Privacy Policy

  1. Home
  2. Privacy Policy

Privacy Policy

Last updated: May 19, 2026

This Privacy Policy describes how IMGUPSCL SOFTWARE SRL, trading as LoveLensGallery, collects, uses, and protects your personal data when you use our Service. It also explains your rights under the General Data Protection Regulation (GDPR) and applicable Romanian data protection law.

1. Data Controller

The data controller responsible for processing your personal data is:

IMGUPSCL SOFTWARE SRL
Trading as: LoveLensGallery
Address: str. Mihai Eminescu, nr. 97, bl. C1, ap. 24, Deva, Hunedoara, Romania
CUI: 44391555 | J20/852/2021
Email: contact@lovelensgallery.com
Phone: +40732163909

2. Personal Data We Collect

Account holders (event organisers)
  • Email address and display name - provided at registration or via Google OAuth.
  • Billing information (name, address, VAT number if applicable) - collected when you request an invoice.
  • Payment transaction reference - we receive only a reference from Stripe; card details are never stored by us.
  • Usage data: IP address, browser type, pages visited, feature usage, timestamps.
  • IP-based geolocation (country only) - used to determine language, currency, and applicable invoicing provider.
Wedding guests (uploaders without an account)
  • Photos and videos uploaded via the event QR code link.
  • IP address at the time of upload - used for country detection and fraud prevention.
  • Face embeddings - only if face recognition has been enabled by the event organiser (see Section 5).

3. Legal Bases for Processing

  • Contract performance (Art. 6(1)(b) GDPR): processing your account and event data to provide the Service you have subscribed to.
  • Legal obligation (Art. 6(1)(c) GDPR): retaining invoicing and financial records as required by Romanian and EU tax law (up to 10 years).
  • Legitimate interests (Art. 6(1)(f) GDPR): analysing usage patterns to improve the Service, detecting and preventing fraud and abuse, and maintaining security logs.
  • Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR): processing biometric data (face embeddings) requires your explicit consent, which you provide when you activate the face-recognition feature.

4. How We Use Your Data

  • To create and manage your account and event gallery.
  • To store and display photos and videos uploaded to your event.
  • To process payments and issue invoices.
  • To provide the optional face-recognition gallery filtering feature.
  • To detect your country for language and currency selection.
  • To send transactional emails: account confirmation, password reset, and invoice delivery.
  • To analyse and improve the performance and features of the Service.
  • To prevent fraud, abuse, and unauthorised access to the Service.

5. Biometric Data and Face Recognition

When the face-recognition feature is enabled, uploaded photos are analysed by our processing system to generate face embeddings - numerical vectors representing detected facial geometry. Face embeddings are biometric data and constitute special-category personal data under GDPR Article 9.

This processing is activated only with the explicit consent of the event organiser. Face embeddings are stored securely and are used exclusively to group and filter photos within the private gallery of that specific event. They are not shared with any third party and are not used for any purpose beyond gallery filtering.

Face embeddings are permanently and automatically deleted when the associated event is deleted or when the account is closed. You may also withdraw your consent and request immediate deletion at any time by contacting contact@lovelensgallery.com.

If you are a wedding guest and wish to have your face data removed from an event gallery, please contact contact@lovelensgallery.com with the event name or QR code reference and your deletion request. We will process your request within 30 days.

6. Third-Party Service Providers

We use the following sub-processors to deliver the Service. All are bound by data processing agreements and provide appropriate safeguards:

  • Supabase - Authentication and database hosting. Data is stored within the EU (Ireland).
  • Amazon Web Services (AWS), eu-west-1 - Photo and video file storage (S3) and message queuing (SQS). Data is stored within the EU (Ireland).
  • Stripe Inc. - Payment processing. Data may be transferred to the USA under Standard Contractual Clauses.
  • Brevo (Sendinblue) - Transactional email delivery. Headquartered in France (EU).
  • Oblio - Invoice generation for Romanian customers.
  • Qonto - Invoice generation for EU customers outside Romania.
  • ipapi.co / ip-api.com - IP-based country detection. Only your IP address is sent; no personal data is retained by these services beyond the request.

7. Data Retention

  • Account and gallery data: retained for the duration of your account. After deletion, data is removed within 30 days, except where legal retention obligations apply.
  • Invoicing and financial records: retained for 10 years as required by Romanian and EU tax law.
  • Face embeddings: deleted immediately upon event deletion, account closure, or upon withdrawal of consent.
  • Usage logs and IP addresses: retained for up to 12 months for security and fraud prevention.
  • IP geolocation data: not retained - used only at the moment of the request to determine country.

8. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). Where transfers outside the EEA occur - specifically for payment processing via Stripe - those transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access - request a copy of the personal data we hold about you.
  • Right to rectification - request correction of inaccurate or incomplete data.
  • Right to erasure - request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing - request that we limit how we process your data in certain circumstances.
  • Right to data portability - receive your data in a structured, commonly used, machine-readable format.
  • Right to object - object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent - withdraw consent for biometric data processing at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at contact@lovelensgallery.com. We will respond within 30 days. If you believe your rights have not been respected, you may lodge a complaint with the Romanian data protection authority:

ANSPDCP - Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
www.dataprotection.ro

10. Cookies

We use cookies to operate the Service. Essential cookies are required for user authentication and session management. Functionality cookies are used to remember your language preference. We do not use advertising, tracking, or profiling cookies.

You can manage cookie preferences through your browser settings. Please note that disabling essential cookies will affect the functionality of the Service.

11. Security

We implement appropriate technical and organisational security measures to protect your personal data, including encryption of data at rest and in transit, strict access controls, and regular security reviews. However, no transmission or storage method is completely secure. If you believe your data may have been compromised, please contact us immediately at contact@lovelensgallery.com.

12. Children's Privacy

The Service is intended for use by adults aged 18 and over. We do not knowingly collect personal data from minors. If you believe that a minor has provided personal data through the Service, please contact us and we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes before they take effect and update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

14. Contact

For any questions, requests, or concerns relating to this Privacy Policy or your personal data, please contact us:

  • Email: contact@lovelensgallery.com
  • Address: IMGUPSCL SOFTWARE SRL, str. Mihai Eminescu, nr. 97, bl. C1, ap. 24, Deva, Hunedoara, Romania
  • Phone: +40732163909