Skip to main content

Legal

Privacy Policy

Last updated: October 18, 2025

This Privacy Policy explains how Gather Shot ("Gather Shot," "we," "us," or "our") collects, uses, and shares personal information when you access or use our websites, apps, and related services (the "Service"). This Policy applies wherever we act as a controller of your personal information.

1) Information We Collect

a) Information you provide to us

  • Account details (e.g., name, email, password).
  • Event details (e.g., event name, date/time, location, host notes, customizations).
  • Collaborators/guests you invite (e.g., names/emails and roles/permissions).
  • Content you upload (photos, videos, captions, and associated metadata).
  • Support and communications (messages you send us, survey responses).

b) Information collected automatically

  • Usage and device data (IP address, approximate location derived from IP, browser and device type, app version, pages viewed, timestamps, referring/exit pages).
  • Cookies and similar technologies used to keep you signed in, remember your preferences, and help us secure the Service. See Cookies & Tracking below.

c) Payment information

  • When you make a purchase, payment is processed by our payment processor. We do not collect or store full payment card numbers or security codes. We receive limited information (e.g., billing contact, transaction status, amount, and internal identifiers) to record your purchase, prevent fraud, and deliver receipts.

d) Location lookup

  • If you use location autocomplete/lookup features while creating an event, the text you enter may be sent to a location services provider to return suggestions. We log minimal diagnostic information for security and troubleshooting.

e) Public galleries and links

  • If an event's gallery is configured as public, accepted media may be accessible to anyone with the link. Direct file links may persist in caches or third‑party systems for a period even after deletion.

2) How We Use Information

We use personal information to:

  • Provide and operate the Service (create accounts, host events, uploads/downloads, moderation, customer support).
  • Process payments and manage orders, subscriptions, add‑ons, and invoices.
  • Communicate with you about your account and the Service, including:
    • Transactional messages (e.g., password resets, invitations, purchase confirmations, important service notices).
    • Marketing & promotional messages, including newsletters, product updates, and cross‑promotions with our affiliates and partners (see Sharing below). You can opt out at any time via the unsubscribe link in our emails or by contacting us.
  • Personalize features and content, and measure engagement (e.g., to understand what features are useful).
  • Maintain safety and integrity (detect/prevent fraud, abuse, and security incidents; enforce our Terms).
  • Comply with law and exercise or defend legal claims.

Legal bases (EEA/UK only): We process personal information as necessary to perform our contract with you; based on our legitimate interests (e.g., to secure and improve the Service, to send marketing where allowed); with your consent (e.g., mailing lists where consent is required); and to comply with legal obligations.

3) Cookies & Tracking

We use the following categories of cookies and similar technologies:

  • Essential: required for core functionality and security (e.g., keeping you signed in, rate limiting, CSRF protection).
  • Functional: remember preferences and improve experience.
  • Performance/Analytics: help us understand usage to improve the Service.
  • Marketing/Email analytics: measure and improve our marketing and email open/click performance; ensure promotions reach interested users. Marketing cookies/pixels are used only where permitted and subject to your choices.

Your choices: You can manage cookies through your browser settings. Where required, we will present a consent banner and honor your preferences. You may also opt out of marketing emails at any time using the unsubscribe link.

4) How We Share Information

We disclose personal information in the following circumstances:

  • Service providers (processors). We work with vetted service providers to deliver the Service (e.g., cloud hosting and storage, email delivery, payment processing, customer support, security). We require these providers to use information only on our instructions and to protect it appropriately. We maintain a current list of key providers in section 14 below.
  • Affiliates & partners (cross‑promotion). We may promote Gather Shot jointly with affiliates and marketing partners. Where permitted, we may share limited identifiers (e.g., a hashed email) or campaign information so that our partners can measure or deliver a promotion about Gather Shot. We do not permit partners to use your information for their own independent marketing without your consent. You can opt out of our marketing and cross‑promotion at any time.
  • Public content. Content in public galleries is viewable by anyone with the link and may be shared by others. Please consider this when uploading.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of all or part of our business, information may be transferred to the relevant entity subject to this Policy.
  • Legal and safety. We may disclose information to comply with law, legal process, or lawful requests; to enforce our terms; or to protect the rights, property, or safety of Gather Shot, our users, or the public.

California (CPRA): We do not sell personal information as most people understand the term. If our cross‑promotion activities are considered "sharing" for cross‑context behavioral advertising under the CPRA, you have the right to opt out of sharing. Contact us to exercise this right.

5) Data Retention

We retain personal information for as long as needed to operate the Service, comply with legal obligations, resolve disputes, and protect our rights. For example:

  • Account and event data are kept while your account is active and for a reasonable period thereafter.
  • Content is retained according to the event's retention settings configurable by the host (a default retention period applies) and may be extended.
  • Payment and transaction records are kept as required for tax/audit and fraud prevention.
  • Logs and security records are kept for a limited period for safety and troubleshooting.

When no longer needed, we take steps to delete or anonymize information.

6) Your Rights & Choices

Depending on where you live, you may have rights to request access, correction, deletion, restriction, portability, or to object to certain processing (including marketing). You can:

  • Access or update certain information in your account settings.
  • Unsubscribe from marketing via the link in our emails.
  • Contact us to exercise rights or appeal a decision. We will respond as required by law.

Residents of California may also request information about our practices and exercise the right to opt out of sale/sharing, limit the use of sensitive personal information (if applicable), and non‑discrimination for exercising rights.

7) Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, and protections against unauthorized access and abuse. No system is perfectly secure, and we cannot guarantee absolute security.

8) International Transfers

We are based in the United States and may process information in the U.S. and other countries. Where required, we use appropriate safeguards for international transfers (e.g., Standard Contractual Clauses).

9) Children's Privacy

The Service is not directed to children under 16 (or the age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

10) Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy and, where appropriate, by email or an in‑product notice. The revised Policy will be effective when posted unless otherwise stated.

11) Contact Us

Email: [email protected]
Address: 502 W 7th ST STE 100 Erie, PA, 16502, USA
Website: gathershot.com

12) California (CCPA/CPRA)

  • Categories collected: identifiers; commercial information; internet/network activity; geolocation (coarse); user‑generated content; inferences (e.g., preferences) where permitted.
  • Sources: directly from you; automatically from your device/browser; service providers; affiliates/partners (for cross‑promotion, where permitted).
  • Purposes: as described in How We Use Information.
  • Disclosures: to service providers; affiliates/partners for cross‑promotion (you may opt out); legal authorities as required; business transfers.
  • Retention: as described in Data Retention.
  • Your rights: right to know/access, delete, correct, portability, opt out of sale/sharing, limit sensitive PI, non‑discrimination.

13) EEA/UK (GDPR)

  • Controller: Gather Shot LLC.
  • Data Protection Contact/DPO: [email protected].
  • Legal bases: contract, legitimate interests, consent (where required), legal obligations.
  • Your rights: access, rectification, erasure, restriction, portability, objection (including to direct marketing), and to withdraw consent at any time without affecting prior processing.
  • Complaints: You may lodge a complaint with your local supervisory authority.

14) Service Providers & Subprocessors

The following service providers and subprocessors may process personal information on our behalf to help us deliver the Service. This list reflects our current technical implementation and is provided for transparency, though it may not be exhaustive. We may add, remove, or replace providers from time to time as we operate and improve the Service.

Payment Processing

  • Stripe, Inc.: Payment processing, fraud prevention, billing records, and PCI-compliant card data handling. Stripe processes customer and billing information, payment methods (including card data collected directly via Stripe.js), transaction records, and device/telemetry data for fraud prevention.

Email Delivery

  • Postmark: Transactional email delivery, including password resets, event invitations, magic login links, and payment receipts. Postmark processes recipient email addresses, message content, and delivery/engagement metrics.

Cloud Storage & Media Processing

  • Cloudinary Ltd.: Cloud storage, content delivery network (CDN), and media transformation services for user-uploaded images and videos. Cloudinary processes media files, metadata, transformation parameters, and access logs (including IP addresses and user agents). Pro-tier events use Cloudinary for media storage and delivery.
  • DigitalOcean LLC: S3-compatible object storage for Basic-tier event media and temporary ZIP download archives. DigitalOcean processes uploaded files, metadata, and presigned URL access details. Default storage region: NYC3 (US East).
  • Amazon Web Services, Inc.: May be used for certain file storage needs depending on configuration. AWS processes stored files, metadata, and access logs if enabled.
  • Compute & Database Hosting: We use third-party infrastructure providers for application hosting and managed databases. These providers have access to data stored on their systems and are contractually required to maintain confidentiality. Specific providers depend on deployment configuration.

Location & Mapping Services

  • Google LLC (Places API): Location autocomplete during event creation. When you use location lookup features, your typed queries are sent server-side to Google's Places API (v1). We log queries and truncated API responses for security and troubleshooting.