Skip to main content

Privacy Policy

Effective date: 1 May 2025

1. Who we are

Evering ("the Platform") is a private wedding-photo gallery and facial-recognition matching service operated by the Evering team. The bride or groom ("you") is the customer; guests use Evering to view, upload, and find themselves in your gallery.

2. Information we collect

Account information (email address, name) when you sign in. Photos and short videos uploaded by you and your guests. Biometric data — face embeddings (numeric vectors) generated from photos and selfies for facial recognition matching. Usage data (page views, feature usage) via privacy-friendly Vercel Analytics.

3. Biometric data (face embeddings)

We generate face embeddings (512-dimensional numeric vectors) from photos and selfies to power "Find my photos." Embeddings are mathematical representations — they can't be reverse-engineered into your face.

  • We obtain explicit written consent from each guest before collecting any biometric data via a checkbox in the face-search dialog.
  • Biometric data is used solely for matching a guest's face to photos in this wedding gallery.
  • Face embeddings are automatically deleted 90 days after the wedding date (configurable by you, default 90 days).
  • You or any guest may request immediate deletion at any time via our Face Data Deletion page.
  • Selfie images submitted via the face-search feature are processed in real time and are not persisted on our servers.

4. BIPA compliance (Illinois residents)

If you are an Illinois resident, the following applies under the Biometric Information Privacy Act (740 ILCS 14):

  • We collect biometric identifiers (face geometry) and biometric information (face embeddings derived from photographs).
  • Purpose: to provide facial-recognition matching between your selfie and the wedding's photographs.
  • Retention schedule: face embeddings are stored for a maximum of 90 days after the wedding date, or until you request deletion, whichever comes first.
  • Data destruction: upon expiration of the retention period, face embeddings are permanently deleted from all storage systems via automated cron job.
  • Consent: by checking the consent checkbox in the face-search dialog, you provide written consent to the collection, storage, and use of your biometric data as described herein.
  • Disclosure: we do not sell, lease, trade, or otherwise profit from your biometric data. We do not disclose biometric data to third parties except as required by law.

5. How we share data

We do not sell your personal data. Data is shared only with cloud infrastructure providers (Vercel, Cloudflare R2, Neon) needed to run the service.

6. Data retention

Account data is retained until you delete your account (30-day grace period, then permanent erasure). Photos are retained until you delete them or the gallery is removed. Face embeddings follow the per-wedding retention schedule (default 90 days post-wedding).

7. Your rights

  • Export your data (GDPR Art. 20) via the Account settings page.
  • Request account deletion (GDPR Art. 17) via Account settings (30-day grace period).
  • Request immediate face data deletion via the Face Data Deletion page.
  • Object to processing — contact us at the email below.

8. Cookies

We use essential cookies for authentication (session token) and PIN verification. We use Vercel Analytics (privacy-friendly, no personal data collected). We do not use advertising or tracking cookies.

9. Security

All data is encrypted in transit (TLS) and at rest. Face embeddings are stored as binary blobs and are meaningless without our matching algorithm. Access to cloud infrastructure is restricted by role and audited.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the Platform.

11. Contact

For privacy inquiries, data requests, or complaints, contact us at: privacy@wedding-photos.app