EvePics.eu

Privacy policy

This page describes how EvePics.eu processes data to provide the service. We aim to collect and process only what is necessary. We do not sell user data and we do not use it for advertising profiling.

Global overview

  • Data minimization: we collect only what is needed for the requested functionality.
  • Purpose limitation: we use data only to operate the service (uploads, display, downloads, notifications, support).
  • No resale: we do not sell or rent personal data.

Data we may process (depending on features used)

  • User-provided data: email address (notifications), name/surname (where applicable), and the images you upload (guest photos, and optional selfie for selfie search).
  • Technical data: functional cookies and session identifiers, preferences (selection, UI choices), and technical logs (timestamps and steps/pages) depending on server configuration.
  • Service data: event identifiers and parameters required to provide the service.
  • Derived/processed data: thumbnails/optimized variants for performance, basic metadata (file type, size, capture date if available), and derived elements needed for selfie matching.

Purposes

  • Provide the core service: host, display, and allow retrieval of event photos.
  • Enable selfie-based search (if activated) to improve access to photos.
  • Maintain security and access control (sessions/tokens, abuse prevention).
  • Maintain reliability (diagnostics and incident resolution via logs).
  • Notify users when requested (e.g., when photos are available).

Data sharing

We do not sell, rent, or share user data for commercial purposes. Some processing may involve technical service providers (hosting, email delivery) strictly to operate the service, with restricted access.

Hosting

This service is hosted in Switzerland with Infomaniak. See Infomaniak general and specific conditions here: Infomaniak — General and specific conditions.

Storage & protection

  • Access control: restricted access to systems and data required for operations/support.
  • Transport security: HTTPS is used for data in transit.
  • Input validation: server-side validation and filtering of inputs.
  • Operational logs: used for diagnostics/security while aiming to avoid recording secrets.

Retention & deletion

  • Event photos: kept for the event lifecycle and the configured download period, then deleted at end-of-life.
  • Selfies: used to perform selfie search and then deleted as temporary files; derived matching data is deleted according to the event lifecycle.
  • Cookies/sessions: expire automatically after a limited lifetime.
  • Technical logs: kept for a limited time for debugging/security; our goal is not to keep logs indefinitely.

Contact & deletion requests

You can request deletion of data we still hold by contacting support. Please include the service name, event name/identifier (if known), approximate date, and the exact request (deletion/export/correction).

Support email: support@evepics.eu

Transparency document: Add to Google Photos

This optional feature is user-initiated. It uses Google OAuth 2.0 (consent) and the Google Photos Library API to create an album and add the photos you selected on EvePics.eu into your own Google Photos account.

Data Accessed
  • OAuth authorization code (“code”): returned by Google to our callback URL after consent.
  • OAuth access token: exchanged server-side from the authorization code and used to call Google Photos APIs during the upload.
  • Refresh token: may be returned by Google depending on consent behavior/configuration; this integration does not rely on storing it long-term.
  • Google Photos library: we do not browse or display your existing library. We only create an app-created album and add media to it.
Data Usage
  • Single purpose: connect your Google account, create an album, upload the selected images, and add them to that album.
  • We do not request Google profile scopes (such as userinfo.email or userinfo.profile) for this feature.
  • We do not use Google user data for advertising, profiling, or marketing analytics.
Data Sharing

Google user data is not sold, rented, or shared with third parties. Data transits only between your browser, our servers, and Google as technically required to perform the requested action.

Hosting

Our infrastructure is hosted in Switzerland with Infomaniak. See their general and specific conditions: Infomaniak — General and specific conditions.

Data Storage & Protection
  • Access token: used server-side during the upload operation and not stored in our database for this flow.
  • OAuth state: stored temporarily in session to protect against CSRF.
  • Selected photo identifiers: stored temporarily in session to complete the operation after OAuth callback.
  • Security practices: least privilege, server-to-server API calls, HTTPS transport, and technical logs for diagnostics while aiming to avoid logging secrets.
Data Retention & Deletion
  • OAuth session data (state/selection) is deleted after success or expires with the session.
  • OAuth tokens are not retained long-term for this flow.
  • Once media is added to Google Photos, it is stored in your Google account; you can delete the created album or photos directly in Google Photos.
  • You can request deletion of any data still held by EvePics.eu by contacting support (see above).

Last updated: 30/03/2026