Privacy Policy

Last updated: 8 April 2026

1. Who We Are

GuestDrop ("we", "us", "our") is an event photo-sharing platform operated by AuraFarm. We help event creators collect guest photos via QR codes with zero friction — no app downloads or signups required for guests.

2. Information We Collect

Event Creators (Authenticated Users)

  • Google account information (name, email, profile picture) via Google OAuth
  • Event details you create (event name, date, type)
  • Payment information processed by Razorpay (we do not store card numbers)

Guests (Unauthenticated Uploaders)

  • Photos and videos uploaded via the QR code link — stored directly in the creator's Google Drive, not on our servers
  • Basic device metadata (browser type, upload timestamp) for troubleshooting
  • No personal information, login, or account is required

3. How We Use Your Information

  • To authenticate you and manage your events
  • To process payments via Razorpay for event creation (Free per event)
  • To store uploaded photos in your connected Google Drive account
  • To display the event gallery to you and your guests
  • To send transactional emails (event confirmations)

4. Photo Storage

All guest-uploaded photos and videos are stored directly in the event creator's Google Drive account. GuestDrop does not store media files on its own servers. When a creator does not connect Google Drive, media is stored in secure cloud storage (Cloudflare R2) and remains accessible for the event duration.

5. Payment Processing

Payments are processed by Razorpay, a PCI-DSS compliant payment gateway. We receive payment confirmation and transaction IDs but never have access to your full card details, UPI PIN, or banking credentials.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:

  • Google — for OAuth authentication and Drive storage (per your consent)
  • Razorpay — for payment processing
  • Vercel — our hosting provider (infrastructure only)

7. Cookies

We use essential cookies for authentication sessions. We do not use third-party tracking cookies or advertising cookies.

8. Data Retention

Event data is retained for 30 days from event creation. After expiry, event metadata is removed from our database. Photos in your Google Drive remain in your Drive — we do not delete them.

9. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA), you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for data processing

To exercise these rights, contact us at dev@aurafarm.tech.

10. Security

All data is transmitted over HTTPS. Authentication tokens are stored securely. We follow industry-standard security practices to protect your information.

11. Contact

For privacy-related questions, contact us at dev@aurafarm.tech.