Privacy Policy

Last updated: June 2026

Flass is a private photo album for events. Privacy is at the core of the product: your photos, your data. This policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).

What we collect

Account information: your email when you create an account or an event.

Event content: photos and videos you and your guests upload, along with a guest's name or email if the event requests it.

Technical information: basic browser and usage data needed to run the service securely.

How we use it

To run the service: display the album, send event notifications, and reveal the album at the right time.

We never sell personal data, and we do not use guest content for marketing without explicit consent (see below).

Marketing content and consent

Businesses may only use guest content in marketing when the guest has given explicit consent (opt-in). You can withdraw that consent at any time.

Processors

We use trusted providers to run Flass: Supabase (data and image hosting, in EU data centres) and Resend (email). These providers process data only on our behalf.

Storage and security

Data is hosted within the EU (eu-central-1). Albums are private and protected by default — access requires a link or sign-in.

Your rights

You can export all your data and delete your account at any time under Settings in the app. You have the right to access, rectification, erasure and portability under GDPR.

Retention

We keep event data while your account is active. When you delete an event or account, photos, videos and related data are removed.

Contact

Questions about privacy? Contact us at flass@flass.app.

Persónuvernd · Flass