Privacy Policy

Last updated: May 2026

1. Who We Are

Highlite Venue is a collaborative photo and video sharing platform for events. The data controller is Highlite Venue. Privacy questions: [email protected]

2. Data We Collect

Account data: username, email, name, phone number, profile picture.
Content: photos and videos uploaded to moments.
Usage data: moments created or joined, timestamps, device type.
Payment data: subscription and purchase history (processed by RevenueCat — we do not store card details).
Anonymous participation: joining via QR code stores a session identifier and timestamp only.

3. How We Use Your Data

To provide and operate the Highlite Venue service.
To send account verification and transactional notifications (email and SMS).
To send push notifications about your moments (opt out in device settings).
To process payments and manage subscription entitlements.
To enforce our data retention policy and moment lifecycle.

We do not sell your personal data. We do not use your data for advertising profiling.

4. Data Retention

Your data is retained as long as your account is active. Moments follow this lifecycle:

Free tier

Moments and all media are permanently deleted 60 days after creation. No recovery is possible.

Creator & Business tier

Active for 12 months → 12-month cold storage (downloadable for a fee) → permanently deleted at 24 months. On cancellation, a 60-day grace period applies.

⚠ Permanent deletion means no recovery is possible under any circumstances.

Upon account deletion, all personal data and content is erased within 30 days.

5. Third-Party Processors

Processor	Purpose	Data shared
Twilio	SMS verification	Phone number
Firebase / Google Cloud	Push notifications, social login	Device push token, Google account ID
RevenueCat	In-app purchases & subscriptions	User ID, purchase history

Each processor operates under a Data Processing Agreement and is contractually required to protect your data in accordance with GDPR.

6. Cookies & Local Storage

We use browser local storage to keep you logged in (authentication tokens) — strictly necessary to provide the service. We do not use third-party tracking or advertising cookies.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

Access — export all your data (Settings → Download My Data).
Rectification — update your profile in Settings at any time.
Erasure — delete your account and all data (Settings → Delete Account).
Data portability — export as JSON (Settings → Download My Data).
Objection / restriction — contact [email protected].
Lodge a complaint — contact your local supervisory authority.

8. Children

Highlite Venue is not directed at children under 16. If you believe a child has created an account, contact [email protected] and we will delete it promptly.

9. Security

All data in transit is protected by HTTPS. Passwords are hashed. Media files are stored on encrypted S3-compatible object storage. JWT-based authentication uses short-lived access tokens.

10. Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours. Affected users will be notified without undue delay where the breach is likely to result in a high risk to their rights.

11. Contact

Questions? [email protected]