Privacy Policy

Who We Are

Sunslider Albums is operated by Sunslider, a European-built social network. The service is available at albums.sunslider.social. If you have questions about this policy, you can reach us at [email protected].

Data We Collect

We collect only what we need to provide the service:

• •Account information: Your email address, chosen username, and hashed password when you register.
• •Photos you upload: The images you choose to upload are stored on our servers to power the album creation service.
• •Photo metadata (EXIF timestamps): When you upload photos, we temporarily read the capture timestamp embedded in the image file. This timestamp is saved to our database and used by our AI curation system to distribute photo selections across the timeline of your event. EXIF data is stripped from all images we serve publicly — only the timestamp is retained in our database.
• •Usage data: Basic information such as album view counts, which pages you visit, and error logs. We do not use third-party analytics trackers.
• •Payment information: If you purchase album slots, your payment is processed by Stripe. We store a Stripe customer ID and purchase status, but never your card number or payment details.

How We Use Your Data

We use the data we collect for the following purposes:

• •To provide, operate, and maintain the Sunslider Albums service.
• •To run our AI photo curation algorithm, which uses EXIF timestamps and image analysis to select your best photos.
• •To process one-time purchases and manage your album slots via Stripe.
• •To send you account-related emails such as email verification and subscription receipts. We do not send marketing emails without your consent.
• •To detect and prevent abuse, fraud, and security incidents.

EXIF Data & AI Curation

Our AI curation system reads the capture timestamp from your uploaded photos before processing them. This timestamp helps us distribute selected photos across the full timeline of your event — ensuring you get a varied album, not 30 photos from the same five-minute burst.

The EXIF timestamp is stored in our database associated with your photo record. All other EXIF data (GPS location, camera model, etc.) is permanently stripped from your images before they are stored or served. We never read or store GPS location data.

Photo Storage

Your photos are stored on Hetzner servers located in the European Union. We generate three sizes of each image (thumbnail, medium, and original) for display purposes. Original files are retained as long as your album exists.

When you delete an album, all associated photos are permanently deleted from our servers. We do not retain deleted photos in backups beyond our standard 7-day backup rotation.

Data Sharing

We do not sell your data. We share limited data with the following service providers, strictly to operate the service:

• •Stripe — payment processing. Stripe is PCI-DSS compliant and handles all card data. See Stripe's privacy policy at stripe.com/privacy.
• •Supabase — authentication and database hosting. Your account data and photo metadata are stored here.
• •Hetzner — server and storage infrastructure. Your photo files are stored on Hetzner servers in the EU.
• •We do not share your data with advertisers, data brokers, or any third party for marketing purposes.

Your Rights

You have the following rights regarding your personal data:

• •Access: You can view the data associated with your account at any time in your account settings.
• •Deletion: You can delete your albums and photos at any time. To delete your entire account and all associated data, contact us at [email protected].
• •Export: You can download your photos from any album at any time.
• •Correction: You can update your username and email address in your account settings.

Cookies

We use cookies for two purposes: authentication (to keep you logged in between sessions) and remembering your interactions with albums you visit (specifically, which photos you have liked, so your likes persist across visits). We do not use advertising cookies or tracking pixels. If you clear your cookies, you will be logged out and your liked photos will no longer be remembered.

Data Retention

We retain your account data and photos for as long as your account is active. Your album slots never expire — purchased slots and any albums you have created are preserved indefinitely. If you request account deletion, all your data is permanently removed within 30 days.

Security

We take reasonable measures to protect your data, including HTTPS encryption for all data in transit, hashed passwords (we never store plain-text passwords), Cloudflare WAF protection, server hardening, and SSH key-only access to our infrastructure. No system is 100% secure, and we cannot guarantee absolute security, but we take our responsibility seriously.

Children's Privacy

Sunslider Albums is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, please reach out: