Legal
Privacy Policy
Last updated: April 2026 · Version 1.3 · momento App · Operated by: Justin Mangelsdorf
The Key Points
momento is a private photo app for closed groups. Your data belongs to you — we do not sell it, we do not track you, and we show no advertising. All user data is stored exclusively on EU servers (region eur3, Belgium). This policy transparently describes what data we collect and why.
1. Controller
The controller responsible for processing personal data under the GDPR is:
2. Data We Collect
2.1 Registration & Profile
When registering with email we collect:
- Email address (for login and optional notifications)
- Password (stored encrypted via Firebase Auth — never in plain text)
- Nickname (freely chosen, visible to other users)
- Username (auto-generated, unique, changeable in the app)
- Profile photo (optional, uploaded by you)
2.2 Third-Party Sign-In
You may alternatively sign in via the following providers, which transmit the following data to us:
- Google Sign-In: Name, email address and profile photo from your Google account
- Apple Sign-In: Name and email address from your Apple ID (first login only; you may use Apple's anonymised relay email so your real address is never shared with us)
- Phone number (SMS OTP): Your phone number is used once for authentication via Firebase Phone Auth. It is not permanently stored in your user profile and is not used for marketing.
2.3 Content You Create
- Photos and videos you upload to events
- Comments and likes on posts
- Events you create: title, description, location, icon, start and end date
- Friend connections with other users
- Spotlight posts (content you actively choose to share with your friends, see Section 7)
- Custom logos and brand colours (paid VIP, Elite and Public events only)
2.4 Usage Data
- Activity logs within events: e.g. "uploaded a photo", "joined", "left", "was removed"
- Timestamps of actions (creating, uploading, joining, commenting)
- Push notification token (Firebase Cloud Messaging), stored only if you have actively allowed notifications
- App language setting (stored locally in the browser, not in the database)
2.5 Payment-Related Data
For paid event upgrades (Premium, VIP, Elite or Public tier) payments are handled depending on platform:
- Android & Web: Redirected to Stripe Checkout. Stripe processes all payment details.
- iOS / Safari: Payment via Apple Pay. Apple processes the transaction directly.
We ourselves do not receive or store any card, bank account or Apple Pay data. After a successful payment we receive only: confirmation (yes/no), amount, timestamp and internal event ID.
2.6 Automatically Collected Technical Data
Firebase automatically collects technical metadata such as IP addresses, device type and operating system for security and service stability. This data is not permanently stored by us.
3. Purpose of Processing
We process your data solely to operate the app:
- Authentication and account management
- Providing event and gallery features including the Delayed Reveal mechanism
- Displaying content to authorised event participants
- Managing friend connections
- Providing the Spotlight feature (with your active consent only)
- Processing paid event upgrades
- Sending push notifications (only with your explicit permission)
- Ensuring technical stability and bug fixing
Legal bases: Art. 6(1)(b) GDPR (contract performance) for core app operation; Art. 6(1)(a) GDPR (consent) for optional features such as push notifications, Spotlight and third-party logins.
4. Storage & Server Location
🇪🇺 EU-Only Storage ✓ GDPR compliant
All momento user data is stored exclusively within the European Union:
- Firebase Firestore & Storage: Region eur3 (Europe West — data centres in Belgium and the Netherlands). No user data is transferred to the USA.
- Firebase Cloud Functions: Region europe-west1 (Belgium).
Technical security data (logs, IP addresses) may be processed internally by Google Firebase under the EU–US Data Privacy Framework — this falls under Google's sole responsibility as described in their privacy policy.
Retention Periods
- Account data: Until you delete your account
- Photos & videos: Until deleted by you or the event creator
- Event data: Until the event is deleted by the creator
- Activity logs: Deleted together with the associated event
- Spotlight content: Until removed by you or the event creator
- Payment records: Stripe and Apple retain transaction records according to their statutory obligations (typically 10 years). We store only: event ID, tier name and payment status.
- Push tokens: Removed when notifications are disabled or the account is deleted
5. Sharing with Third Parties
We do not sell data and do not share it for advertising purposes. Data is shared only in these cases:
- Other app users: Your content (photos, nickname, comments, likes) is visible to participants of your events. Spotlight posts are visible to your friends in the app (see Section 7).
- Technical service providers: Google Firebase as backend infrastructure, and Stripe or Apple as payment processors — each under data processing agreements pursuant to Art. 28 GDPR.
- Third-party login providers: When using Apple Sign-In or Google Sign-In, data is processed by those providers under their own privacy policies.
- Legal obligation: In response to lawful requests from public authorities where legally required.
6. Third-Party Services
Google Firebase
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Firebase Authentication: Sign-in via email, Google, Apple and phone number (SMS)
- Cloud Firestore: Database for events, profiles, comments, activity logs — region eur3
- Firebase Storage: Storage for photos, videos and event logos — region eur3
- Cloud Functions: Server-side logic (payment processing, notifications) — region europe-west1
- Firebase Cloud Messaging (FCM): Push notifications (with consent only)
Privacy policy: policies.google.com/privacy
Apple Sign-In
Apple Distribution International Ltd., Hollyhill Industrial Estate, Cork, Ireland
Optional sign-in method. Apple transmits name and email on first login. You may use Apple's relay email service to keep your real address private.
Privacy policy: apple.com/legal/privacy
Google Sign-In
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Optional sign-in method. Google transmits name, email and profile photo. Privacy policy: policies.google.com/privacy
7. Spotlight Feature
What is Spotlight?
Spotlight is an optional feature that lets you share selected posts from your events beyond the private participant group. Spotlight posts are visible to all your friends in the apps — not just event participants.
- Spotlight is always opt-in — you decide actively and per post whether to share
- Visible to your friends: the photo or video, your nickname and the event title
- Your friends can like and comment on Spotlight posts
- You can remove a Spotlight post at any time
Note: Only share content via Spotlight with the consent of all people shown.
8. Payments
Paid event upgrades (Premium, VIP, Elite and Public tiers) are processed by different payment providers depending on your platform.
💳 Stripe — Android & Web
Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland
- On Android devices and desktop browsers you are redirected to Stripe's secure checkout page
- All payment processing (card, SEPA, PayPal etc.) takes place entirely on Stripe's platform
- We do not receive or store any payment details
- After successful payment Stripe sends us only: confirmation, amount, timestamp and event ID
Stripe Privacy Policy: stripe.com/privacy
🍎 Apple Pay — iOS & Safari
Apple Distribution International Ltd., Hollyhill Industrial Estate, Cork, Ireland
- On Apple devices (iPhone, iPad) and Safari, payment is processed via Apple Pay
- Your payment data never leaves your device in plain text — Apple Pay uses tokenisation and biometric authentication
- We do not receive or store any card or bank data
- After successful payment we receive only: confirmation, amount, timestamp and event ID
Apple Pay Privacy Policy: apple.com/legal/privacy
9. Your Rights
Under GDPR you have the following rights regarding your personal data:
- Access (Art. 15): You may request information about the data we store about you at any time
- Rectification (Art. 16): Incorrect or incomplete data can be corrected
- Erasure (Art. 17): You may request complete deletion of your data
- Restriction (Art. 18): Processing may be restricted in certain circumstances
- Portability (Art. 20): You may request your data in a machine-readable format
- Objection (Art. 21): You may object to the processing of your data
- Withdrawal of consent: Any consent given (e.g. push notifications) may be withdrawn at any time
- Complaint: You have the right to lodge a complaint with a supervisory authority
To exercise your rights contact: support@momento-cloud.net
Supervisory authority (Germany): Federal Commissioner for Data Protection and Freedom of Information (BfDI)
10. Delete Your Account
How to delete your account
You can permanently delete your account and all associated data at any time:
- In the app: Profile → Settings → Delete account
- By email: Send a request to support@momento-cloud.net with the subject "Delete account" and your registered email address
The following data is irreversibly deleted:
- Profile data (nickname, username, email, profile photo)
- All photos and videos you uploaded
- All events, comments and likes you created
- Friend connections and activity logs
- Push notification tokens
Deletion is immediate in the app and complete within 30 days. Transaction data held by Stripe or Apple is subject to their own retention obligations and is not under our control.
11. Children & Minors
momento is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has created an account, we will delete it immediately and completely.
For users between 13 and 16 we recommend completing registration together with a parent or guardian.
12. Changes
We reserve the right to update this privacy policy when the app, its features or legal requirements change. For material changes we will notify registered users via in-app notification or email. The date of the last update is shown at the top. The current version is always available at /privacy.html.