Selfish Software Ltd. - Privacy Policy

Last updated: July 18, 2025

This policy provides specific information about how Selfish Software Ltd. ("we") processes biometric data when you use our facial recognition feature. This policy is part of our main Terms of Service and Privacy Policy.

1. INTRODUCTION

Selfish Software Ltd. ("Selfish," "we") is committed to protecting your privacy. This Privacy Policy describes our practices for collecting, using, and disclosing personal data when you use our Service and the choices you have associated with that data.

A. ROLES UNDER GDPR

  • When an Event Host uploads photos, they are the Data Controller. They decide the purpose and means of processing personal data.
  • Selfish is the Data Processor, processing this data on behalf of and upon the instructions of the Event Host. Our relationship is governed by our Data Processing Agreement (DPA).
  • When a Guest uploads a selfie, they are providing explicit consent for Selfish to process that specific piece of biometric data for a single purpose.

    • 2. INFORMATION WE PROCESS

    Data Processed on Behalf of Event Hosts (as a Processor):

  • User Content: Event photos and videos that may contain images of identifiable individuals.
  • Biometric Index Data: A secure index of biometric identifiers (faceprints) created from the User Content to enable photo matching.

    • Data We Collect for Our Own Purposes (as a Controller):

  • Event Host Account Data: Name, email, and payment information.
  • Guest Biometric Data (transient): A Guest's selfie, which is used for a one-time search and immediately deleted.
  • Usage Data: IP address, browser type, and interaction data with our Service.
  • Cookies: We use necessary and analytical cookies to operate our Service.

    • 3. HOW AND WHY WE USE YOUR INFORMATION

    To provide our core Service

  • User Content, Biometric Index Data, Guest Selfie
  • For User Content & Biometric Index: Processing is necessary for the performance of our contract with the Event Host (our Processor role).
  • For Guest Selfies: Explicit Consent from the Guest.

    • To manage Event Host accounts and process payments

  • Event Host Account Data
  • Performance of a Contract.

    • To improve and secure our Service

  • Usage Data, Cookies
  • Legitimate Interests.

    • To communicate with users

  • Event Host Account Data
  • Legitimate Interests.

    • 4. DATA SHARING AND DISCLOSURE

    We do not sell personal data. We only share data as follows:

  • With our essential Sub-Processor, Amazon Web Services (AWS), for cloud hosting, data storage, and our main processing.
  • As required by law or to respond to a legal process.
  • As instructed by the Event Host (the Data Controller).

    • 5. DATA RETENTION AND DESTRUCTION

  • Guest Selfies (Biometric Data): IMMEDIATELY and PERMANENTLY DELETED after being used for the one-time matching process.
  • Biometric Index Data (from event photos): Retained for the duration of the event's active period (up to one year, as determined by the Event Host), and is then permanently destroyed along with the event photos.
  • User Content (Event Photos): Retained for up to one year as determined by the Event Host, then permanently deleted.
  • Event Host Account Data: Retained for the duration of the account's active status.

    • 6. YOUR DATA PROTECTION RIGHTS (GDPR & CCPA)

    You have rights concerning your personal data, subject to your local laws. These include:

  • Right to Access, Correct, or Delete: You can request to access, correct, or delete your personal data.
  • Right to Opt-Out (CCPA): We do not "sell" or "share" your personal information for cross-context behavioral advertising.
  • Right to Object and Restrict Processing: You can object to or request the restriction of processing under certain conditions.
  • Data Portability: You can request your data in a portable format.

    • Exercising Your Rights:

  • Guests: To exercise rights over your image in event photos and the associated stored biometric data, you must contact the Event Host who is the Data Controller. For rights related to your selfie, this data is deleted immediately, so retention-based rights like access or deletion are moot.
  • Event Hosts: You can exercise your rights by contacting us at info@selfish-events.com.

    • 7. SECURITY

    We implement robust technical and organizational measures, leveraging the security infrastructure of AWS, to protect all data we process.

    8. CALIFORNIA RESIDENTS (CCPA NOTICE)

  • Categories of PI Collected: As listed in Section 2, this includes Identifiers, Biometric Information, and Internet Activity.
  • Purposes: For the business purposes detailed in Section 3.
  • Your Rights: You have the right to know, delete, and correct your personal information. We do not sell or share your PI. To exercise your rights, please contact us.

    • 9. CONTACT US

    For any privacy-related questions, please contact info@selfish-events.com.

    Go back to the homepage