Back to Fotonest

Last updated · May 2026

This Privacy Policy describes how Fotonest Studio ("Fotonest", "we", "our") collects, uses, stores, and shares information when you use the Fotonest mobile and web applications (the "Service"). By using the Service, you agree to this policy.

1. Information we collect

Profile information

When you sign in with Google, we receive your name, email address, and profile photo. We use these to identify your account and personalise your experience.

Photos you upload

If you host an event, you can upload photos to that event. Originals are stored in Google Cloud Storage. We process each photo to detect faces and generate visual signatures used for matching.

Selfies for matching

When you join an event as a guest, you can take a selfie. The selfie is converted to a numerical face embedding on our servers. The embedding cannot be reversed into a recognisable face image. Embeddings are used solely to find your photos within the events you have joined.

Event activity

We record the events you create, the events you join, and basic membership status (host or guest) to power core features like "Events I own" and "Events I joined".

Device and usage data

To keep the app reliable, we collect anonymised device model, OS version, app version, locale, and crash reports. We do not link this data to your face embedding or selfie.

Permissions we request on your device

• Camera — to take selfies and scan event QR codes.
• Photo library — only when you choose photos to upload to an event you host.
• Notifications — to tell you when your matches are ready or your event status changes.

2. How we use information

• Match your selfie to photos within events you have joined.
• Show your owned and joined events on your profile.
• Notify you about event status, matches, and host actions.
• Operate, secure, and improve the Service, including diagnosing crashes.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell or rent your personal information. We do not use your face data for advertising. We do not train third-party generative-AI models on your photos.

3. When we share information

We share information only with the following categories of recipients:

• Service providers — Google Cloud (hosting, storage, Firebase Authentication, Firebase App Check), Razorpay (event-creation payments). These providers process data on our behalf under contractual data-protection terms.
• Event hosts — when you join an event, the host can see your name and the photos that match you within that event. Hosts cannot see your selfie or your face embedding.
• Legal compliance — if required by law, regulation, court order, or to protect the safety of users.
• Successor entity — in connection with a merger, acquisition, or sale of assets, with notice to you.

4. Your rights and choices

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Correct — update inaccurate information.
• Delete — delete your account, uploaded photos, and face embeddings.
• Withdraw consent — for example, by signing out and uninstalling the app.
• Object or restrict — object to or restrict certain processing, where applicable under your local law.

You can exercise these rights inside the app (Profile → Privacy → "Export my data" or "Delete my account") or by emailing support@fotoneststudio.com. We respond within 30 days.

5. Data retention

• Account data kept until you delete your account.
• Event photos kept until the event's lifecycle expires (set by the host) or you delete the event.
• Face embeddings kept while you remain a member of the event; deleted when you leave or the event expires.
• Crash and analytics logs retained for up to 90 days.

6. Security

We encrypt data in transit using TLS, and at rest using Google Cloud's default disk-level encryption. Face embeddings are stored separately from contact details. Access to production systems is restricted to authorised personnel and audited.

No service is perfectly secure. If we become aware of a breach affecting your data, we will notify you and the relevant regulators where required by law.

7. Children's privacy

Fotonest is not intended for children under 13 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

8. International transfers

Fotonest is operated from India, with infrastructure hosted on Google Cloud (United States). If you access the Service from outside these regions, your data may be transferred internationally. Where required, we rely on standard contractual clauses or equivalent safeguards.

9. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date at the top of this page and, for material changes, give you notice in-app or by email before the change takes effect.

10. Contact us