Privacy Policy

Who we are.Momentrove (“Momentrove,” “we,” “us,” or “our”) operates the Momentrove event platform and the website at momentrove.com, together with related applications and services (collectively, the “Service”). The Service lets event hosts collect event photos from their guests and manage related event features.

How Momentrove works — in brief. Momentrove is a conduit, not a photo host. Guest photos pass through our servers only momentarily, in memory, and are delivered directly into the host’s own connected cloud storage (such as the host’s Google Drive). We never save image files to our own storage. We store only descriptive information about each photo (metadata) in our database, plus contact details such as names and email addresses. This design is reflected throughout this Policy.

Who is responsible for your data. Momentrove is currently operated by Murat Altuntas, an individual based in Istanbul/Türkiye, who acts as the data controller responsible for personal data we hold. You can reach us about any privacy matter at elmuro61@gmail.com. If operations later move to a registered company, we will update this Policy with the new entity’s details.

Roles.For the metadata and contact details a host manages about their guests, the host is typically the controller and Momentrove acts as a processor on their behalf. For account data and our own operation of the Service, Momentrove is the controller. Image files reside in the host’s own cloud storage and are governed by both the host’s choices and that storage provider’s own terms and privacy policy.

2.1 Information you provide

• Account data: name, email address, password (stored only in hashed form), organization or event name, and optional profile details.
• Guest and event details: names, email addresses, and (where applicable) phone numbers of guests that a host adds, plus event names, album names, and join codes.
• Communications: messages you send to support, feedback, and survey responses.
• Payment-related data: billing name and contact details, if you purchase a paid plan. Full card credentials are handled by our payment provider; we do not store full card numbers.

2.2 Photo metadata (not the photos themselves)

We do not store your photos. When a guest uploads a photo, the image is delivered into the host’s connected cloud storage. In our database we retain only descriptive metadata about each photo, which may include:

• the storage provider’s file identifier (e.g., the Google Drive file ID),
• original filename, file type (MIME type), file size, and image dimensions,
• upload status and an approved/visible flag,
• a reference to who uploaded it (the guest-list entry or join code) and a timestamp.

This metadata lets us display and organize an event’s gallery without ever holding the image files.

2.3 Information collected automatically

• Usage data: features used, actions taken, and timestamps.
• Device and technical data: IP address, browser type, operating system, and language settings.
• Cookies and similar technologies: see the “Cookies” section below.

2.4 Photos, faces, and biometric data

Because image files pass through our servers only transiently and are not stored by us, Momentrove does not analyze photo content, does not perform facial recognition, and does not generate or store any biometric identifiers.

Note that photos may contain embedded metadata (EXIF), which can include capture date and, if enabled on the guest’s device, location. Since the file goes directly to the host’s storage, any such embedded data travels with it into the host’s storage; we do not extract or store it.

2.5 Information from third parties

• If you sign in using a third-party identity provider (e.g., Google or Apple), we receive basic profile information you permit.
• When a host connects cloud storage, we receive authorization tokens and limited account information as described in the next section.

To deliver guest photos into a host’s own storage, the host authorizes Momentrove to connect to their cloud storage account using OAuth. We want to be precise about the limits of this access:

• Limited scope:we request the “drive.file” permission scope (or equivalent). This means our app can only see and manage files that the Momentrove app itself creates. We cannot see, access, or search the rest of your Google Drive contents.
• Tokens: we store the access and refresh tokens needed to upload to your storage on your behalf. These are protected with access controls and used only to operate the Service.
• Your control:you can revoke Momentrove’s access at any time through your storage provider’s account settings (for Google, via your Google Account → Security → Third-party access). Revoking access stops further uploads but does not delete files already in your storage.
• Provider terms:your use of the connected storage is also governed by that provider’s own terms and privacy policy. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

We use personal data to:

• Provide the Service: create and manage accounts, route guest photos to the host’s storage, organize and display galleries using metadata, and operate event features.
• Operate and improve: monitor performance, debug, and develop new features.
• Communicate: send service messages, respond to support, and — where permitted — send updates you can opt out of.
• Security and fraud prevention: detect and prevent abuse and unauthorized access.
• Legal compliance: comply with applicable laws and enforce our terms.

We do not sell your personal data, and we do not use photos to train artificial-intelligence models — indeed, we do not retain photos at all.

Where the EU or UK GDPR applies, we rely on: contract (to provide the Service); consent (for marketing, non-essential cookies, and connecting your storage); legitimate interests (to secure, operate, and improve the Service); and legal obligation (to comply with applicable law). You may withdraw consent at any time.

We use cookies and similar technologies to operate the Service, remember preferences, and measure usage. Categories include strictly necessary, functional, and analytics. Where required by law, we request consent before placing non-essential cookies, and you can manage choices through our cookie banner or browser settings.

When a guest views a photo, our server passes the image through from the host’s storage to the viewer and instructs the viewer’s browser to cache it privately for a short period (about one hour). That cache lives only on the viewer’s own device, not on our servers.

We share personal data only as described here: within an event (content and metadata visible to participants according to the host’s settings); with the service providers listed below; with hosts (for their own events); for legal and safety reasons; and in connection with a business transfer. We do not sell personal data or share it for cross-context behavioral advertising.

We rely on the following key processors and infrastructure providers:

When a guest uploads a photo, the image is received by our server only in temporary memory and is immediately streamed to the host’s connected storage. It is not written to disk and is not retained; the temporary copy in memory is discarded once the request completes. Similarly, when a photo is viewed, our server passes the bytes through from the host’s storage to the viewer without saving a copy. This momentary, in-memory handling is necessary to operate the Service and does not constitute storage of your photos by Momentrove.

We and our providers may process data in countries other than your own, including the European Union, the United States, and Türkiye. Where we transfer personal data across borders, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms. You may request a copy using the contact details below.

We keep personal data only as long as necessary for the purposes in this Policy, unless a longer period is required by law.

• Account data: retained while your account is active and for a reasonable period afterward.
• Photo metadata and contact details: retained until you or the host deletes the relevant event/account, subject to short backup cycles.
• Image files:not held by us — they remain in the host’s own storage and are retained or deleted according to the host’s choices and their storage provider’s policies.
• Logs and security data: retained for a limited period for security and troubleshooting.

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. You will not be penalized for exercising these rights.

To exercise them, contact us at elmuro61@gmail.com. We will respond within the timeframe required by law, and you may lodge a complaint with your local data protection authority (in Türkiye, the KVKK authority; in the EU/UK, your national authority).

Photos held in the host’s storage. Because image files live in the host’s own cloud storage, requests to access or delete the actual photos may need to be directed to the host, or fulfilled by the host directly through their storage account. We can delete the corresponding metadata from our database and, where technically possible, assist by removing app-created files we have access to.

U.S. state privacy rights. Residents of certain U.S. states may have rights to know, delete, correct, and opt out of certain processing. We honor recognized opt-out preference signals where required. We do not sell personal data.

The Service is not directed to children under 18 and we do not knowingly collect their personal data. Event photos may incidentally include images of children; hosts are responsible for obtaining any consents required from parents or guardians for content they collect. If you believe a child’s data was provided without proper authorization, contact us so we can take appropriate action.

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls on tokens and database records, and monitoring. Limiting photos to the host’s own storage also reduces the data we hold. No system is completely secure, and we cannot guarantee absolute security. If a breach affects your personal data, we will notify you and the relevant authorities as required by law.

• Marketing: opt out using the unsubscribe link or your settings.
• Cookies: manage preferences via our cookie tools or browser settings.
• Storage connection: disconnect Momentrove from your cloud storage at any time via your provider’s settings.
• Account closure: request deletion of your account at elmuro61@gmail.com.

The Service may link to or integrate third-party services (including your cloud storage provider and identity providers). We are not responsible for their privacy practices, and we encourage you to review their policies.

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, where required, provide additional notice.

• Privacy enquiries: elmuro61@gmail.com
• Operated by: Murat Altuntas, Istanbul/Türkiye