Your photos and your data

The short version: you own your gallery's contents. We host them so your guests can upload and you can download — that's the entire job. We don't sell them, we don't show them in our marketing, and we don't train anything on them.

Who owns the photos and videos?

You do. Every photo and video your guests upload, plus every guestbook message and RSVP, belongs to the host of the gallery. PixVenu is the hosting infrastructure; the content is yours from the moment a guest hits upload.

Does PixVenu sell my photos?

No. We don't sell, license, or share your gallery contents with third parties. We don't use them in advertising, on the marketing site, or in any kind of promotional material — not even with consent. The product is the platform; your photos are not the product.

Do you train AI on uploaded photos?

No. Your gallery contents do not feed any machine-learning model — ours or anyone else's. No silent training, no opt-out paperwork to find.

Where are the photos actually stored?

Photos and videos live in encrypted object storage provided by Supabase, our infrastructure partner. Access is gated by per-gallery row-level-security policies — only you (and any co-hosts you've explicitly added) can see the full backend; guests only see what their gallery URL permits them to see.

Can you read my private messages or RSVPs?

Operationally, no. PixVenu staff don't browse gallery contents. We do retain server logs (request paths, error traces) that help us diagnose problems, but those logs don't include photo bytes or message bodies. If a host writes in with a specific issue and asks us to look at a row, we will — with their permission.

How long do you keep my photos?

Active galleries: indefinitely while they exist on your account. Archived galleries: as long as the account remains active. Deleted galleries: storage objects and database rows are removed within the same workflow — the only "leftovers" are anonymous server logs that expire on rolling retention. Soft-deleted photos (the Trash workflow on the host detail page) stay recoverable until you click Empty Trash.

What about guests who want their photo removed?

Two paths. First, the guest can self-delete from their own browser via the "You uploaded this" badge on the lightbox — this works for the same browser session that did the upload. Second, the guest can ask the host to remove the photo via the dashboard, which is final. There's no separate appeal queue.

Can I export everything?

Yes. The Download all button on the gallery detail produces a full ZIP — photos, videos, guestbook messages, contributor list, and RSVP responses — all in one archive. There's no "data export" lockout; the export endpoints are first-class features, not an afterthought.

Anything I should worry about?

Two practical things. PIN-protected galleries are a friction layer, not an encryption boundary — a guest who has the PIN can screenshot anything they see. And the public guest URL is the same URL anyone with it can open — share it deliberately. If you need stricter access control than the PIN flow, contact us before the event.