Privacy Policy

We collect information in two contexts: from Event Operators who set up and manage photo booths, and from Guests who use the booth at events.

1.1 Event Operator Information

When you create an account as an Event Operator, we collect the following through our authentication provider, Clerk:

• Full name — used to identify your account and personalize the dashboard.
• Email address — used for account authentication, service communications, and as the reply-to address for guest-facing emails when configured.
• Authentication identifiers — a unique external identifier and token identifier from Clerk, used solely to authenticate your sessions securely.

1.2 Guest Information

When a guest uses a YayPeng photo booth at an event, we may collect the following, depending on the operator's configuration:

• Guest name (optional) — used to personalize the photo delivery email and the web download page greeting.
• Email address (optional) — used solely to deliver the guest's photo strip. If no email is provided, no email is sent and the session is marked as completed without delivery.
• Phone number (optional) — collected only if the operator enables phone capture. Stored alongside the session record and subject to the same retention schedule as other guest PII.
• Photographs — individual photos captured by the booth camera (built-in iPad camera or connected USB camera) and the composed photo strip rendered from those photos.
• Privacy consent record — a timestamp, the version of the privacy policy accepted, and whether consent was granted.

1.3 Event Information

Operators create events that include an event name, date, branding customization (colors, fonts, headline text), and optionally a logo image. This information is used to customize photo strip templates and is not considered personal information.

1.4 Automatically Collected Information

We do not use third-party analytics, tracking pixels, advertising identifiers, or cookie-based tracking on the Service. The only usage data we maintain are aggregate counters per event (total sessions and total emails sent), which contain no personally identifiable information.

We use the information we collect for the following purposes:

• Service delivery — to operate the photo booth, render photo strips, deliver photos via email, and provide the web download experience.
• Authentication and security — to verify operator identity, manage sessions, generate secure passcodes, and prevent unauthorized access to guest photos.
• Personalization — to greet guests by name on the download page and in the delivery email.
• Event management — to provide operators with session counts and email delivery statistics on their dashboard.
• Legal compliance — to maintain records of privacy consent and honor data retention obligations.

We do not use guest information for marketing, advertising, profiling, or any purpose unrelated to delivering the photo booth service.

Every photo session generates a unique 6-digit passcode using a cryptographically secure random number generator. This passcode is:

• Included in the delivery email sent to the guest.
• Required to unlock and view photos on the web download page.
• Verified server-side — the photo strip URL is never exposed to the browser until the correct passcode is submitted.

Each session also receives a unique 12-character share token generated via crypto.getRandomValues, which forms the URL path for the download page. The share token alone does not grant access to the photos; the passcode is always required.

Your data is processed and stored using the following infrastructure providers:

• Convex (convex.dev) — our backend platform. Database records (session metadata, event configuration, user accounts) and photo files (raw captures and rendered strips) are stored in Convex's managed cloud infrastructure.
• Clerk (clerk.com) — handles operator authentication, password management, and session tokens. Clerk processes operator names and email addresses. We receive user data from Clerk via secure webhooks.
• Resend (resend.com) — our email delivery provider. Guest email addresses and photo strip images are transmitted to Resend for the sole purpose of delivering the photo notification email. Resend processes this data in accordance with their own privacy policy.
• Vercel (vercel.com) — hosts the web download page and landing site. Vercel may collect standard web server logs (IP address, user agent, request timestamps) as part of normal infrastructure operations.

All data transmission between clients and our servers occurs over encrypted HTTPS connections.

We follow a strict data minimization and automatic deletion schedule. No manual intervention is required — data is purged automatically by scheduled background processes:

After the retention periods expire, the data is irrecoverably deleted. Once raw photos are purged, only the rendered strip remains (for up to 30 days). Once all photo data and PII are purged, the session record retains only anonymous metadata (session status, timestamps, event association) for aggregate statistics.

Download promptly. We strongly encourage guests to download their photos as soon as they receive the email. After 30 days, the photo strip will no longer be available for download.

When a guest provides an email address at the booth, we send exactly one email per session containing:

• The event name and date.
• A preview of the rendered photo strip.
• A 6-digit access passcode.
• A link to the web download page.

We do not send marketing emails, newsletters, or follow-up communications to guests. Guest email addresses are used exclusively for photo delivery and are automatically purged after 90 days. Email delivery is attempted up to three times. If all attempts fail, the email address and error details are retained only until the standard PII purge at 90 days.

Emails are sent from pengs@yaypeng.theoyinbooke.com via Resend.

Before photos are taken, the booth presents a privacy consent screen to each guest. The consent record includes:

• Whether consent was granted (boolean).
• The version of the privacy policy that was presented and accepted.
• The exact timestamp of acceptance.

Consent is our legal basis for processing guest photographs and personal information under applicable data protection laws. If a guest declines consent, no photos are captured and no personal information is stored for that interaction.

We do not sell, rent, trade, or otherwise share guest personal information with third parties for their own marketing or commercial purposes. We share data only with the service providers listed in Section 4 (Convex, Clerk, Resend, Vercel) and only to the extent necessary to operate the Service.

We may disclose information if required to:

• Comply with applicable law, regulation, or legal process.
• Protect the rights, property, or safety of YayPeng, our users, or the public.
• Enforce our Terms of Service.

Event Operators can view session data (guest name, email delivery status, photo strip) for events they own, through the authenticated operator dashboard. Operators do not have access to passcodes, raw individual photos after the 7-day purge, or sessions belonging to other operators.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate personal data.
• Deletion — request early deletion of your data before the automatic retention period expires.
• Data portability — receive your data in a structured, commonly used, machine-readable format.
• Withdrawal of consent — withdraw your consent at any time, though this will not affect the lawfulness of processing based on consent before its withdrawal.
• Objection — object to certain types of processing of your personal data.

To exercise any of these rights, contact us at privacy@theoyinbooke.com. We will respond to all legitimate requests within 30 days.

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If a child under 13 uses a YayPeng booth at an event, the Event Operator is responsible for ensuring appropriate parental or guardian consent is obtained.

If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 13, please contact us immediately.

The YayPeng web platform (yaypeng.theoyinbooke.com) does not use first-party tracking cookies, advertising cookies, or third-party analytics scripts. We do not track users across websites or build behavioral profiles.

Our infrastructure providers (Vercel, Clerk) may set strictly necessary cookies for security, authentication, and infrastructure purposes. These are essential for the Service to function and cannot be disabled.

Our service providers (Convex, Clerk, Resend, Vercel) operate infrastructure that may be located outside your country of residence, including in the United States. By using the Service, you consent to the transfer of your information to these jurisdictions. We ensure that our providers maintain appropriate safeguards for data protection.

We implement reasonable technical and organizational measures to protect your information, including:

• Encrypted data transmission (HTTPS/TLS) for all communications.
• Cryptographically secure random generation for passcodes and share tokens.
• Server-side passcode verification — photo URLs are never exposed to the client without authentication.
• Authenticated API access for operators via Clerk JWT tokens.
• Automatic data deletion after defined retention periods.
• Webhook signature verification (Svix) for secure server-to-server communication.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we may provide additional notice such as a prominent notice on the Service.

Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact us: