Privacy Policy
Effective date: [DATE — set when published] · Version 2.0
1. Who is responsible
tratti.ai is operated by Alexander Ellul, a self-employed sole trader established in Malta (Fairwinds PH A14, Tumas Galea Street, Luqa, Malta) ("tratti", "we", "us"). We are the data controller for personal data processed on tratti.ai. Contact: [email protected], +356 79260967. We have not appointed a Data Protection Officer, as we are not required to; privacy enquiries go directly to the contact above.
2. The short version
We sell event photos. To help you find yours, we use AI face-matching — that involves biometric data, and we only process yours with your explicit consent. Selfies used for a one-off search are deleted as soon as the search completes. Faces in event photos are indexed so participants can find themselves; you can have your photos removed or excluded at any time, free of charge. We never sell your data, and we never use your face data for anything except finding your photos.
3. What data we process
Visitors and buyers
- Account data: name, email, password (hashed), email-verification status, or your social-login identifier if you sign in with a social provider.
- Purchase data: cart contents, orders, token balance, promo codes used, downloads. Card details are handled by Stripe and never touch our servers.
- Face search data: see section 4 — this is the most important section of this policy.
- Consent records: when you give a consent or accept an agreement on the site, we store what you accepted, the version, your IP address and the time — we are legally required to be able to demonstrate consent.
- Technical data: IP address, browser type, and server logs kept for security.
Photographers and organisers
- Account and approval data, sales and payout records, payout account details, and payout receipts.
People appearing in event photos
- Photos and videos uploaded by photographers may show you even if you never visit this site. We process these images, including face indexing, as described in sections 4 and 8.
4. Face recognition (biometric data)
Our "Find my photos" feature is an AI system that uses facial recognition, provided by Amazon Web Services (AWS Rekognition, region: eu-central-1, Frankfurt, EU). Facial templates are biometric data, a special category of personal data under Article 9 GDPR. We process them only as follows.
a) One-off selfie search
When you upload a selfie, we ask for your explicit consent before processing. Your selfie is converted into a numerical face template and compared against faces indexed from event photos; results are limited to the event you selected and shown with confidence scores. Your selfie is deleted as soon as the search completes, and the face template derived from it is used transiently for the comparison only — it is never stored. Match results are suggestions produced by an AI system and may contain errors.
b) Saved selfie and match alerts (optional)
You can choose — via a separate opt-in — to save your selfie to your account. If you do, we store the selfie and compare newly uploaded event photos against it so we can email you when new photos of you appear (no face template is stored; each comparison derives it transiently from your saved selfie). You can withdraw this consent at any time by deleting your saved selfie in account settings; the selfie is deleted immediately and match alerts stop immediately.
c) Face indexing of event photos
When a photographer uploads an album, faces detected in the photos are indexed so that the people photographed can find their own images. This index maps face templates to photos; it is not linked to names or identities of the people in the photos. We rely on our legitimate interest (and that of participants and photographers) in making event photos findable by the people in them — a documented balancing assessment is on file. Safeguards: only you can search for your own face (with your consent, section 4a); the index is used for no other purpose; face records are deleted when a photo, album or event is removed from sale; and you can object and have your face excluded at any time (section 8).
d) What we never do
We do not use face data for advertising, profiling, identity verification, or training AI models; we do not sell or share it except with AWS as our processor; and we do not allow anyone to search for photos of other adults.
e) Minors
Face search requires users to be 16 or older. A parent or legal guardian may search using a photo of their own child under 18. Event organisers are contractually required to obtain appropriate parental consents for events involving minors.
5. Purposes and legal bases
- Providing the marketplace (accounts, cart, checkout, delivery, downloads) — performance of a contract (Art. 6(1)(b)).
- Face search and saved selfies — your explicit consent (Art. 9(2)(a) with Art. 6(1)(a)).
- Face indexing of event photos — legitimate interests (Art. 6(1)(f)), with the safeguards in section 4c; for the biometric element we additionally apply the measures described there and honour objections without requiring justification.
- Order and match-alert emails — contract performance and consent respectively.
- Payouts to photographers/organisers — performance of a contract.
- Tax and accounting records — legal obligation (Art. 6(1)(c)).
- Security, fraud prevention, logs — legitimate interests (Art. 6(1)(f)).
6. Processors and recipients
- Amazon Web Services — photo/video storage (S3), face matching (Rekognition), video transcoding (MediaConvert). Region: eu-central-1 (Frankfurt, EU).
- Stripe — payment processing. Stripe is an independent controller for some payment data; see Stripe's privacy policy.
- Hetzner — server hosting (Germany/EU).
- Zoho Mail — transactional email delivery.
- Photographers see sales data for their own albums; organisers see aggregate sales statistics for their events. Neither receives your face data.
All processors are bound by data processing agreements. Where any processing occurs outside the EEA (e.g. some Stripe or Zoho operations), transfers are protected by the EU–US Data Privacy Framework or EU Standard Contractual Clauses.
7. How long we keep data
- One-off search selfies: deleted as soon as the search completes (a daily automated sweep additionally removes anything left behind by errors within 24 hours). No face template is retained.
- Saved selfies: until you delete them or your account.
- Event photo face indexes: while the album is on sale; face records are deleted when the photo, album or event is removed.
- Account data: until account deletion (see our Data Deletion Policy).
- Purchase and payout records: retained as required by Maltese tax and accounting law (up to 10 years), with personal data minimised where possible.
- Consent and acceptance records: for as long as needed to demonstrate compliance.
- Backups: up to 90 days after deletion from active systems.
- Server logs: application logs 14 days; web-server access logs up to 30 days.
8. If you appear in event photos
Photographers warrant that they were authorised to photograph the event, and organisers are required to notify participants that photos will be published here and that faces are indexed for self-search. Regardless of that, you can at any time, free of charge and without giving reasons:
- have specific photos of you removed from the site; or
- have your face excluded from face-search indexing while the photos remain.
Email [email protected] with links to the photos (or event details plus a description). We action removal requests within 30 days at the latest, usually much faster. For photos of minors, a parent or guardian may make the request.
9. Cookies
- Strictly necessary cookies — session, authentication, cart, CSRF protection, and event-password unlock. No consent needed.
- Organiser referral cookie — if you arrive via an organiser's referral link, we remember that referral so the organiser is credited with commission on your purchases. For your current visit this is kept in your session; a 30-day cookie is stored only if you accept cookies in the cookie banner.
We use no analytics or advertising cookies. You can change your cookie choice at any time via the cookie settings link in the footer.
10. Your rights
Under the GDPR you can: access your data (Art. 15); correct it (Art. 16); have it erased (Art. 17); restrict processing (Art. 18); receive it in portable form (Art. 20); object to processing based on legitimate interests, including face indexing (Art. 21); and withdraw any consent at any time without affecting prior processing (Art. 7(3)). Exercise any right via [email protected] — we respond within one month. We may need to verify your identity first.
You may lodge a complaint with the Information and Data Protection Commissioner (IDPC), Malta (idpc.org.mt), or with the supervisory authority of your country of residence.
11. Security
Data is encrypted in transit (TLS) and at rest. Access to personal data is limited to the operator and processors under contract. Original (unwatermarked) files are stored privately and only delivered after purchase. Payment data is handled entirely by Stripe.
12. Children
Accounts and face search require a minimum age of 16. We do not knowingly collect data directly from younger children; photos of minors taken at events are handled under the safeguards in sections 4e and 8. Parents or guardians can request deletion of a child's data at any time.
13. Changes to this policy
We will announce material changes on the site before they take effect, and where a change requires fresh consent (for example, any new use of biometric data), we will ask for it explicitly — continued use alone will not be treated as consent to new biometric processing.
14. Contact
Alexander Ellul trading as tratti.ai · Fairwinds PH A14, Tumas Galea Street, Luqa, Malta · [email protected] · +356 79260967