Privacy Policy
Last updated: 28 April 2026 · Crackin Events Ltd · hello@crackinshare.co.uk
Short version: We collect the minimum data needed to run your gallery. We don't sell it, we don't advertise with it, and you can delete everything at any time.
Who we are
CrackinShare is operated by Crackin Events Ltd, a UK business. References to "we", "us", or "our" mean Crackin Events Ltd. We are the data controller for your personal information.
Contact: hello@crackinshare.co.uk
What data we collect
When you create an account:
- Your name and email address
- Password (stored as a one-way hash — we cannot read it)
- The date you registered
When you purchase a gallery:
- Payment is processed entirely by Square — we never see or store your card details
- We store the transaction reference and amount for our records
When you use your gallery:
- Your gallery name, event date, and personalisation settings
- Photos and videos uploaded by your guests (stored on our UK servers)
- Guest names and messages attached to uploads (as entered by guests themselves)
Technical data:
- Session cookies to keep you signed in (see our Cookie Policy)
- Standard server logs (IP address, browser, pages visited) — retained for 30 days for security purposes
What we do NOT collect
- We do not use advertising or tracking cookies
- We do not sell or share your data with third parties for marketing
- We do not use analytics platforms (no Google Analytics, Hotjar, etc.)
- We do not profile users or use automated decision-making
How we use your data
- To provide the service — running your gallery, processing your payment, sending you sign-in links
- To communicate with you — support replies, important account notices. We don't send marketing emails unless you opt in separately
- To keep the service secure — detecting abuse, preventing fraud
- Legal obligations — tax records and fraud prevention as required by UK law
Legal basis for processing
- Contract — processing your data to deliver the service you've paid for (Art. 6(1)(b) UK GDPR)
- Legitimate interests — security logs and fraud prevention (Art. 6(1)(f))
- Legal obligation — financial records (Art. 6(1)(c))
Third-party services
We use a small number of carefully chosen third parties:
- Square — payment processing. Their privacy policy applies to card data
- Google Fonts — typography loaded from Google's CDN. Google may log requests; see their privacy policy
- Microsoft OneDrive (optional) — if enabled by us for backup purposes only. No user data is shared with Microsoft beyond the files themselves
We do not use Facebook, TikTok, Amazon Ads, or any other advertising platform.
Data storage and security
Your data is stored on servers located in the United Kingdom. We use HTTPS for all connections, bcrypt for password hashing, and CSRF tokens on all forms. Access to production data is restricted to authorised staff only.
How long we keep your data
- Your account and gallery — for as long as you have an active subscription, plus 90 days after expiry to allow recovery
- Deleted galleries — permanently removed from disk within 48 hours of deletion
- Payment records — 7 years as required by UK HMRC
- Server logs — 30 days, then automatically purged
Your rights (UK GDPR)
As a UK resident you have the following rights:
- Right of access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate data (you can update most things in Account Settings)
- Right to erasure — request deletion of your account and all associated data
- Right to portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to restrict processing — request that we limit how we process your data
Exercising your rights: You can delete your account and all your data immediately from your Account Settings page. For other requests, email us at hello@crackinshare.co.uk — we'll respond within 30 days as required by law.
Guest uploads and third-party data
When a guest uploads a photo or video to your gallery, they provide their name and an optional message. As the gallery owner, you are a joint data controller for this content — you are responsible for ensuring guests are aware their uploads will be stored, and for moderating or deleting content as appropriate.
Guests can have their uploads deleted by contacting you directly, or by emailing us at hello@crackinshare.co.uk with the gallery URL and a description of their upload.
Cookies
We use a minimal set of cookies. See our Cookie Policy for full details.
Children
CrackinShare is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes to this policy
We may update this policy from time to time. We'll notify you by email if we make material changes. The "last updated" date at the top of this page always shows the most recent revision.
Complaints
If you're unhappy with how we've handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk or call 0303 123 1113.
Contact
Data controller: Crackin Events Ltd
Email: hello@crackinshare.co.uk