Privacy & Cookie Policy

Last updated: 2 June 2026

This policy explains what personal data we collect when you use aishareit, why we collect it, and the choices you have. We've written it in plain language so it's easy to follow. aishareit is currently an invite-only private beta, so some features and integrations described here are being rolled out gradually.

1. Who we are (data controller)

aishareit is an event photo-sharing service operated from Romania (domain aishare.it). The data controller responsible for your personal data is:

• Legal entity: FINTOPIA SRL
• Registered address: [registered address]
• Company registration no.: [company registration no.]
• Contact for privacy matters: our contact page (aishare.it/contact)

The registered address and registration number above will be completed before general launch. If anything changes, we'll update this page.

2. What data we collect

Depending on how you use the service, we may collect:

• Business & contact data — when a venue, planner, or photographer applies to the beta or creates an account: name, business name, email, phone, and any details you share with us.
• Event host data — account and event settings created by hosts who run an event.
• Photos uploaded by hosts and guests — images uploaded at an event, plus basic technical details that come with them (such as file type and time of upload).
• Guest uploads — when a guest scans the QR code and uploads a photo, we process that photo and minimal technical data. Guests don't need an account.
• Usage & device data — how the site and gallery are used, browser and device type, approximate location derived from IP, and similar diagnostic information.
• Cookies & similar technologies — see the Cookies section below.

3. How we use your data and our legal bases

We use your data to provide and improve the service, and we rely on these GDPR Article 6 legal bases:

• Contract (Art. 6(1)(b)) — to create and manage accounts, run events, process photos, and provide the service to businesses we work with.
• Consent (Art. 6(1)(a)) — for analytics and marketing cookies, optional communications, and any non-essential processing. You can withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)) — to keep the service secure, prevent abuse, understand aggregate usage, and develop new features, balanced against your rights.
• Legal obligation (Art. 6(1)(c)) — to meet accounting, tax, and other legal requirements.

4. Photos and AI processing

The core of aishareit is turning event photos into art. When a host or guest uploads a photo, our service processes it with AI to generate stylized versions and comic-story collages, which are then shown in the event's live shared gallery.

To generate these images, we may use trusted third-party AI processors. We share only what's needed to produce the result, under appropriate data-processing terms. Photos may show identifiable people; please read the host responsibilities in our Terms of Service and the consent points in section 9 below.

5. Cookies and similar technologies

We group cookies into three categories:

• Strictly necessary — keep the site secure and working (session, security, language, your consent choice). Always on.
• Analytics & product insights — help us understand usage and improve the product; may include session-recording / product-analytics tools. Loaded only after you consent.
• Marketing & advertising — used to measure and personalize ads, including Google Ads and remarketing. Loaded only after you consent.

Analytics and marketing tools load only after you give consent. We use Google Consent Mode v2, so Google tags respect your choice. You can review or change your settings anytime via the "Manage cookie preferences" control on this page and in the site footer.

6. Third parties and processors

We work with carefully chosen providers who process data on our behalf under data-processing agreements. These include:

• Stripe — payment processing and billing (in RON).
• Supabase — hosting, database, and storage of application data.
• Google — Google Ads and Google Consent Mode for advertising and measurement (marketing).
• Session-recording / product-analytics providers — e.g. a Smartlook-type tool to understand product usage.
• Third-party AI processors — to generate the stylized images and collages described in section 4.

Some of these are already in use; others are planned and, where they involve analytics or marketing, are activated only with your consent.

7. International data transfers

Some of our providers (for example, Google and other US-based services) may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with additional measures where needed, so your data stays protected to EU standards.

8. Data retention

We keep personal data only as long as necessary for the purposes described here:

• Account and business data — for as long as your account is active and as needed afterwards to meet legal obligations.
• Event photos and AI-generated images — for the duration of the event and the retention period set for that event or account, after which they are deleted or anonymized.
• Analytics and marketing data — for limited periods according to each tool's settings and your consent.

When data is no longer needed, we delete it or anonymize it. Specific retention periods will be confirmed as the service exits beta.

9. Your GDPR rights

If you are in the EU/EEA, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten") where applicable.
• Restrict or object to certain processing.
• Data portability — receive your data in a portable format.
• Withdraw consent at any time, without affecting processing already carried out.

Guests whose photos were uploaded by a host can also contact us to exercise these rights. To make a request, use our contact page (aishare.it/contact). You also have the right to lodge a complaint with the Romanian Data Protection Authority — ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal), www.dataprotection.ro.

10. Children

aishareit is a business service and is not directed to children. We do not knowingly collect personal data from children. If you believe a child's data has reached us — for example, in an uploaded photo — please reach us via our contact page (aishare.it/contact) and we will take appropriate steps.

11. Security

We use technical and organizational measures to protect your data, including encryption in transit, access controls, and trusted infrastructure providers. No online service can be guaranteed to be completely secure, but we work to protect your data and to keep our safeguards up to date.

12. Changes to this policy and contact

We may update this policy as the service develops or as legal requirements change. When we do, we'll revise the "Last updated" date above and, for significant changes, provide a clearer notice.

Questions about this policy or your data? Reach us through our contact page (aishare.it/contact).