Privacy Policy

1. Information we collect

When you use CrowdClick, we collect the following information:

• Email address — used for authentication (magic link sign-in) and event invitations.
• Display name — the name you provide when joining an event, shown to other event members.
• Photos — images you upload to event galleries, along with any embedded EXIF metadata (camera model, capture date, GPS coordinates if present).
• Usage data — basic information about how you interact with the platform (pages visited, features used).

2. How we use your information

• To authenticate you and provide access to your events.
• To display your photos in event galleries visible to event members.
• To send event invitations and authentication emails.
• To improve the platform and fix issues.

We do not sell your personal information. We do not use your photos for advertising, training, or any purpose other than displaying them in your event galleries.

3. Photo privacy

Photos uploaded to CrowdClick are only accessible to members of the event they were uploaded to. Event organizers control access through join policies (open or invite-only) and moderation settings.

We process uploaded photos to generate optimized viewing sizes (thumbnails, medium, and large versions). The original full-resolution file is preserved. We extract EXIF metadata for display purposes and sanitize uploader-identifying information from stored metadata.

Event organizers can configure whether GPS location data is stripped from photos and whether EXIF information is visible to event members.

4. Data storage and security

Your data is stored securely using industry-standard practices:

• Authentication tokens are stored as secure, HTTP-only cookies.
• Passwords are never collected — we use passwordless magic link authentication.
• Photos are stored in encrypted cloud storage.
• All connections use HTTPS with strict transport security.
• We implement CSRF protection, Content Security Policy, and other security headers.

5. Data retention

Event data and photos are retained as long as the event is active. When an event is archived or deleted by its organizer, the associated data is marked for removal. Deleted events and photos are soft-deleted and may be permanently removed after a retention period.

6. Your rights

You have the right to:

• Access your personal data.
• Request deletion of your account and associated data.
• Delete photos you have uploaded.
• Leave events you have joined.

To exercise these rights, contact us at the address listed on our contact page.

7. Cookies

CrowdClick uses a single essential cookie for authentication (crowdclick-token). This cookie is HTTP-only, secure, and required for the platform to function. We do not use advertising or tracking cookies.

8. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify users through the platform. Continued use of CrowdClick after changes constitutes acceptance of the updated policy.