Skip to main content

Legal

Privacy policy

This policy explains how Stigmi (“we”, “us”) processes personal data when you use stigmi.cy, including host accounts, guest uploads, and event galleries. It is designed to be transparent and practical—not a substitute for legal advice for your organization.

Last updated: 2026-05-08

Who is responsible for your data

For personal data related to the Service, the data controller is the operator of Stigmi as made available at stigmi.cy. For privacy requests you can reach us through WhatsApp using the contact options published on the site.

Scope

This policy applies to the website and web application at stigmi.cy and related host tools. Third-party sites that we link to (for example payment pages hosted by Stripe) are governed by their own policies.

Data we process

Account and identity data when hosts sign in (for example name, email, and identifiers processed by our authentication provider).

Event and gallery data you provide (such as event titles, dates, configuration choices, and uploaded images or videos).

Technical and security data such as IP address, device and browser signals, timestamps, and diagnostics needed to run and protect the Service.

Payment-related metadata when you purchase Host Access (handled by Stripe; we do not store full payment card numbers on our servers).

Messages you send us for support.

How we use personal data

To provide the Service: authenticate hosts, route guest uploads to the correct event, display galleries and slideshows, and operate QR and link flows.

To secure the Service: detect abuse, fraud, and technical failures.

To bill and administer purchases.

To communicate with you about the Service, including support responses.

To comply with law and enforce our terms.

Legal bases (EEA/UK)

Where GDPR applies, we rely on: performance of a contract with you (providing the Service you request); legitimate interests (security, product improvement, and proportionate analytics), balanced against your rights; legal obligations; and consent where required (for example for certain cookies or marketing, if we ever use them in ways that require consent).

Sharing and subprocessors

We use trusted infrastructure and service providers (“subprocessors”) to run stigmi.cy. Categories typically include: hosting and deployment (for example Vercel), authentication (for example Clerk), payments (Stripe), and communications tools where applicable.

We share data with subprocessors only as needed to provide the Service and under appropriate contractual safeguards. We do not sell your personal data.

Retention

We keep personal data only as long as needed for the purposes above and as required by law. Gallery media and event records may remain associated with your host account so you can manage past events; when you delete content or your account, we work to remove or anonymize it within a reasonable period, subject to backups and legal holds.

Host access windows and billing metadata follow the rules described on our pricing page for each paid event.

Security

We use administrative, technical, and organizational measures appropriate to the nature of the Service, including encryption in transit where standard for web apps and access controls for host features. No online service is perfectly secure; you should use strong passwords and protect shared links.

Your rights

Depending on your location, you may have rights to access, rectify, delete, or export personal data, to restrict or object to certain processing, and to withdraw consent where processing is consent-based. You may also lodge a complaint with your local supervisory authority.

To exercise rights, contact us via WhatsApp. We may need to verify your request.

International transfers

Your data may be processed in the European Economic Area and in other countries where our subprocessors operate. Where data leaves the EEA, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms as required by GDPR.

Children

The Service is not directed at children for independent sign-up. Photos from events may include minors; hosts are responsible for obtaining appropriate permissions for sharing in line with their event context.

Updates

We may update this policy and will adjust the “Last updated” date. Material changes may be highlighted on the site where practical.

For data-protection requests, contact us on WhatsApp.

All policiesBack to home
PricingLegal
enel
enel