AisleShot
EN
English Lietuvių Polski Latviešu Eesti
How it works Pricing Compare Guides
Sign in Create gallery
Legal

Privacy Policy

We treat your wedding photos and personal data the way we'd want ours treated — carefully, transparently, and only as long as needed. Here's exactly how.

Last updated: 24 May 2026 · Effective immediately

1. Who we are (data controller)

AisleShot is operated by Rivio MB, a company registered in the Republic of Lithuania (company code 305XXXXXX), with its registered office at Gedimino pr. 1, Vilnius, LT-01103, Lithuania. For the personal data described in this policy, Rivio MB acts as the data controller within the meaning of Regulation (EU) 2016/679 (the "GDPR").

Where a couple ("host") creates a wedding gallery and invites guests, the host determines who is invited and what becomes of the gallery. In respect of the photos uploaded to their gallery, the host is a controller and AisleShot acts as a processor on their behalf, in addition to being a controller for the account and billing data we hold directly.

You can reach our data protection point of contact at [email protected].

2. Data we collect

We collect only what we need to run the service:

  • Account data. When a host registers, we collect a name, email address, and a hashed password (or a Google account identifier if you sign in with Google).
  • Wedding data. The names, event date, and gallery title you choose, along with the unique, unguessable gallery link and its QR code.
  • Uploaded content. Photos and videos contributed by guests, including any metadata embedded in those files (such as capture time or device model).
  • Payment data. We do not store full card numbers. Payments are handled by Stripe; we retain only a transaction reference and the plan purchased.
  • Technical data. IP address, browser type, and basic usage logs, collected to keep the service secure and working.

Guests do not need to create an account. A guest may optionally provide a display name to attach to their uploads; this is voluntary.

3. Photos as personal data

Photographs and videos of identifiable individuals are personal data under the GDPR, and in some cases may reveal special categories of data (for example, perceived religious affiliation at a ceremony). Because AisleShot exists to gather wedding photos, this is core to how the service works.

By the nature of a wedding, guests photograph one another and the couple. The host who creates the gallery is responsible for ensuring that the people they invite to contribute and view photos are acting appropriately, and for honouring any request from someone depicted to have an image removed. We provide tools for hosts and guests to delete content, and we will act on lawful removal requests sent to us directly.

5. Service providers & processors

We share data only with carefully chosen providers who process it on our instructions under data processing agreements:

  • Stripe — payment processing.
  • Amazon Web Services (EU regions) — encrypted hosting and photo storage.
  • Google — optional "Sign in with Google" authentication.
  • A transactional email provider — to send account, reset, and receipt emails.

We never sell your personal data, and we do not share it with advertisers.

6. International transfers

We host data within the European Union wherever possible. Where a provider processes data outside the European Economic Area, we rely on an adequacy decision of the European Commission or on Standard Contractual Clauses, together with appropriate supplementary measures, to protect your data.

7. How long we keep data

Storage duration depends on the plan a host purchases (for example, 6 months, 2 years, or lifetime). After a gallery's storage period ends, photos and videos are scheduled for permanent deletion following a short grace period during which the host is notified.

Account data is kept while your account is active and deleted on request. Invoices and tax records are retained for the period required by Lithuanian accounting law (generally 10 years). Security logs are kept for a limited period and then erased.

8. Your GDPR rights

Subject to the conditions in the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify data that is inaccurate or incomplete.
  • Erase your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting prior lawful processing.

To exercise any of these rights, email [email protected]. We respond within one month.

9. Security

We use encryption in transit (TLS) and at rest, unguessable gallery links, hashed passwords, access controls, and regular backups. No system is perfectly secure, but we work continually to protect your memories and notify you and the relevant authority of any breach as required by law.

10. Cookies

We use strictly necessary cookies to keep you signed in and to secure the service. Any analytics or preference cookies are non-essential and are only set with your consent, which you can manage at any time.

11. Children

AisleShot is intended for adults organising and attending weddings. We do not knowingly create accounts for children under 16. Children may naturally appear in wedding photographs; responsibility for the appropriateness of such images rests with the host and the contributing guests.

12. Contact & complaints

Questions or concerns? Write to us at [email protected] or by post to Rivio MB, Gedimino pr. 1, Vilnius, LT-01103, Lithuania.

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the Lithuanian supervisory authority, the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija), or with the authority in your country of residence.