Privacy Policy
Effective Date: April 12, 2026 · Last Updated: April 12, 2026
Capture Share Celebrate (“we,” “us,” or “our”) operates the website located at capturesharecelebrate.com (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit or use our Platform. We are based in California, United States, and comply with the California Consumer Privacy Act (CCPA) and other applicable privacy laws.
By using our Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Platform.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information. When you create an account, we collect your name, email address, and (if you choose credential login) a password, which is stored in hashed form. If you sign in with Google, we receive your name, email, and profile photo from Google.
- Order & Event Details. When you purchase a product, we collect your name, email, event name, event date, venue, design preferences (style, color scheme, additional text), and payment-related identifiers.
- Photo Uploads. Guests who upload photos to an event gallery may optionally provide their name. The photos themselves are stored with our photo hosting provider (SmugMug).
- Assets for AI Generation. If you use our poster or postcard design feature, you may upload event photos, monograms, logos, or style-reference images. These are used as inputs for AI image generation.
- Planner & Client Information. Event planners who subscribe to our professional tier provide business name, brand color, and logo. Planners may also add client names and email addresses for event management.
1.2 Information Collected Automatically
- Session Data. We use JSON Web Tokens (JWTs) stored in cookies to maintain your authenticated session. These contain your user ID, role, name, and email.
- Server Logs. Our hosting provider may automatically log standard request information such as IP address, browser type, referring URL, and timestamps.
1.3 Information We Do Not Collect
We do not use third-party analytics cookies, tracking pixels, or behavioral advertising tools. We do not sell or share your personal information for cross-context behavioral advertising.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account, authenticate sessions, and authorize access to features.
- Process orders, provision event galleries, generate QR codes, and deliver purchased products.
- Generate AI-powered poster and postcard designs using your event details, design preferences, and uploaded assets.
- Send transactional emails such as order confirmations and gallery access links.
- Process payments and manage subscriptions through our payment processor.
- Manage planner-client relationships, including white-labeled gallery delivery on behalf of planners.
- Maintain, improve, and secure the Platform, including detecting and preventing fraud.
- Comply with legal obligations and enforce our terms.
3. Third-Party Service Providers
We share your information with the following categories of service providers, solely to operate the Platform. These providers are contractually obligated to protect your data.
3.1 Payment Processing — Stripe
We use Stripe, Inc. to process all payments. When you make a purchase or subscribe, Stripe collects your payment card details directly. We never store your full card number. Stripe may receive your name, email, order metadata, and transaction amount. See Stripe’s Privacy Policy.
3.2 Photo Hosting — SmugMug
Event gallery photos, uploaded assets, and AI-generated images are stored on SmugMug, Inc. servers and delivered via their content delivery network. SmugMug stores your image files and associated metadata. See SmugMug’s Privacy Policy.
3.3 AI Image Generation
When you generate poster or postcard designs, your event details (name, date, venue, style preferences, and descriptive text) and any uploaded asset images are sent to one or more of the following AI providers for image generation:
- Google (Imagen, Gemini) — Google Privacy Policy
- Anthropic (Claude) — Used to expand design theme keywords into visual descriptions. Anthropic Privacy Policy
- OpenAI — OpenAI Privacy Policy
- fal.ai — fal.ai Privacy Policy
These providers process data solely to generate images in response to your requests. We do not send customer PII (such as email addresses) to AI providers, though event names or venue details you supply may be personally identifiable.
3.4 Email Delivery — Resend
We use Resend to deliver transactional emails (order confirmations, gallery links). Resend processes your email address, name, and the content of the email. See Resend’s Privacy Policy.
3.5 Authentication — Google OAuth
If you sign in with Google, we receive your name, email, and profile image via Google OAuth 2.0. We do not receive your Google password. See Google’s Privacy Policy.
3.6 Database Hosting — Neon
Your account, order, gallery, and transaction data is stored in a PostgreSQL database hosted by Neon, Inc. See Neon’s Privacy Policy.
3.7 Hosting — Vercel
The Platform is hosted on Vercel, Inc., which may process server logs containing IP addresses and request metadata. See Vercel’s Privacy Policy.
4. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the services you requested. Order records and associated gallery data are retained to allow continued access to your event galleries. AI generation history (prompts and thumbnails) is retained for quality and support purposes and may be cleared by administrators.
If you request account deletion, we will delete or anonymize your personal data within 45 days, except where retention is required by law (e.g., financial transaction records).
5. Data Security
We implement commercially reasonable security measures to protect your information, including:
- Passwords are hashed using bcrypt before storage; we never store plaintext passwords.
- Gallery passwords (when set) are stored in hashed form.
- All data in transit is encrypted using TLS/HTTPS.
- Authentication tokens are JWT-based, signed with a secure secret.
- Access to administrative functions is restricted to designated administrator accounts.
- Payment card data is handled entirely by Stripe and never touches our servers.
No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
6. Your Privacy Rights Under California Law (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
6.1 Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
6.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., completing a transaction, legal compliance, security).
6.3 Right to Correct
You have the right to request correction of inaccurate personal information we maintain about you.
6.4 Right to Opt-Out of Sale/Sharing
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out. If this practice ever changes, we will provide a “Do Not Sell or Share My Personal Information” link.
6.5 Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights.
6.6 How to Exercise Your Rights
To exercise any of these rights, please contact us at capturesharecelebrate@gmail.com. We will verify your identity before processing your request and respond within 45 days.
7. Categories of Personal Information Collected (CCPA Disclosure)
| Category | Examples | Sold? |
|---|---|---|
| Identifiers | Name, email address, account ID, IP address | No |
| Commercial Information | Purchase history, order details, subscription status, credits purchased | No |
| Internet / Network Activity | Server logs (IP, browser type, timestamps) | No |
| Audio, Visual, or Similar | Photos uploaded to galleries, asset images for AI generation, profile photos | No |
| Professional Information | Business name, brand details (planner tier only) | No |
8. Children’s Privacy
The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at capturesharecelebrate@gmail.com.
9. Third-Party Links
The Platform may contain links to third-party websites (e.g., SmugMug gallery pages, Stripe checkout). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
10. International Users
The Platform is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Platform, you consent to this transfer.
11. Cookies & Similar Technologies
We use only essential cookies required for the Platform to function. For detailed information about our cookie practices, please see our Cookie Notice.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
Capture Share Celebrate
Email: capturesharecelebrate@gmail.com
Location: California, United States