Create roll

Legal

Privacy Policy

Effective Date: May 13, 2026

Disposable Photo, LLC ("we," "us," or "our") operates disposable.photo. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data when you use our website and web application (the "Service").

1. Information We Collect

a. Information You Provide

  • Host accounts: email address and password when you register.
  • Event details: event name, dates, background images, and settings you configure.
  • Guest information: first name entered when joining an event (no account required).

b. Photos and Content

  • Photos taken inside the app are processed through automated content moderation before being stored in our secure cloud storage.
  • Photos flagged for general explicit or violent content are immediately discarded and never stored.
  • Photos that match known child sexual abuse material (CSAM) hashes are quarantined in a secure, access-restricted storage bucket for mandatory reporting purposes and are never viewable by any user or staff member.
  • Photos remain private until the event host chooses to reveal the album.
  • Deleted photos are removed from our servers within 7 days.

c. Automatically Collected Information

  • Device type and browser information.
  • IP address and approximate location.
  • Usage data such as pages visited and actions taken within the app.
  • Moderation event logs: timestamp, event ID, and device IP for every photo that triggers a moderation flag. These logs do not contain the flagged image.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and events.
  • Deliver the core Service functionality.
  • Scan every photo through a two-tier content moderation system before storage.
  • Quarantine and report any CSAM detections to NCMEC as required by federal law.
  • Apply watermarks to downloaded photos per your selected tier.
  • Communicate with you about your account and service updates.
  • Process payments and manage billing.
  • Improve and develop the Service.
  • Comply with all applicable legal obligations including mandatory reporting requirements.

3. Photos and the Album Reveal

All photos that pass content moderation are stored privately until the host activates the album reveal. We do not share, display, or distribute photos to any third party without your authorization, except as required by law or as necessary for content moderation and mandatory safety reporting.

4. Watermarks

All photos downloaded or shared through the Service include a disposable.photo watermark on every tier. Hosts on the Branded tier may add their own logo alongside ours. Watermarks are applied at the time of download and are part of the Service.

5. Third-Party Services

We work with trusted third parties to deliver portions of the Service, including:

  • Supabase — cloud database and file storage.
  • Google Cloud Vision SafeSearch — first-tier automated content moderation applied to every photo before storage. Flags and discards explicit, violent, and racy content.
  • Microsoft PhotoDNA — second-tier CSAM detection. Compares a numerical hash of every photo against the NCMEC database of known CSAM. No human reviews the image during this process.
  • NCMEC CyberTipline — mandatory recipient of CSAM reports under federal law.
  • Printicular / retail print partners — for print fulfillment at Walgreens, CVS, and other locations.
  • Payment processors — for billing and subscription management.

6. Content Moderation and Child Safety

Tier 1 — Google Cloud Vision SafeSearch

Every photo is scanned in real time before storage. Photos flagged as explicit, violent, or racy at a LIKELY or VERY_LIKELY confidence level are immediately discarded. The guest's shot is returned to them. The rejection is logged with event ID, timestamp, and device IP. The rejected image is never stored.

Tier 2 — Microsoft PhotoDNA CSAM Detection

Simultaneously, every photo is converted to a numerical hash and compared against the NCMEC database of known CSAM hashes. This process is entirely automated. No human being views the image during this process. If a hash match is detected:

  • The photo is immediately quarantined in a secure, access-restricted storage bucket.
  • An automated alert is sent to safety@disposable.photo.
  • The event host is not notified and cannot access the quarantined image.
  • We submit a report to the NCMEC CyberTipline as required by 18 U.S.C. § 2258A.
  • We cooperate fully with any resulting law enforcement investigation.
  • The quarantined image is deleted after the mandatory reporting process is complete.

Staff at disposable.photo do not view quarantined CSAM images. The reporting process is handled through automated submission to NCMEC.

User Reporting

A report button is available on every photo in a revealed album. Reported photos are immediately hidden from the album and placed in a private moderation queue. We review all reports promptly. Photos confirmed to violate our policies are permanently deleted. Suspected CSAM is handled under Tier 2 above.

7. Data Retention

  • Event albums and photos are automatically deleted 90 days after the event date by our scheduled purge job.
  • Hosts may delete an event and its photos at any time from the dashboard. Deletion is immediate and permanent.
  • Host accounts and associated data are retained until you delete your account.
  • Moderation rejection logs are retained for 90 days for legal compliance.
  • CSAM quarantine records and NCMEC report confirmations are retained as required by applicable law.
  • You may request deletion of your personal data at any time by contacting us, subject to legal retention requirements.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. Guests under 13 may participate in events only under direct parental supervision. We collect only a first name from guest participants.

If you believe a child under 13 has provided us with personal information outside of supervised event participation, contact us immediately at safety@disposable.photo.

9. Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal data, or to restrict or object to its processing. To exercise these rights, contact hello@disposable.photo. Note that certain data may be retained as required by law regardless of deletion requests.

10. Cookies

We use essential cookies to maintain your session. We do not use advertising or tracking cookies.

11. Security

We use industry-standard security measures including encrypted storage, HTTPS, access controls, and a two-tier automated content moderation system. No transmission method is 100% secure and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email or notice on the Service. Continued use after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

disposable.photo
General: hello@disposable.photo
Safety & CSAM reporting: safety@disposable.photo

← Back home