Privacy Policy

Who We Are

Sunslider Albums is operated by Sunslider, a European-built social network. The service is available at albums.sunslider.social. If you have questions about this policy, you can reach us at [email protected].

Data We Collect

We collect only what we need to provide the service:

• •Account information: Your email address, chosen username, and hashed password when you register.
• •Photos you upload: The images you choose to upload are stored on our servers to power the album creation service.
• •Photo metadata (EXIF timestamps): When you upload photos, we temporarily read the capture timestamp embedded in the image file. This timestamp is saved to our database and used by our AI curation system to distribute photo selections across the timeline of your event. EXIF data is stripped from all images we serve publicly — only the timestamp is retained in our database.
• •Usage data: Basic information such as album view counts, which pages you visit, and error logs. We do not use third-party analytics trackers.
• •Payment information: If you purchase album slots, your payment is processed by Stripe. We store a Stripe customer ID and purchase status, but never your card number or payment details.

How We Use Your Data

We use the data we collect for the following purposes:

• •To provide, operate, and maintain the Sunslider Albums service.
• •To run our AI photo curation algorithm, which uses EXIF timestamps and image analysis to select your best photos.
• •To process one-time purchases and manage your album slots via Stripe.
• •To send you account-related emails such as email verification and subscription receipts. We do not send marketing emails without your consent.
• •To detect and prevent abuse, fraud, and security incidents.

EXIF Data & AI Curation

Our AI curation system reads the capture timestamp from your uploaded photos before processing them. This timestamp helps us distribute selected photos across the full timeline of your event — ensuring you get a varied album, not 30 photos from the same five-minute burst.

The EXIF timestamp is stored in our database associated with your photo record. All other EXIF data (GPS location, camera model, etc.) is permanently stripped from your images before they are stored or served. We never read or store GPS location data.

Photo Storage

Your photos are stored on Hetzner servers located in the European Union. We generate three sizes of each image (thumbnail, medium, and original) for display purposes. Original files are retained as long as your album exists.

When you delete an album, all associated photos are permanently deleted from our servers. We do not retain deleted photos in backups beyond our standard 7-day backup rotation.

Published Albums & Sharing

When you publish an album, anyone with the link can view it in their browser. Published albums do not appear in search engines or any public listing — they are accessible only to people with the link. You can unpublish at any time, which immediately makes the album private again.

If you have purchased a 6-Album Pack, you can also enable viewer downloads on individual albums. When enabled, anyone with the album link can download the original-resolution photo files to their device. This is opt-in per album and off by default; you can toggle it off at any time, and the download capability is immediately removed for all subsequent visitors. Photos already downloaded to a viewer's device cannot be revoked.

Because anyone with the link can view (and, if enabled, download) your published album, we recommend sharing only with people you trust, and unpublishing albums you no longer want accessible.

Data Sharing

We do not sell your data. We share limited data with the following service providers, strictly to operate the service:

• •Stripe — payment processing. Stripe is PCI-DSS compliant and handles all card data. See Stripe's privacy policy at stripe.com/privacy.
• •Supabase — authentication and database hosting. Your account data and photo metadata are stored here.
• •Hetzner — server and storage infrastructure. Your photo files are stored on Hetzner servers in the EU.
• •We do not share your data with advertisers, data brokers, or any third party for marketing purposes.

Your Rights

You have the following rights regarding your personal data:

• •Access: You can view the data associated with your account at any time in your account settings.
• •Deletion: You can delete your albums and photos at any time. To delete your entire account and all associated data, contact us at [email protected].
• •Export: If you have purchased a 6-Album Pack, you can download your curated originals from any album at any time.
• •Correction: You can update your username and email address in your account settings.

Cookies

We use cookies for three purposes, each of them small and first-party (set by our own servers, never by third-party tools):

• •Authentication: Keeps you logged in between sessions. Required for the service to work — if cleared, you'll be logged out.
• •Photo likes: Remembers which photos you've liked on albums you've visited, so your likes persist across visits. If cleared, your liked photos will no longer be remembered.
• •Marketing attribution: Set only when you arrive from one of our paid ads (e.g., from a Bing or DuckDuckGo search ad). Records the source, medium, and campaign name (for example, 'bing', 'cpc', 'fr_phototri_v1'), nothing more. This cookie is only used to measure which marketing channels actually bring people to Sunslider, helping us understand what works rather than guessing, and automatically expires after 30 days. If you sign up, the source information is copied to your account record and the cookie is no longer needed. If you don't sign up, the cookie expires and the data is gone.

We do not use third-party analytics tools (Google Analytics, Mixpanel, Plausible, Microsoft Clarity, Facebook Pixel, etc.). We do not use advertising cookies or tracking pixels. We do not profile your behavior across other websites. We do not share cookie data with advertisers or data brokers. Your photos, captions, and album activity are never used as data points or to target ads, on Sunslider or anywhere else.

Data Retention

We retain your account data and photos for as long as your account is active. Your album slots never expire — purchased slots and any albums you have created are preserved indefinitely. If you request account deletion, all your data is permanently removed within 30 days.

Security

We take reasonable measures to protect your data, including HTTPS encryption for all data in transit, hashed passwords (we never store plain-text passwords), Cloudflare WAF protection, server hardening, and SSH key-only access to our infrastructure. No system is 100% secure, and we cannot guarantee absolute security, but we take our responsibility seriously.

Children's Privacy

Sunslider Albums is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, please reach out: