DATA PRIVACY. BUILT-IN. CCPA + GDPR.
AI photo booth data privacy is built in — not bolted on. CCPA + GDPR compliant by default, all data processed on EU/Germany servers, no third-party tracking pixels, no data resale, ever.
THE
SHORT VERSION.
When an AI Photo Booth processes guest selfies for portrait generation, the question isn't 'is data being collected' — it's 'how is it handled, where is it stored, and who has access.' Here's the full transparency breakdown.
FULL
BREAKDOWN.
Is the AI photo booth CCPA-compliant?
Yes. CCPA compliance is built into every guest interaction. Opt-in is required before any personal data (email, phone) is collected. Data subject access requests (DSAR) are honored within statutory timelines. No data resale, no third-party ad-tech, no tracking pixels.
Is the AI photo booth GDPR-compliant?
Yes. All data is processed on EU servers in Germany. Explicit consent flow, right-to-erasure (data deletion on request), data portability (full data export as CSV). Full DPA (Data Processing Agreement) available.
What happens to the selfie photos guests take?
Selfies are used only to generate the AI portrait. They are stored encrypted for the duration of the event gallery (30 days), then auto-deleted. Selfies are never shared, never sold, never used to train external AI models.
What guest data is collected?
Only what guests explicitly opt in to provide: email (for receiving their portrait), phone (optional), and any custom fields the event configures (e.g., 'donor level' for a gala). No tracking, no fingerprinting, no behavioral profiling.
Where is data stored?
All data on EU servers in Germany (Hetzner data centers). Backup encrypted at rest. No data crosses to US-based servers without explicit Schrems II-compatible safeguards.
Can event organizers see and export guest data?
Yes — that's the lead-capture flow. Event organizers receive a CSV export of all opted-in guests, with email, phone, and any custom fields. Full audit log of when data was accessed or exported.
How long is data retained?
Event gallery: 30 days post-event, then auto-deleted. Lead-capture data: retained until the event organizer requests deletion or the contract retention period ends. Selfies: deleted along with the event gallery.