OurMemory ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our photo-sharing platform.

This policy describes our practices with reference to the Israeli Privacy Protection Law (PPL) 1981 including Amendment 13 (2025), and to common international frameworks such as the GDPR, where relevant. It is not a legal opinion on compliance.

1. Data Controller

OurMemory

For privacy inquiries and data subject requests, use our Privacy Request portal.

For photo-specific privacy concerns, use our photo removal request page.

2. What Data We Collect

Photos and Videos

Photos and videos you upload to event galleries
EXIF metadata embedded in photos (camera model, timestamp)
Thumbnails and optimized versions we create for web display

Biometric Data (Face Recognition)

⚠️ Especially Sensitive Data (Israeli Amendment 13)

Photos: Full event photos and videos you upload are stored in our object storage (see below) so they can be shown in galleries. Face matching: We also derive and store numerical face descriptors (vectors), face IDs, and bounding boxes in our database for recognition features. Descriptors are not the same as storing a separate portrait photo solely for biometric enrollment, but your images may visibly depict people.

Facial descriptors (128-dimensional vectors from face detection AI)
Face bounding box coordinates in photos
Face IDs that link photos of the same person

Face recognition requires your explicit consent. You can opt out at any time and delete all your facial data from your account settings.

Account Information

Name and email address
Password (stored as encrypted hash—we never see your actual password)
Event names, dates, and settings you configure
Account preferences (language, notification settings)

Usage Data

Device information (browser type, operating system, device model)
IP address and approximate geographic location
Pages visited and features used within the Service
Upload and download activity
Error logs and performance metrics

Cookies and Tracking

Session cookies for authentication
Preference cookies (language selection, theme)
Analytics cookies (optional – you can decline these)
Error monitoring via Sentry, which may include session replay (optional – you can decline this)

Location (EXIF GPS)

Photos sometimes contain embedded GPS coordinates in their EXIF data. We attempt to strip EXIF from image files before storage and only keep non-sensitive fields we extract (capture time, camera model) in our database. If stripping fails for a particular file, embedded metadata may remain in the stored object.

Photos of Other People

When you upload photos to an event gallery, those photos may include other individuals who did not upload them. Event guests who appear in a photo without their consent may request removal via our photo removal page.

3. Why We Collect It (Legal Basis)

We process your data based on the following legal grounds:

1. Consent

You explicitly agree to AI face recognition and photo processing

2. Contract

Processing necessary to provide our photo-sharing service

3. Legitimate Interest

Fraud prevention, service improvement, and security monitoring

4. Legal Obligation

Compliance with Israeli law, tax reporting, and data breach notification

4. How We Use Your Data

Display photos in event galleries to authorized attendees
Organize photos by person using AI face matching
Send email notifications about photo uploads and event activity
Analyze usage patterns to improve our service
Prevent fraud, abuse, and security threats
Provide customer support and respond to your inquiries
Comply with legal obligations and enforce our Terms of Service

We NEVER:

Sell your data to third parties
Share your data with advertisers
Use your photos for marketing without explicit permission
Train AI models on your photos without consent

5. Who We Share Your Data With

Event Attendees

Photos uploaded to an event gallery are visible to all guests who have access to that event. This is the core purpose of the Service.

Service Providers (Sub-processors)

We share data with trusted third-party providers who help us operate the Service:

Cloudflare R2 – Photo storage and S3-compatible object delivery (encrypted in transit and at rest)
Vercel – Hosting and serverless compute (EU/US regions)
Neon / Vercel Postgres – Database hosting (encrypted, access-controlled)
Stripe – Payment processing (PCI DSS Level 1 compliant; we never store card numbers)
Resend – Transactional email (password resets, notifications)
Sentry – Error monitoring and session replay for debugging (see Section 10 for opt-out)

Production deployment

The live (production) OurMemory service stores application data in Neon (PostgreSQL), media files in Cloudflare R2, and runs on Vercel. Development and test environments may use other databases or storage (for example SQLite or alternate providers); only the production configuration processes live customer data as described here.

Legal Requirements

We may disclose your data if required by law, such as:

In response to court orders or legal processes
To comply with Israeli law enforcement requests
To protect our rights, property, or safety
To prevent illegal activity or violations of our Terms

Business Transfers

If OurMemory is acquired or merged with another company, your data may be transferred to the new owner. We will notify you via email before any such transfer.

6. Data Retention

Photos, videos, and event data

Content for an event remains until the event (or your account) is removed according to our product flows and database rules. Subscription tier affects usage limits and features—not a separate automatic deletion schedule unless we explicitly implement and disclose it.

When an event is deleted, we use a soft delete followed by permanent removal after a grace period controlled by our configuration (default 30 days, adjustable via DELETED_EVENT_RETENTION_DAYS). A scheduled job removes expired events and associated storage objects.

Face descriptors

Facial descriptors are automatically deleted on a daily cleanup schedule, and may be deleted sooner when you withdraw consent, delete face data, or when events and related records are removed.

Account data

When you request account deletion through the Service, we process it according to our account deletion endpoint (typically in one step, without a multi-day grace period unless we state otherwise in the product).

Provider backups

Hosting and database providers (for example Neon, Cloudflare, Vercel) may retain backups for their own disaster recovery. Retention follows their policies and is not fully under our control.

7. Your Rights (PPL & GDPR)

Under Israeli and EU law, you have the following rights:

Right to Access

Download all your data via the "Download My Data" button in your account settings

Right to Correction

Edit your profile, event settings, and delete individual photos anytime

Right to Deletion (Right to be Forgotten)

Delete your account and all data via the "Delete Account" button

Right to Object

Disable face recognition and delete all facial descriptors from your account settings

Right to Data Portability

Export your data in machine-readable format (JSON)

Right to Withdraw Consent

Revoke biometric consent anytime—we'll delete all your face data immediately

To exercise your rights, visit your Privacy Settings, use our Privacy Request portal. We aim to respond without undue delay.

8. Security Measures

We implement industry-standard security measures to protect your data:

Encryption and storage

Face descriptors are stored in our PostgreSQL database (Neon in production); we do not apply a separate application-layer encryption scheme to descriptor fields. Infrastructure encryption depends on our providers’ settings.
Database connections use TLS encryption
Passwords hashed with bcrypt (never stored in plain text)
Photos delivered over HTTPS; Cloudflare R2 provides object storage with encryption

Access Controls

Role-based access control (RBAC) for admin accounts
Two-factor authentication available for admin accounts

Ongoing security practices

Dependency updates and reasonable operational safeguards
We may run automated vulnerability scanning tooling from time to time

Note: No security system is 100% secure. While we implement best practices, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

9. International Data Transfers

In production, personal data is processed using infrastructure outside Israel, including Cloudflare R2 (object storage), Neon (PostgreSQL regions as configured for our project), and Vercel (compute, regions as configured). Development setups may differ.

Safeguards

Vendor security and contractual protections offered by these providers
Where applicable, Standard Contractual Clauses (SCCs) or similar mechanisms
Encryption in transit; at-rest encryption per provider capabilities

Adequacy Decision: Israel has an adequacy decision from the EU, meaning Israeli law provides adequate data protection for EU citizens. Data transfers between Israel and the EU are permitted without additional safeguards.

10. Cookies and Tracking

Essential Cookies (Always active)

Session management (keeps you logged in)
Authentication tokens (JWTs)
CSRF protection

Analytics Cookies (Optional)

Usage patterns and page views to help us improve the product

Error Monitoring – Sentry (Optional)

We use Sentry to catch bugs and improve reliability. Sentry may use session replay, which records user interactions in the browser (similar to a screen recording) solely to help us reproduce and fix errors. This is optional and you can decline it in the cookie banner.

Preference Cookies (Optional)

Language selection
Theme preferences

You can choose your preferences in the cookie banner when you first visit, or reload the page and click "Customize preferences" in the banner. Declining non-essential cookies does not affect core functionality.

10a. Israeli Privacy Law – Amendment 13 Compliance (Biometric Data)

This platform operates under the Israeli Privacy Protection Law (PPL) 1981 as amended by Amendment 13 (2025). The following provisions apply to all biometric data processing:

Biometric data (facial descriptors) is classified as "sensitive information" under the PPL
Collection requires explicit, informed, written consent — provided via our in-app consent flow before any facial analysis runs
Biometric-related data is deleted when you withdraw consent, delete associated content, on daily biometric cleanup, or when events and related records are removed per our retention rules (including the post-deletion grace period for events).
We do not sell biometric data or use it for third-party advertising
Database registration: Whether registration with the Israeli Registrar of Databases (רשם מאגרי המידע) applies, and the current status of any filing, depends on legal requirements and your specific situation.
Data security: This database is managed according to the Israeli Data Security Regulations (2017)

To exercise any privacy right under Israeli law, use our Privacy Request portal or read our AI & Biometric Data Policy for an operational summary.

11. Children's Privacy

OurMemory is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13.

If we discover that a child under 13 has provided us with personal data, we will delete it immediately. Parents or guardians who believe their child has provided us with data should submit a request via our Privacy Request portal.

12. Data Breach Notification

If we become aware of a personal data breach that affects you, we will take reasonable steps to investigate and mitigate, and we will provide notices and filings as required by applicable law (including timing and recipients). We may also publish a summary on our website for serious incidents.

Depending on the incident, we may:

Notify affected users by email when appropriate
Notify relevant regulators when required
Provide guidance on steps you can take (such as resetting your password)

What to do if you receive a breach notification:

Reset your password immediately
Review your account for unauthorized activity
Enable two-factor authentication
Monitor your financial accounts if payment data was affected

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Provide at least 30 days notice via email
Update the "Last Updated" date at the top of this page
Display a notification in your account dashboard

Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Service and may request account deletion.

14. Contact Us

For privacy inquiries and data subject requests:

Submit privacy and legal requests through the Privacy Request portal.

For image-related requests, use the photo removal page.

OurMemory

We aim to respond to privacy inquiries without undue delay.

Hebrew Translation Available

מדיניות הפרטיות זמינה גם בעברית. לחץ כאן לגרסה העברית

In the event of any conflict between the English and Hebrew versions, the Hebrew version shall prevail for Israeli customers; the English version governs for international users.