Privacy Policy
Effective date: 2026-06-15
Last reviewed: 2026-06-15
1. Who We Are
Flashback (“Flashback,” “we,” “us,” or “our”) operates the Flashback mobile application (iOS and Android), iOS App Clip, and web application (collectively, the “Service”). The Service lets event hosts create disposable-camera-style photo rolls, invite guests to contribute photos, and reveal the gallery when the host is ready.
For privacy inquiries, contact us at privacy@myflashback.app.
2. Information We Collect
2.1 Account Information
When you create an account or sign in, we receive information from your chosen identity provider:
- Sign in with Apple — your name (if you share it), Apple-generated relay email address, and a stable Apple user identifier.
- Sign in with Google — your name, email address, and Google account identifier.
We do not receive your Apple or Google password. These identifiers are stored in Supabase Auth.
2.2 Photos You Upload
Photos you take or upload within the Service are stored in Supabase Storage. We store:
- The photo file itself (JPEG/HEIC).
- Metadata: the roll it belongs to, the uploader's user ID, upload timestamp, and orientation.
Photos within a roll are accessible only to roll participants unless the host enables broader visibility. Photos are not shared with third parties for advertising purposes. When you order prints, the selected photo files are transmitted to our fulfillment partner, Gelato (see Section 6).
2.3 Roll and Order Metadata
We store roll-level data (roll name, event date, host user ID, guest list, reveal status, participant count, camera style) and print-order data (order ID, roll reference, selected photo references, shipping address, fulfillment status) in Supabase Postgres. We never store card numbers or full payment instrument details.
2.4 Payment Information
Payments for event tiers and print orders are processed by Stripe, Inc. on the web, and by Apple or Google for in-app purchases on iOS and Android. These processors collect and store your payment instrument directly under their own PCI DSS and platform-security scopes. We receive from Stripe only a customer ID, charge/order status, and metadata; from Apple and Google IAP we receive receipt confirmation via RevenueCat (see Section 6). We do not store raw card data.
2.5 Analytics Events
We use PostHog to collect product-analytics events (e.g., “roll created,” “photo uploaded,” “reveal triggered”). These events include a pseudonymous user ID, event name, timestamp, and technical properties (device type, OS version, app version). PostHog does not receive your photos, payment information, or precise location. We do not use PostHog session replay. PostHog data is hosted in the United States.
2.6 Crash and Error Reports
We use Sentry for crash and error monitoring. Sentry receives stack traces, device type, OS version, and app version when a crash or unhandled error occurs. Sentry does not receive your photos or payment information. Sentry data is hosted in the United States.
2.7 Push Notifications
If you grant notification permission, we send push notifications (e.g., “Your roll has been revealed,” “Your order has shipped”) via Expo's push notification infrastructure, which relays through Apple APNs or Google FCM. We store your push token (and, for the web application, a VAPID web-push subscription) linked to your user account for as long as you are a registered user or until you revoke permission.
2.8 Cookies and Local Storage (Web)
Our web application uses browser local storage and session cookies for:
- Keeping you signed in (authentication session token).
- Remembering your preferences.
We do not use third-party advertising or cross-site tracking cookies.
2.9 Technical and Log Data
Our servers (Supabase, Vercel) automatically collect standard web-server logs: IP addresses, browser or device type, referring URL, pages visited, and error events. These logs are used for security monitoring and are not used to build advertising profiles.
2.10 App Clip
The Flashback iOS App Clip collects only the data necessary to join a specific roll: camera access (to capture photos) and network access (to upload them). The App Clip does not create a full account. Data collected through the App Clip is subject to Apple's App Clip data restrictions.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Create and manage your account | Performance of a contract |
| Store and display photos within a roll to participants | Performance of a contract |
| Process event-tier and print-order payments | Performance of a contract |
| Validate in-app purchase receipts via RevenueCat | Performance of a contract |
| Transmit selected photos to Gelato for print fulfillment | Performance of a contract |
| Send transactional notifications (reveal ready, order shipped) | Performance of a contract / Legitimate interest |
| Improve the Service via aggregated analytics (PostHog) | Legitimate interest |
| Detect crashes and errors (Sentry) | Legitimate interest |
| Detect fraud and maintain security | Legitimate interest |
| Comply with legal and tax obligations | Legal obligation |
4. Data Storage and Location
| Data type | Processor | Region |
|---|---|---|
| Account info, roll data, order metadata, push tokens | Supabase Postgres | United States |
| Photos | Supabase Storage | United States |
| Web payments | Stripe | United States |
| IAP receipt validation | RevenueCat | United States |
| Print fulfillment (selected photos + shipping address) | Gelato | EU / varies by ship-to country |
| Analytics events | PostHog | United States |
| Crash and error reports | Sentry | United States |
| Web hosting and server logs | Vercel | United States |
If you are located in the EU/EEA or UK, your data may be transferred to and processed in the United States or other countries. We rely on Standard Contractual Clauses (SCCs) adopted by the European Commission as the legal mechanism for such transfers where required.
5. Data Retention and Deletion
5.1 Photos
Photos are retained for the lifetime of the roll they belong to. When a host deletes a roll, all photos associated with that roll are deleted from Supabase Storage. Individual guests may submit a request via privacy@myflashback.app for removal of their specific photo.
5.2 Account Data
You may delete your account at any time within the app at Profile → Account & login → Delete account (also accessible under Privacy & data). After a 7-day reversal window, your account and personal data are permanently deleted within 30 days. Where a guest has contributed photos to another user's roll, those photos remain in that roll after the guest deletes their account but the uploader attribution is anonymized.
You may also request deletion by emailing privacy@myflashback.app with the subject line “Account Deletion Request.” We will respond within 48 hours to confirm receipt.
De-identified, aggregated analytics data and order records required for legal or tax compliance may be retained for longer periods as required by law.
5.3 Payment Records
Stripe and Apple/Google retain payment records per their own policies and applicable financial regulations. We retain our internal order metadata (without card data) for up to 7 years for tax and accounting purposes.
5.4 Print Order Data
Gelato retains production records (photos submitted for print, shipping address) for the period required to produce, ship, and support the order. After fulfillment and the applicable support window, Gelato's data retention policies govern. We retain order status and reference metadata for up to 7 years for tax purposes.
6. Sharing Your Information
We do not sell your personal information. We do not permit cross-app tracking of your activity for advertising purposes. We share data only as follows:
- Supabase — database and file storage for accounts, rolls, photos, order metadata, and push tokens. Bound by a data processing agreement.
- Stripe — web checkout for event tiers and print orders. Stripe processes your payment details under its own PCI DSS scope. We share only the data necessary to complete a transaction.
- Apple / Google — in-app purchase processing on iOS and Android. Subject to their respective platform privacy policies.
- RevenueCat — validates in-app purchase receipts and manages entitlements. Receives purchase receipts, product IDs, and a pseudonymous app user ID. Does not receive photos or payment card data.
- Gelato — print production and shipping fulfillment. When you place a print order, Gelato receives the photo files you selected to be printed and your full shipping address (recipient name, address, city, postcode, country) to produce and ship your order. Gelato is bound by a data processing agreement.
- PostHog — pseudonymous product analytics. Does not receive photos or payment information.
- Sentry — crash and error monitoring. Receives stack traces and device context only; does not receive photos or payment data.
- Expo / APNs / FCM — push notification delivery. Receives push tokens and notification payloads.
- Vercel — web hosting. Collects standard server logs (IP address, device, request path, error events).
- Legal requirements — if required by law, court order, or to protect rights, property, or safety.
- Business transfer — in connection with a merger, acquisition, or asset sale, your information may be transferred; we will notify you as required by law.
7. Your Rights
7.1 In-App Controls
You can, without contacting us:
- Delete your account (Profile → Account & login → Delete account).
- Revoke notification permission in your device's system settings.
- Delete a roll and all its photos (host only).
7.2 All Users
By contacting us at privacy@myflashback.app you may:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data (see Section 5.2).
We aim to respond within 48 hours to confirm receipt and within 30 days to fulfill the request.
7.3 EU/EEA and UK Users (GDPR / UK GDPR)
In addition to Section 7.2, you have the right to:
- Portability — receive your data in a structured, machine-readable format.
- Restriction — request that we restrict processing while a complaint is pending.
- Objection — object to processing based on legitimate interest.
- Lodge a complaint with your local supervisory authority.
7.4 California Residents (CCPA / CPRA)
California residents have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of its “sale” or “sharing” (we do not sell or share personal information for cross-context behavioral advertising), and the right not to be discriminated against for exercising these rights. To submit a request, email privacy@myflashback.app with the subject line “California Privacy Request.”
8. Children's Privacy
The Service is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it promptly. Contact us at privacy@myflashback.app if you believe a child under 13 has provided us with personal information.
9. Security
We implement industry-standard technical and organizational measures to protect your information, including TLS encryption in transit, row-level security in our database, and access controls on photo storage. Crash reports (Sentry) and analytics (PostHog) are pseudonymized. No system is perfectly secure; we cannot guarantee absolute security.
10. International Transfers
Flashback is operated in the United States. By using the Service, you acknowledge that your information may be transferred to and processed in the United States and other countries where our processors operate. For transfers from the EU/EEA or UK, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.
11. Third-Party Links and Services
The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at myflashback.app/privacy and, where required, by email or in-app notification. The effective date at the top of this page reflects when the current version took effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact Us
For questions, requests, or complaints about this Privacy Policy:
Privacy: privacy@myflashback.app
General support: support@myflashback.app