Privacy Policy
1. Who We Are
ShowUpShot ("we", "us", "our") operates the ShowUpShot event badge generation platform available at showupshot.com. This Privacy Policy explains how we collect, use, and protect personal data when you use our Service.
2. Data We Collect
We collect the following categories of personal data:
- Account data: email address, name, and hashed password when you register as an organiser
- Attendee photos: portrait images uploaded by attendees during badge generation — these are processed transiently and not permanently stored beyond the event window
- Usage data: page views, badge generation events, device fingerprints (hashed), and IP addresses for analytics and anti-abuse purposes
- Billing data: subscription plan and billing history — payment card details are handled by our payment processor and never stored on our servers
- Communications: emails you send us and any support correspondence
3. How We Use Your Data
We use personal data to:
- Provide and operate the Service — account management, event hosting, badge generation
- Process subscription payments and send billing confirmations
- Display analytics dashboards to event organisers (page views, badge counts, etc.)
- Detect and prevent abuse, duplicate badge generation, and unauthorised access
- Send transactional emails (account confirmation, password reset, subscription notices)
- Improve the Service through aggregated, anonymised usage analysis
4. Legal Basis for Processing
We process personal data on the following legal bases under applicable data protection law:
- Contract performance: processing necessary to provide the Service you signed up for
- Legitimate interests: fraud prevention, security, and improving the Service
- Consent: where we ask for your explicit consent (e.g. marketing communications)
- Legal obligation: retaining billing records as required by law
5. Data Sharing
We do not sell your personal data. We share data only with:
- Hosting and infrastructure providers who store and serve the application on our behalf
- Payment processors who handle card transactions under their own privacy policies
- Email delivery services used to send transactional emails
- Law enforcement or regulatory bodies where required by applicable law
All third-party processors are contractually bound to process data only for the purposes we specify.
6. Attendee Photos
Photos uploaded by event attendees are used solely to composite the personalised badge image. The generated badge is made available for the attendee to download. We do not use attendee photos for any other purpose, share them with third parties, or retain them beyond what is technically necessary to operate the event.
7. Cookies and Tracking
We use the following cookies and similar technologies:
- Authentication cookie: keeps organisers logged in (30-day sliding expiry)
- Session cookie: temporary, deleted when you close your browser
- Device fingerprint hash: a one-way hash stored server-side to detect duplicate badge generation — no tracking cookie is placed on attendee devices
We do not use third-party advertising cookies or cross-site tracking.
8. Data Retention
We retain personal data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain billing records for legal compliance purposes (typically 7 years). Anonymised, aggregated analytics data may be retained indefinitely.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you
- Rectification: correct inaccurate or incomplete data
- Erasure: request deletion of your data ("right to be forgotten")
- Portability: receive your data in a machine-readable format
- Objection: object to processing based on legitimate interests
- Restriction: request we limit how we use your data
- Withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at hello@showupshot.com. We will respond within 30 days.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), hashed passwords, and rate limiting on all public endpoints. No method of transmission over the internet is 100% secure, however, and we cannot guarantee absolute security.
11. International Transfers
Your data may be processed in countries outside your own. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection law.
12. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on the Service. Continued use after the effective date of changes constitutes acceptance of the updated Policy.
14. Contact
For privacy-related questions, requests, or complaints, contact us at hello@showupshot.com.