Privacy Policy
Last updated: March 2026
1. Information We Collect
We collect information you provide directly, including your name, email address, and profile information when you create an account. We collect photos and related metadata that you upload to the Service. We collect usage data such as features used, events created, and photos processed. We collect device information including device type, operating system, and app version.
2. Facial Recognition Data
ShotCast uses facial recognition technology (powered by AWS Rekognition) to match guests with their photos. Facial feature vectors are generated from uploaded photos and guest selfies. These vectors are used solely for photo matching within the context of an event. Facial data is stored securely and is deleted when the associated event or account is removed. Guests consent to facial scanning by voluntarily taking a selfie through the event gallery.
3. How We Use Your Information
We use your information to provide, maintain, and improve the Service. We process photos for storage, editing, and distribution to event guests. We use facial data exclusively for matching guests to their event photos. We send notifications about photo uploads, downloads, and sales. We process payment transactions through our payment partner (Asaas). We use aggregated, anonymized data for analytics and service improvement.
4. Data Storage and Security
Your data is stored on secure servers provided by Supabase (PostgreSQL) and AWS (S3 for photos, Rekognition for facial data). We use industry-standard encryption for data in transit (TLS) and at rest. Access to user data is restricted to authorized personnel only. We conduct regular security reviews and follow best practices for data protection.
5. Data Sharing
We do not sell your personal information to third parties. We share data with service providers necessary to operate the platform (AWS, Supabase, Asaas for payments, Evolution API for WhatsApp). We may disclose information when required by law or to protect our rights. Event photos are shared with guests who access the event gallery as intended by the photographer.
6. Guest Data
Guests who access event galleries without creating an account may provide their phone number for WhatsApp delivery and take selfies for facial matching. Guest phone numbers are used solely for delivering matched photos via WhatsApp. Guest selfie data is used only for photo matching within the specific event and is not retained beyond the event lifecycle.
7. Your Rights
You have the right to access, correct, or delete your personal data at any time. You can export all your data through the app (Profile > Privacy & Security > Export My Data). You can delete your account and all associated data through the app. You can opt out of non-essential notifications at any time. For data requests, contact us at support@shotcast.io.
8. Data Retention
Account data is retained for as long as your account is active. Event data (photos, facial vectors, guest records) is retained until the photographer deletes the event or their account. Transaction records are retained for legal and accounting purposes as required by applicable law. Upon account deletion, all personal data is permanently removed within 30 days.
9. Cookies and Tracking
The ShotCast web gallery uses minimal cookies necessary for session management. We do not use third-party tracking or advertising cookies. Analytics data is collected in aggregated form and cannot be used to identify individual users.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes through the app or by email. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Third-Party AI Processing (AWS Rekognition)
ShotCast uses Amazon Web Services Rekognition, a third-party artificial intelligence service, to process facial data for photo matching. When facial recognition is enabled for an event, the following applies: (a) photos uploaded to the event are sent to AWS Rekognition servers located in South America (Sao Paulo, Brazil) for facial indexing; (b) when a guest takes a selfie for photo matching, the selfie image is sent to AWS for comparison against indexed faces; (c) AWS generates mathematical representations (feature vectors) of facial features for matching purposes only; (d) selfie images submitted for matching are not retained by AWS or ShotCast after the matching process completes; (e) facial feature vectors stored in AWS Rekognition collections are deleted when the associated event is deleted or when the photographer removes their account. ShotCast does not sell, share, or use facial data for any purpose other than matching guests to their event photos. Users may decline facial recognition and still access the event gallery through other methods.
12. LGPD Compliance (Brazil)
ShotCast complies with the Lei Geral de Protecao de Dados (LGPD - Law 13.709/2018) of Brazil. Under the LGPD, you have the right to: (a) confirmation of data processing; (b) access to your data; (c) correction of incomplete or inaccurate data; (d) anonymization, blocking, or deletion of unnecessary data; (e) portability of your data to another service provider; (f) deletion of personal data processed with your consent; (g) information about which entities your data has been shared with; (h) information about the possibility of denying consent and the consequences thereof; (i) revocation of consent. The legal basis for processing personal data varies by context: account data is processed based on contractual necessity; facial recognition data is processed based on explicit consent (opt-in before first use); payment data is processed based on legal obligation and contractual necessity. To exercise your LGPD rights, contact our Data Protection Officer at support@shotcast.io.
13. Non-User (Guest) Data
Event guests who are not registered ShotCast users may have their data processed in the following ways: (a) photos taken at events may contain their likeness, which is uploaded by the event photographer; (b) if face recognition is enabled, their facial features in event photos may be indexed by AWS Rekognition for matching purposes; (c) if they voluntarily use the face scan feature, their selfie is processed for matching and immediately deleted; (d) if they provide their phone number for WhatsApp delivery, it is stored only for the duration of the event and used solely to deliver matched photos. Non-users can request removal of their data by contacting support@shotcast.io or by asking the event photographer to remove specific photos.
14. Contact
For questions about this Privacy Policy or your data, contact us at support@shotcast.io.