Skip to content
ImagoMoments

GDPR

Last updated: 2026-05-18

This page is a draft pending legal review. It is not binding on Imago Club SRL and may change before the Service launches. For questions, contact privacy@imagomoments.ro.

This page explains your GDPR rights in plain language and how to exercise them on ImagoMoments. It complements the Privacy Policy, which remains the authoritative document.

1. Your GDPR rights at a glance

  • Access (Art. 15) — get a copy of the Personal Data we hold about you.
  • Rectification (Art. 16) — correct data that is inaccurate or out of date.
  • Erasure (Art. 17) — delete your account and related data.
  • Restriction (Art. 18) — ask us to stop processing while a dispute is resolved.
  • Portability (Art. 20) — receive your data in CSV or JSON so you can take it elsewhere.
  • Object (Art. 21) — object to processing based on legitimate interest, such as analytics or audit logging.
  • Automated decisions (Art. 22) — we do not make Art. 22 decisions about you.

2. How to exercise a right

Send an email to privacy@imagomoments.ro describing what you want. We will respond within 30 days. For complex or numerous requests we may extend this by up to two further months with written notice.

If you are a signed-in User, a reply from the email address on your account is usually enough to verify your identity. If you are a Guest whose data lives inside a Couple's event, we may ask you to show how you are linked to that event (for example by forwarding the original invitation email).

3. Right of access (Art. 15)

On request we prepare a ZIP export of the Personal Data we hold about you and deliver it via a time-bound download link. Export archives are automatically deleted 7 days after generation.

4. Right of rectification (Art. 16)

Most fields (names, event details, invitation content, guest list, RSVPs) can be edited directly from your dashboard. For fields that are not self-serve, an ADMIN will make the change and the edit is recorded in the audit log.

5. Right to erasure (Art. 17)

You can delete your account at any time from the dashboard. We apply a soft delete immediately and then hard-delete the underlying records after 90 days. Unverified accounts are purged at 7 days.

Face biometric data is deleted automatically 30 days after the last face_processed_at for an event; reprocessing resets that window. If you hold a face_consent link on a cluster, you can also revoke it via the face consent endpoint.

You can also revoke a specific album share token (a link granting scoped access to images covered by a face cluster) at any time. Token revocation immediately invalidates the link so it can no longer be used to fetch the underlying images. The underlying images themselves are not deleted by revocation — image deletion follows the regular Art. 17 erasure path against the Couple as controller. The revocation is recorded in the audit log.

When an event is deleted, the full cascade (photos, faces, RSVPs, guest list and analytics for that event) is hard-deleted 90 days after the soft delete, in batches via the nightly retention worker.

Where the Romanian Law 82/1991 requires us to retain accounting records for 10 years, that data is kept only for that legal purpose and then deleted. Audit log actor references for deleted accounts are anonymised.

6. Right to restriction of processing (Art. 18)

We can suspend specific processing (for example, disable face recognition on a given event) while a dispute, correction request or objection is resolved.

7. Right to data portability (Art. 20)

You can request a CSV or JSON export of the data you provided to us for processing based on consent or contract. We deliver it via a 7-day download link.

8. Right to object (Art. 21)

This applies especially to processing based on our legitimate interest, such as invitation view analytics or the audit log. Where an objection is upheld, we stop that processing for you going forward.

9. Automated decision-making (Art. 22)

We do not make Art. 22 decisions that produce legal or similarly significant effects on you. Face clustering (Smart Photo Groups) and AI Highlights are assistance features whose output the Couple can review, edit, override or delete before anything is shown to other people. AI Highlights runs on AWS Bedrock in eu-central-1 (Frankfurt); there is no transfer to the United States for AI inference.

10. Roles on the platform

At the technical level, ImagoMoments has only two account roles: USER and ADMIN. What you would normally call “couple”, “photographer”, “guest” or “partner” are not separate account types. They are personas layered on top of a regular USER account via event memberships and feature flags:

  • A Couple is a USER who owns an event.
  • A photographer is a USER the Couple has invited to the event with photo upload permissions.
  • A Guest may be a USER or a non-account visitor who received an invitation link.
  • A partner is a USER flagged through the partner onboarding flow.
  • An ADMIN is Imago Club SRL personnel with support access, subject to the audit log.

11. Face recognition

Face recognition over event photos is opt-in per event, with explicit consent recorded by the Couple. Face vectors are stored in a per-event AWS Rekognition collection in eu-central-1 (Frankfurt) and are automatically deleted 30 days after the last processing run for that event. Reprocessing resets the window.

The guest selfie claim flow (where a Guest links their face to their own photos) requires the Guest's own face_consent flag on their User profile. A 95% similarity threshold applies, together with a rate limit of 5 attempts per hour per User.

12. Guests whose data lives in a Couple's event

When you are a Guest, the Couplethat created the event is the controller of your data (your name on the guest list, your RSVP answer, photos from the event). We act as the Couple's processor. If you want your data removed or corrected, the fastest route is usually to contact the Couple directly. You can also contact us at privacy@imagomoments.ro and we will help.

13. Federated account auto-link

When you sign in via Google or Facebook with an email that already has a native ImagoMoments account, the federated identity is automatically linked to that account. If you ever find that your federated sign-in matched an account that does not belong to you (for example, two people share an email and the wrong person's account was matched), contact us at privacy@imagomoments.ro — we will treat the request as Art. 16 rectification of the identity-link record: we unlink the federated identity from the misattributed account and, if appropriate, re-link to the correct account or close the misattributed account on your instruction.

14. Filing a complaint

Three different complaint routes exist depending on the nature of your concern. Each goes to a different authority:

  • GDPR / privacy complaints (data-protection issues, exercise of GDPR rights): contact the Romanian National Supervisory Authority for Personal Data Processing — ANSPDCP https://www.dataprotection.ro, postal address B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București.
  • DSA / illegal-content complaints(illegal or rights-infringing reviews, guest uploads, partner profiles, invitation content): first use the platform's Article 16 notice-and-action mechanism — email dsa-contact@imagomoments.ro (or privacy@imagomoments.ro if dsa-contact is not yet provisioned) with the required notice elements. You may escalate to the Romanian Digital Services Coordinator, ANCOM, where relevant.
  • Consumer-contract disputes (refunds, billing, service-quality issues): use the Romanian alternative dispute resolution body ANPC SAL at https://anpc.ro/ce-este-sal/. ANPC SAL is consumer ADR — it is NOT the DSA supervisory route.

15. Language

In case of any conflict between the Romanian and English versions of this document, the Romanian version prevails for all consumers domiciled in Romania.

16. Contact

privacy@imagomoments.ro