Privacy Policy

Last updated: 4 June 2026

This Privacy Policy explains how KLIK (“KLIK”, “we”, “us” or “our”) collects, uses and protects personal data when you use our event photo-sharing service at tryklik.app (the “Service”). We are the data controller for the personal data described in this policy.

We are committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions, contact us at hello@tryklik.app.

1. Who this policy applies to

KLIK has two types of user, and we handle their data differently:

  • Hosts— people who create an account, set up events and manage galleries.
  • Guests— people who join an event via a QR code or link to take and share photos. Guests do not create an account and are not asked for personal details.

2. Information we collect

We collect the following categories of data:

  • Host account data— name, email address and authentication identifiers, handled by our authentication provider (Clerk).
  • Event data— event names, settings, guest and photo limits, and the photos uploaded to an event.
  • Photos and image metadata— images captured by guests, together with technical metadata such as dimensions and capture time. We strip and re-process images on upload (including orientation correction and resizing).
  • Payment data— when you pay for an event, payment is processed by our payment provider (Polar). We do not store full card details on our systems.
  • Contact data— if you message us through a contact or support form, we receive your name, email address and message.
  • Technical data— limited information such as IP address and device/browser type, used for security, rate limiting and to operate the Service.

3. How and why we use your data (legal bases)

Under the UK GDPR we must have a lawful basis for processing your personal data. We rely on the following:

  • Performance of a contract— to create and manage host accounts, run events, store and serve photos, and provide the gallery.
  • Legitimate interests— to secure the Service, prevent abuse and fraud, respond to your enquiries, and improve our product, balanced against your rights.
  • Legal obligation— to keep records required for tax, accounting and compliance.
  • Consent— where required, for example for certain optional communications. You may withdraw consent at any time.

4. Photos and shared galleries

Photos taken by guests are uploaded to the private gallery for that event and are visible to the host and others with access to the event. As a host, you are responsible for sharing event links appropriately and for the content uploaded to your events. As a guest, you should only photograph people and scenes where it is lawful and appropriate to do so.

If you appear in a photo and want it removed, contact the event host or email us at hello@tryklik.app and we will assist where we are able to.

5. Sharing your data

We do not sell your personal data. We share data only with service providers (“processors”) who help us run the Service, under appropriate contractual safeguards:

  • Clerk — host authentication and account management
  • Neon — database hosting
  • Tigris — object storage for photos
  • Polar — payment processing (Merchant of Record)
  • Resend — transactional and contact email delivery
  • Vercel — application hosting and analytics

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety and property of KLIK, our users or others.

6. International transfers

Some of our providers are located outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement (or equivalent standard contractual clauses) to protect your data.

7. Data retention

We keep personal data only for as long as necessary. Event photos and related data are retained for the lifetime of the event and a reasonable period afterwards, after which they may be deleted or archived. Host account data is kept while your account is active. Payment and transaction records are retained as required by law (typically up to 6 years). Contact messages are kept for as long as needed to handle your enquiry.

8. Security

We use appropriate technical and organisational measures to protect personal data, including encrypted connections (HTTPS), access controls, private object storage served via short-lived signed URLs, and rate limiting. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

9. Your rights

Under the UK GDPR you have the right to access, rectify, erase, or restrict the processing of your personal data, to object to certain processing, and to data portability. Where we rely on consent, you may withdraw it at any time.

To exercise any of these rights, email us at hello@tryklik.app. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk.

10. Cookies and analytics

We use essential cookies and similar technologies required to operate the Service (for example, to keep you signed in as a host and to maintain guest sessions). We use privacy-focused analytics to understand aggregate usage. We do not use these for advertising tracking.

11. Children

The Service is not directed at children under 13, and hosts must be adults. If you believe a child has provided us with personal data, contact us and we will take appropriate steps to remove it.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date above. Significant changes may be notified to hosts by email.

13. Contact us

For any privacy questions or to exercise your rights, contact us at hello@tryklik.app.