Privacy Policy

1. Who we are

Ode Events is a trading name of Laramattix Ltd, registered in Scotland (company number SC884319), with a registered office at Office 2/3 48 West George Street, Glasgow, United Kingdom, G2 1BP. We are registered with the Information Commissioner's Office (ICO registration number PLACEHOLDER).

For the purpose of UK GDPR, we act as a data controller for account, billing, and platform-level data. When processing guest data within events, we act as a data processor on behalf of event organisers (the data controllers for their event data).

If you have questions about how your data is used for a specific event, please contact the event organiser directly. For questions about the platform itself, contact us at hello@ode.events.

2. Data we collect

Account holders (organisers):

• Email address and display name (required for signup)
• Payment information (processed by Stripe — we do not store card details)
• Event data you create

Guests (non-account users):

• Optional alias (display name) chosen at join time
• Photos and captions you upload
• Comments you leave on photos
• RSVP responses (attendance status, meal choices, plus-one names)
• Session cookie (stored locally, used only to identify your session within the event)

3. How we use your data

• To provide the photo album service
• To process payments via Stripe
• To enforce event access controls
• To allow organisers to moderate uploaded content

We do not sell your data, use it for advertising, or share it with third parties except as required to operate the service (Supabase for storage, Stripe for payments).

4. Photos and content

By uploading photos, you confirm that you have the right to share them and that any identifiable individuals in the photos have consented to their inclusion in the event album.

Photos are stored securely and are only accessible to people who have joined the event. Event organisers can delete individual photos at any time through the moderation panel.

5. Data retention

Event data (photos, comments, guest sessions, RSVP responses) is retained for the duration of the event's retention period, which varies by plan. Retention periods range from 7 days to 1 year after the event's end date, depending on the plan selected by the organiser. After the retention period, photos and associated event data are automatically and permanently deleted from our servers.

Organisers can delete their entire event and all associated data at any time from the dashboard, regardless of the retention period. Organisers and guests with permission can download photos before the retention period ends.

Account data is retained until you delete your account. You can request account deletion by emailing hello@ode.events.

6. Your rights (UK GDPR)

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erasure (“right to be forgotten”)
• Restrict processing of your data
• Portability — receive your data in a portable format
• Object to processing

To exercise any of these rights, email hello@ode.events. We will respond within 30 days.

7. Cookies

We use strictly necessary cookies only:

• Authentication cookies — set by our authentication provider (Supabase) to keep organisers signed in to their accounts.
• Guest session cookies — one per event, used to identify returning guests. These do not track you across websites.

We do not use advertising cookies, third-party analytics, or any non-essential cookies. These cookies cannot be disabled as they are required for the service to function.

8. Third-party services

• Supabase — database and file storage (EU region)
• Stripe — payment processing
• Vercel — hosting and CDN

Each of these services operates under their own privacy policy and appropriate data processing agreements.

9. Contact

Questions about this policy? Email us at hello@ode.events.