Privacy Policy

Last updated: December 20, 2025

1. Introduction

Littleye ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wedding photo gallery service ("Service"). By using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with any part of this policy, you must not use the Service. This policy constitutes a binding agreement between you and Littleye.

Important: This Privacy Policy sets forth the complete and exclusive statement of the rights and obligations of the parties regarding data protection. Any rights you may have under applicable privacy laws are subject to the limitations, restrictions, and procedures detailed in this policy. We reserve all rights not expressly granted herein.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

  • Account Information: Name, email address, and other contact information when you create an account
  • Wedding Information: Couple names, venue, date, and other event details
  • Photos: Wedding photos you upload to the Service
  • Selfies: Selfie images uploaded by guests to find their photos
  • Payment Information: Processed securely through our payment processor (we do not store full credit card details)

2.2 Automatically Collected Information

When you use the Service, we automatically collect certain information, including:

  • Device information (browser type, operating system, device identifiers)
  • Usage data (pages visited, features used, time spent on the Service)
  • IP address and location data
  • Log files and analytics data

2.3 Facial Recognition Data

When you use our face recognition features, we process facial feature data using our face recognition technology. This includes:

  • Facial feature vectors and biometric data extracted from photos
  • Face index collections stored in our secure systems
  • Match confidence scores and recognition results

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage your account
  • Perform face recognition and photo indexing services
  • Enable photo search and gallery functionality
  • Send you service-related communications
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following limited circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and storage providers
  • Face recognition and AI service providers
  • Payment processors
  • Authentication and database service providers
  • Photo import and integration service providers

4.2 With Your Consent

We may share your information when you explicitly consent to such sharing, such as when you share your wedding gallery with guests.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information:

  • Photos are stored securely in encrypted cloud storage
  • Data transmission is encrypted using SSL/TLS
  • Access controls and authentication mechanisms protect your account
  • Face recognition data is stored securely with appropriate access controls
  • Regular security assessments and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, and for additional periods as required or permitted by law. Data retention periods may vary based on the type of information and applicable legal requirements. When you delete your account or request deletion, we will delete or anonymize your information within a reasonable timeframe, subject to the following mandatory retention periods and exceptions:

  • Legal Obligations: We are required to retain certain data for periods mandated by law, including but not limited to tax, accounting, financial reporting, and legal compliance requirements. This may include retention for up to 7 years or longer as required by applicable law.
  • Contractual Obligations: Data necessary to fulfill contractual obligations, including billing records, payment information, and transaction history, will be retained for the duration of the contract and for applicable statute of limitations periods thereafter.
  • Legitimate Business Interests: We may retain data for legitimate business interests including fraud prevention, dispute resolution, security, safety, and the prevention of illegal activities. This retention may extend beyond account deletion.
  • Backup and Archival Systems: Data stored in backup or archival systems may be retained for extended periods as part of our data protection and disaster recovery procedures. Such data will be deleted according to our standard archival deletion schedules, which may extend up to 90 days or longer depending on backup rotation policies.
  • Active Legal Proceedings: Data subject to legal holds, investigations, or active legal proceedings will be retained until such matters are resolved.
  • Anonymized Data: We may retain anonymized, aggregated, or de-identified data indefinitely for business analytics and service improvement purposes.

You acknowledge and agree that deletion requests may not result in immediate removal of all data due to technical, legal, and operational requirements. We will make reasonable efforts to delete data within 30 days of a valid deletion request, subject to the above exceptions.

7. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information, subject to the limitations and restrictions set forth in this policy. We reserve the right to charge reasonable fees or refuse requests that are manifestly unfounded, excessive, or repetitive:

  • Access: Request access to your personal information. We may require verification of your identity before processing any request. Requests may be limited to data you directly provided or control, excluding derived data, analytics, or processed information.
  • Correction: Request correction of inaccurate information. We will correct information that is factually incorrect, but we are not obligated to modify opinions, assessments, or properly processed data.
  • Deletion: Request deletion of your personal information, subject to our legal and contractual obligations to retain certain data, including for billing, tax, fraud prevention, and legal compliance purposes.
  • Portability: Request a copy of your data in a structured, commonly used, and machine-readable format, subject to the strict limitations set forth in Section 7.1 below.
  • Opt-out: Opt out of certain non-essential data processing activities. Note that opting out of essential processing may limit or prevent your use of the Service.
  • Withdrawal of Consent: Withdraw consent where processing is based solely on consent. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

7.1 Data Portability Limitations

Data portability requests are subject to the following strict limitations:

  • Scope: Portability applies only to personal data that you have provided to us and that we process based on your consent or contract. It does not include photos, images, or media files uploaded to the Service, which remain accessible through the Service interface. Portability is limited to metadata, account information, and structured data in standard formats (JSON, CSV, etc.).
  • Format: Data will be provided in a reasonable electronic format of our choosing. We are not required to provide data in any specific format requested by you.
  • Size Limitations: Data portability requests are limited to reasonable sizes. Requests exceeding 50MB will be subject to additional processing fees. Requests exceeding 500MB may be refused at our discretion as manifestly excessive.
  • Processing Fees: The first data portability request per calendar year is provided free of charge. Subsequent requests, or requests exceeding reasonable size limits, may be subject to processing fees to cover administrative costs. We will notify you of any fees before processing your request.
  • Timeframe: We will respond to data portability requests within 30 days. Complex or large requests may require additional time, and we will notify you of any delay.
  • Exclusions: The following are explicitly excluded from data portability: (a) photos, images, or media files (which must be accessed through the Service); (b) face recognition biometric data or facial feature vectors; (c) derived or processed data created by us; (d) data that would adversely affect the rights and freedoms of others; (e) data subject to legal privilege or confidentiality obligations.
  • Reasonable Refusal: We reserve the right to refuse requests that are manifestly unfounded, excessive, repetitive, or would require disproportionate effort. Repeated requests for the same data may be refused.

7.2 Request Procedures

To exercise any of these rights:

  • Submit a written request to contact@littleye.co with sufficient information to identify you and specify your request
  • We may require proof of identity and account ownership before processing any request
  • We reserve the right to verify your identity through reasonable means
  • Requests must be clear, specific, and reasonable in scope
  • We are not obligated to respond to requests that do not meet these requirements

8. Children's Privacy

Our Service is not intended for children under 13 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell your personal information.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), subject to the limitations and restrictions detailed throughout this Privacy Policy. These rights include:

  • Right of Access: Subject to verification and the limitations in Section 7, you may request access to your personal data.
  • Right to Rectification: You may request correction of inaccurate personal data, subject to the limitations in Section 7.
  • Right to Erasure: You may request deletion of personal data, subject to our legal obligations and legitimate interests as detailed in Section 6.
  • Right to Restrict Processing: You may request restriction of processing in certain circumstances, which may limit your ability to use the Service.
  • Right to Data Portability: Subject to the strict limitations in Section 7.1, you may request your data in a portable format.
  • Right to Object: You may object to processing based on legitimate interests. We may continue processing if we demonstrate compelling legitimate grounds that override your interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

All GDPR rights are subject to verification, reasonableness, and the limitations set forth in this policy. We reserve the right to charge reasonable fees for manifestly unfounded or excessive requests, and to refuse requests that would adversely affect the rights and freedoms of others or require disproportionate effort. You have the right to lodge a complaint with a supervisory authority in your EEA member state.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at contact@littleye.co.