted when the event is deleted (see Section 9).
Payment and invoice records: 7 years, to meet tax and accounting obligations.
Server and access logs: up to 12 months, for security, fraud prevention, and integrity of the service.
Marketing contact records: until consent is withdrawn.

5.4 Personal Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach (GDPR Article 33). Where the breach is likely to result in a high risk to affected individuals, we will also notify those users without undue delay (GDPR Article 34).

6. Your Rights and Choices

6.1 Access and Correction (GDPR Articles 15 and 16)

You may access or update personal data in your account at any time. If you find any inaccuracies, contact us at info@snapfind.io for correction.

6.2 Erasure (GDPR Article 17)

You may request deletion of your account and all associated data. Some data may be retained for a limited period where required by law (e.g. tax records).

6.3 Opt Out of Tracking

You may disable non-essential Cookies through your browser settings or our cookie preferences tool, although this may affect certain features of the service.

6.4 Data Portability (GDPR Article 20)

You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible. To request an export, contact info@snapfind.io.

6.5 Restriction of Processing (GDPR Article 18)

You may ask us to restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have contested.

6.6 Right to Object (GDPR Article 21)

You may object at any time to processing based on our legitimate interests, including profiling. You have an absolute right to object to direct marketing.

6.7 Right to Lodge a Complaint (GDPR Article 77)

If you are located in the EU or EEA, you have the right to lodge a complaint with your national data protection authority if you consider that our processing of your personal data infringes your rights. We ask that you contact us first at info@snapfind.io so we can try to resolve the matter.

7. Third-Party Services

This website may contain links to third-party websites or services (such as payment processors or social media plugins). We are not responsible for the privacy practices of these third parties and recommend that you review their respective policies.

8. Policy Updates

We reserve the right to update this Privacy Policy at any time. The revised policy will be posted on this website and take effect immediately. Significant changes will be communicated to users via email or prominent notice.

9. Biometric Data Processing (GDPR Article 9)

SnapFind uses biometric processing (facial feature vectors) to enable face-based photo search. Under GDPR Article 9, this is "special category" personal data and requires your explicit consent (Article 9(2)(a)).

What we process: facial feature vectors extracted from selfies and event photos, used only to match you against photos in the same event.

Where it is stored: our secure cloud infrastructure in Singapore. For transfers from the EU/EEA we rely on Standard Contractual Clauses.

Retention: your selfie, the resulting face data, and the list of matched photos are kept as a search record for the lifetime of the event so that the event organizer can review search activity and resolve disputes. All face data and search records are deleted when the event is deleted.

Your rights: you can withdraw consent, request access, correction, or erasure of your biometric data at any time by contacting info@snapfind.io. We respond to requests within 30 days.

10. Automated Decision-Making and Profiling

We use automated facial recognition to help guests find photos of themselves at events. This processing is used only to assist photo search and does not produce legal or similarly significant effects about you within the meaning of GDPR Article 22. You may withdraw consent for biometric processing at any time; face search will then no longer be available to you, but you can still use the rest of the service.

11. Children's Data (GDPR Article 8)

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent. If you believe a child has provided us with personal data, please contact info@snapfind.io and we will delete the data.

12. Contact Us

Snapfind Technology Limited
Email:info@snapfind.io

Data Protection Contact

For all data protection enquiries, including requests to exercise your GDPR rights, contact us at info@snapfind.io. We aim to respond within 30 days.

PrivacyPolicy