Privacy Policy
Last updated: May 24, 2026
1. Who We Are
Luminosity ("we", "us", "our") is an AI-powered event photography platform that helps photographers share event photos with guests using facial recognition technology. This policy explains how we collect, use, store, and protect personal data when you use our platform — whether you are a photographer (account holder) or a guest (someone viewing, scanning, or downloading photos from an event).
For GDPR purposes, Luminosity acts as a data processor on behalf of photographers (who are the data controllers for their event photos and guest data) and as a data controller for account-related data.
2. Data We Collect
2.1 Photographer Account Data
When you create an account, we collect:
- Name and email address — for authentication and communication
- Password — stored as a one-way bcrypt hash; we cannot read your password
- Optional profile information — phone number, website, bio, business name, VAT number, tax office, address, city, postal code, country
- Profile images — avatar, studio logo, watermark image (stored on AWS S3)
2.2 Event Photos
Photographers upload event photos to our platform. For each photo we store:
- The original image file and a smaller preview copy (on AWS S3 in the EU)
- Metadata: filename, dimensions, file size, file hash (for duplicate detection), upload date
- We do not extract or store EXIF data such as GPS location from uploaded photos
2.3 Face Detection Data
When photos are uploaded, we send them to AWS Rekognition (Amazon's facial recognition service) for face detection. This produces:
- Face bounding boxes — the position and size of each detected face within the photo (stored in our database)
- Face attributes — estimated age range, gender, smile, emotion, glasses detection (stored in our database)
- Face vectors (embeddings) — mathematical representations used for matching faces. These are generated and stored exclusively within AWS Rekognition in per-project collections. We do not store face vectors in our own database. We only store a reference identifier to look up matches.
- Face thumbnails — small cropped images of each detected face (stored on AWS S3)
Face vectors in AWS Rekognition are permanently deleted when the photographer deletes the event or their account.
2.4 Guest Face Scan Data (Selfie Search)
When a guest uploads a selfie to find their photos:
- The selfie image is sent to AWS Rekognition for real-time face matching
- The selfie is not stored by Luminosity. It is processed in memory and discarded immediately after the search completes. AWS Rekognition does not retain the selfie either — it is used only for the duration of the API call.
- If the guest provides their name and email (optional, may be required by the photographer), we log a scan record containing: guest name, guest email, IP address, number of matches found, and timestamp
- If an email is provided, we may automatically associate matched faces with a person record to help the photographer identify guests
2.5 Guest Interaction Data
- Photo downloads — we log the IP address, download quality (original or watermarked), guest email (if previously provided), and timestamp
- RSVP submissions — name, email, and any custom fields configured by the photographer
- Guest photo uploads — guest name, email (optional), the uploaded photos, and moderation status
2.6 Payment Data
Payments are processed entirely by Viva Payments, a PCI-DSS compliant payment processor. We never see, receive, or store credit card numbers or bank details. We store only:
- Transaction reference codes from Viva (order code, transaction ID)
- Payment amount, currency, VAT, and status
- Credits granted
2.7 Social Login Data
If you sign in with Google, we receive and store your Google profile name, email address, and profile photo URL. We do not access your Google contacts, calendar, files, or any other Google data.
2.8 Technical Data
- Authentication token — stored in your browser's localStorage (not a cookie). Cleared on logout.
- IP addresses — logged in scan records, download records, and application logs for security and analytics
- We do not use cookies, tracking pixels, Google Analytics, or any third-party analytics services
3. How We Use Your Data
- To provide the service — face detection, face matching, photo hosting, event page rendering
- To authenticate you — login, session management, password verification
- To process payments — credit purchases via Viva Payments
- To send notifications — welcome emails, payment confirmations, event creation confirmations, collaboration invitations
- To provide analytics — scan counts, download counts, and usage statistics visible only to the event photographer
- To prevent abuse — rate limiting, IP logging, duplicate detection
We do not use your data for advertising, profiling, or selling to third parties.
4. Legal Basis for Processing (GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Photo hosting and face detection | Contract performance |
| Guest face scanning (selfie search) | Consent (voluntary action by guest) |
| Payment processing | Contract performance |
| Payment record retention | Legal obligation (tax/accounting) |
| Analytics (scan/download counts) | Legitimate interest of the photographer |
| Security logging (IP, user agent) | Legitimate interest (security) |
| Email notifications | Contract performance / Legitimate interest |
5. Third-Party Data Processors
We share data with the following third-party services, all of which operate under data processing agreements:
5.1 Amazon Web Services (AWS)
- AWS S3 — stores photos, assets, and face thumbnails. Data region: EU (eu-west-1, Ireland).
- AWS Rekognition — performs face detection and matching. Processing region: EU (eu-west-1). Face vectors are stored in per-project collections within AWS and deleted when the project is deleted.
5.2 Viva Payments
Processes credit card payments. Viva is PCI-DSS Level 1 certified. We never receive or store card details — all card data is entered directly on Viva's hosted checkout page.
5.3 Google
If you use "Sign in with Google", Google acts as an identity provider. We receive only your name, email, and profile photo URL. No further Google data is accessed.
We do not sell, rent, or share personal data with any other third parties.
6. Data Storage and Security
- All data is processed and stored within the European Union (AWS eu-west-1, Ireland)
- Passwords are hashed using bcrypt (one-way, not reversible)
- Payment credentials are encrypted using AES-256-CBC
- All API communication uses HTTPS/TLS encryption in transit
- Authentication uses API tokens (Laravel Sanctum) transmitted via Bearer headers
- Photo URLs use time-limited presigned links that expire after 60 minutes
- We do not store credit card information (handled entirely by Viva Payments)
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until you delete your account |
| Photos, face data, events | Until the photographer deletes them or their account |
| Face vectors (AWS Rekognition) | Until the event or account is deleted |
| Selfie images (face scan) | Not stored — processed in real-time and discarded |
| Scan and download logs | Retained for the lifetime of the event for analytics |
| RSVP submissions | Retained for the lifetime of the event |
| Payment records | Retained indefinitely (legal/tax obligation) |
| Security logs (IP, auth events) | 90 days (auto-deleted) |
| Operational logs (S3, Rekognition) | 30 days (auto-deleted) |
8. Your Rights
Under the GDPR and applicable data protection laws, you have the following rights:
For Photographers (Account Holders)
- Access — view all your personal data via your account dashboard and API
- Rectification — update your profile, business details, and event information at any time
- Deletion — permanently delete your account via Settings, which removes all your data, photos, events, face collections, and associated assets
- Portability — download your original photos from the dashboard
- Restriction — you can make photos private (hidden from public view) at any time
For Guests (Event Attendees)
- Face scanning is entirely voluntary. You are never required to upload a selfie.
- Your selfie is never stored. It is processed in real-time and immediately discarded.
- You may provide a name and email for scan attribution, but this is optional (unless the photographer requires it).
- To request deletion of your scan records, download logs, or RSVP data, contact the event photographer directly or email us.
9. Face Recognition — Important Details
We take facial recognition seriously and want to be transparent about exactly how it works:
- Face detection runs automatically when a photographer uploads event photos. This is part of the core service the photographer has contracted for.
- Face matching (selfie scan) only happens when a guest voluntarily uploads their own selfie. Guests initiate the process themselves.
- Face embeddings (the mathematical vectors used for matching) are generated and stored by AWS Rekognition in isolated, per-event collections. Luminosity's own database stores only bounding box coordinates and a reference ID — not the vectors themselves.
- When an event is deleted, the corresponding AWS Rekognition collection is destroyed, permanently removing all face vectors for that event.
- We do not use face data for any purpose other than matching guests to their event photos.
- We do not train AI models on your photos or face data.
- We do not perform facial recognition across different events or photographers.
10. Cookies and Tracking
Luminosity does not use cookies. We use browser localStorage to store a single authentication token (similar to a session cookie, but not transmitted automatically with every request). This token is cleared when you log out.
We do not use tracking pixels, Google Analytics, Facebook Pixel, or any other third-party tracking technology. We do not build advertising profiles or share browsing behavior with third parties.
11. Children's Data
Luminosity is intended for use by professional photographers and adults. We do not knowingly collect personal data from children under 16. Photographers are responsible for ensuring they have appropriate consent to photograph and upload images of minors at events they cover.
12. Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.
13. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent revision.
14. Contact
For privacy-related questions, data access requests, or to exercise your rights, contact us at:
privacy@luminosity.app