The following information is meant to provide a convenient, surface-level overview of how we handle data. It is subject to change at any time, with or without notice.

Please contact us directly for help with regulatory compliance or security questionnaires. We can provide a list of data sub-processors upon request.

Data and backups are both stored in the US, specifically AWS region US East 1 (Ohio).

We retain data indefinitely but provide tools to delete it at-will (PII purge in the Select plan). Users can also delete their entire account at any time. Participants can request removal of specific photos and records by emailing to privacy@simplebooth.com.

All data is encrypted in transit (TLS version 1.2) and our primary database is encrypted at rest using AES-256.

When PII is purged (available on Select plan) the data will be fully deleted within a couple of hours. Backups are retained for 14 days.

Required: Photo(s) or video depending on the photo booth configuration.

Optional: Email address and/or phone number for email/text message photo delivery. The booth can be run with only QR delivery which does not capture email or phone number. We also offer a data capture form which will capture the specific fields you add to be captured for marketing purposes.

We track IP addresses of logins and any PII entered as part of the sign-up process or account settings pages, or provided throughout the sales process (such as via emails or meetings).

For customers, we store the IP address for logins and generate device identifiers to track photo booths. We receive information on how participants interact with the gallery or their photo through Google Analytics, but do not link it to a specific individual. Photos/videos are associated with the email address or text message used to deliver them when these send options are enabled or used in a data capture form.