← Back to CrackinShare

Privacy Policy

Last updated: 19 May 2026  ·  Crackin Events Ltd  ·  hello@crackinshare.co.uk

Short version: We collect the minimum data needed to run your gallery. We don't sell it, we don't advertise with it, and you can delete everything at any time.

Who we are

CrackinShare is operated by Crackin Events Ltd, a UK business. References to "we", "us", or "our" mean Crackin Events Ltd. We are the data controller for your personal information.

Contact: hello@crackinshare.co.uk

What data we collect

When you create an account:

  • Your name and email address
  • Password (stored as a one-way hash — we cannot read it)
  • The date you registered

When you purchase a gallery:

  • Payment is processed entirely by Square — we never see or store your card details
  • We store the transaction reference and amount for our records

When you use your gallery:

  • Your gallery name, event date, and personalisation settings
  • Photos and videos uploaded by your guests (stored on our UK servers)
  • Guest names and messages attached to uploads (as entered by guests themselves)

Technical data:

  • Session cookies to keep you signed in (see our Cookie Policy)
  • Standard server logs (IP address, browser, pages visited) — retained for 30 days for security purposes

What we do NOT collect

  • We do not use advertising or tracking cookies
  • We do not sell or share your data with third parties for marketing
  • We do not use analytics platforms (no Google Analytics, Hotjar, etc.)
  • We do not profile users or use automated decision-making

How we use your data

  • To provide the service — running your gallery, processing your payment, sending you sign-in links
  • To communicate with you — support replies, important account notices. We don't send marketing emails unless you opt in separately
  • To keep the service secure — detecting abuse, preventing fraud
  • Legal obligations — tax records and fraud prevention as required by UK law

Legal basis for processing

  • Contract — processing your data to deliver the service you've paid for (Art. 6(1)(b) UK GDPR)
  • Legitimate interests — security logs and fraud prevention (Art. 6(1)(f))
  • Legal obligation — financial records (Art. 6(1)(c))

Third-party services

We use a small number of carefully chosen third parties:

  • Square — payment processing. Their privacy policy applies to card data
  • Google Fonts — typography loaded from Google's CDN. Google may log requests; see their privacy policy
  • Microsoft OneDrive (optional) — if enabled by us for backup purposes only. No user data is shared with Microsoft beyond the files themselves

We do not use Facebook, TikTok, Amazon Ads, or any other advertising platform.

Data storage and security

Your data is stored on servers located in the United Kingdom. We use HTTPS for all connections, bcrypt for password hashing, and CSRF tokens on all forms. Access to production data is restricted to authorised staff only.

How long we keep your data

  • Your account and gallery — for as long as you have an active subscription, plus 90 days after expiry to allow recovery
  • Deleted galleries — permanently removed from disk within 48 hours of deletion
  • Payment records — 7 years as required by UK HMRC
  • Server logs — 30 days, then automatically purged

Your rights (UK GDPR)

As a UK resident you have the following rights:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — correct inaccurate data (you can update most things in Account Settings)
  • Right to erasure — request deletion of your account and all associated data
  • Right to portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to restrict processing — request that we limit how we process your data

Exercising your rights: You can delete your account and all your data immediately from your Account Settings page. For other requests, email us at hello@crackinshare.co.uk — we'll respond within 30 days as required by law.

Guest uploads and third-party data

When a guest uploads a photo or video to your gallery, they provide their name and an optional message. As the gallery owner, you are a joint data controller for this content — you are responsible for ensuring guests are aware their uploads will be stored, and for moderating or deleting content as appropriate.

Guests can have their uploads deleted by contacting you directly, or by emailing us at hello@crackinshare.co.uk with the gallery URL and a description of their upload.

Cookies

We use a minimal set of cookies. See our Cookie Policy for full details.

Children

CrackinShare is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. We'll notify you by email if we make material changes. The "last updated" date at the top of this page always shows the most recent revision.

Complaints

If you're unhappy with how we've handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk or call 0303 123 1113.

Contact

Data controller: Crackin Events Ltd
Email: hello@crackinshare.co.uk