Privacy Policy

• The booth runs in your browser. Photos are processed locally on the operator's device by default.
• We only collect what we need to run your account, license, and event archive.
• We never sell your data, never share it for cross-context behavioral advertising, and never use event photos to train AI.
• You can access, correct, export, or delete your data at any time — wherever you live.

The data controller / business responsible for your personal information is Excogito Promethean LLC, a Florida limited liability company doing business as Chromabooth-Pro.

Registered address: 7401 4th Street North, Suite 300, St. Petersburg, FL 33702, United States.

Privacy contact: privacy@chromabooth-pro.com.

Account data

When you sign up: your name, email address, organization name, and password (hashed). Optionally: company billing details and tax/VAT ID.

License and device data

When a booth activates: a device fingerprint (anonymous ID, browser/OS string, screen size), the license key it activates against, and timestamps for first/last seen.

Payment data

Processed by Stripe. We store the Stripe customer ID, the last 4 digits of the card, and invoice metadata. We never see or store full card numbers.

Event photos and videos

Captured by the booth and stored locally on the operator's device by default. If you enable cloud archive sharing, photos are uploaded to our storage with a private share token. Guests who tap "send to my phone" generate a one-time link — no guest email is collected unless they explicitly enter one.

Analytics

We use privacy-friendly product analytics (no third-party ad networks, no cross-site tracking). We log page views, button clicks, and aggregate session counts. No fingerprinting, no advertising cookies.

• To provide the service: account, license activation, billing, support, event archive (contractual necessity / legitimate business purpose).
• To keep it safe: security logs, fraud prevention, abuse detection (legitimate interest).
• With your consent: optional newsletter, marketing emails, guest marketing opt-in at the booth.
• Because the law says so: tax, accounting, and audit records.

We use a small number of vetted service providers ("processors"):

• Stripe — payment processing
• Supabase — database, authentication, and file storage hosting (US region)
• Cloudflare — CDN, edge runtime, and DDoS protection
• Lovable AI Gateway — AI restyle and image-generation models
• Email provider — transactional email delivery (license activation, receipts, password reset)

Each processor is bound by a written data-processing agreement that limits their use of your data to providing the service. We do not sell, rent, or share personal information with third parties for advertising or other purposes outside this list.

• Account data: until you delete the account.
• Event photos in cloud archive: 90 days unless you extend, download, or delete them sooner.
• Invoices and tax records: 7 years (US tax retention).
• Analytics: aggregated and rotated after 13 months.
• Security logs: 12 months.

Regardless of where you are, you can ask us to:

• Access the data we hold about you
• Correct inaccurate or outdated data
• Delete your account and personal data
• Export your data in a portable, machine-readable format
• Object to or limit certain processing, or withdraw consent
• Lodge a complaint with your local data-protection authority

Email privacy@chromabooth-pro.com from the address on your account. We respond within 30 days (45 days for California requests, with one possible extension). We never charge for these requests and never retaliate against you for making them.

If you live in California you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to know the categories and specific pieces of personal information we collect, use, and disclose.
• Right to delete personal information we collected from you (subject to legal-retention exceptions).
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information — we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of, but you can confirm this any time.
• Right to limit use of sensitive personal information — we do not use sensitive personal information for any purpose other than providing the service.
• Right to non-discrimination for exercising any of these rights.

To exercise these rights, email privacy@chromabooth-pro.com. An authorized agent may submit requests on your behalf with written, signed authorization.

If you live in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in section 6 under the GDPR / UK GDPR / Swiss FADP. Our legal bases are: contract (account, license, billing), legitimate interest (security, fraud prevention, basic analytics), consent (marketing, optional features), and legal obligation (accounting, tax). You may also lodge a complaint with your national supervisory authority.

We use a small number of strictly necessary cookies (session, CSRF, language preference). We do not use advertising or tracking cookies, so no cookie banner is shown beyond what's required by law in your region.

Excogito Promethean LLC is established in the United States, and our primary infrastructure is hosted in the US. If you access Chromabooth-Pro from outside the US, your personal information will be transferred to and processed in the US. For transfers from the EEA, UK, and Switzerland we rely on the EU-US, UK Extension, and Swiss-US Data Privacy Framework where applicable, and on Standard Contractual Clauses with our processors otherwise. You can request a copy of the safeguards we use by emailing privacy@chromabooth-pro.com.

Chromabooth-Pro is not intended for children under 16, and we do not knowingly collect personal information from children under 13 (under 16 in the EEA/UK). Operators running events with minors are responsible for obtaining appropriate consent from parents or guardians before guests use the booth.

We will notify active operators by email at least 30 days before any material change to this policy.

Questions, requests, or complaints? Email privacy@chromabooth-pro.com or use the contact form. Postal mail: Excogito Promethean LLC, 7401 4th Street North, Suite 300, St. Petersburg, FL 33702, United States.