Privacy Policy

Last updated: 12 June 2026

Keepcove lets the host of an event create a private online gallery where their guests add photos and videos by scanning one QR code — no app and no login. This policy explains what personal data we collect when you use keepcove.app, why we collect it, the legal bases we rely on, and the rights you have over it.

This policy is provided for transparency and plain-English clarity. It is not legal advice — please take your own professional advice before relying on it.

The short version

We're a small UK company; you can reach us about privacy at [email protected].
Hosts give us an event name and an email; guests give us photos and videos and an optional name.
We store photos and videos unchanged, so any location (GPS) or other data your camera saved inside them stays in the file.
Our analytics are cookieless and never store your IP address — no tracking, and no cookie-consent banner.
You can object to our use of your data, ask for a copy, or ask us to delete it at any time.

Who we are

keepcove.app (“Keepcove”, “we”, “us”) is operated by TRIOFLOW LABS LTD, a company registered in England and Wales (United Kingdom) under company number 16731070. We are the data controller for the personal data described in this policy. You can contact us about privacy at [email protected].

What we collect and why

If you create a gallery (the host)

When you set up a gallery at keepcove.app/create you give us an event name, an event type, an optional event date, and your email address. We store these as a small configuration file alongside your gallery. Your email is kept on our servers only — it is never shown to your guests and never appears on any gallery page. We hold it so that, in future, you can recover your gallery links if you lose them, and it may be used for your billing records if you take your gallery live. We do not use it for marketing, and we never email your guests.

If you take your gallery live (a paid step), your payment is handled by Stripe: your card details and billing address go directly to Stripe and never touch our servers — we never see or store your card number. On our side we keep only your gallery’s payment status and Stripe’s reference codes for it, so we know the gallery is live and can manage your renewal.

If you add to a gallery (a guest)

When you add photos or videos to a gallery we collect the files themselves and, optionally, a name or label you can type so the host knows who shared what (you can leave this blank). The host of that gallery can see everything uploaded to it. See Photos, videos and the people in them for how we handle the files and the data hidden inside them.

When anyone visits

So a host can see basic interest in their gallery, we collect a small amount of cookieless, privacy-preserving usage data. For each visit we create a one-way fingerprint by hashing your IP address and browser user-agent together with a secret value (SHA-256) and keeping only the first part of the result. We store that hash as an anonymous marker — we never store your raw IP address. We also count aggregate video watch-time. None of this identifies you, sets a tracking cookie, or follows you across other websites, and only the gallery’s host can see the totals.

The legal bases we rely on

We process personal data under the UK GDPR. For visitors in the EU, the EU GDPR applies equivalently. The bases we rely on are:

Performance of a contract: We process a host’s email and event details to create, run and help them recover their gallery — the service they asked us for.
Legitimate interests: We rely on our legitimate interests for: keeping the service secure and preventing abuse (including the bot check at sign-up); measuring aggregate, cookieless usage so hosts can see interest in their gallery; and holding a host’s email so they can recover their links. We also rely on the legitimate interests of a host and their guests in collecting and keeping the photos of their event. Where we rely on legitimate interests, you have the right to object — see Your rights.

We do not rely on consent for any of this, and we do not have — or need — a cookie-consent banner (see Cookies and local storage).

Is providing your data required?

Providing your data is not required by law, but some of it is necessary to use Keepcove:

To create a gallery, a host must give an event name and an email — without them we can’t set up your gallery or later help you recover it.
Guests don’t have to give a name; it’s optional. Uploading photos is, of course, the point of the service, so without them there’s nothing to share.

Photos, videos and the people in them

We store your original files unchanged. That means any metadata your camera or phone saved inside them — which can include GPS location, the device model, and the date and time — stays in the file. Our app reads the capture time on your own device to sort photos, but it does not strip this metadata out. If you’d rather not share it, you can remove location/EXIF data before uploading, and you can leave the name field blank.

The host of an event decides whom they invite and photograph, and is responsible for the people who appear in uploads — including guests and any third parties who never visited Keepcove. Where someone appears in a photo, we obtained their information from the person who uploaded it (the host or a guest), not from them directly. It is often not possible for us to contact everyone who appears in event photos; the law recognises that individually notifying each such person can be impractical.

For uploaded photos and videos we consider ourselves a controller, because we decide how they are stored, for how long, and which providers we use. The host also makes decisions about the same photos, so we and the host may be joint or independent controllers — a point we are reviewing with our advisers. If you appear in a photo and want it removed, see How long we keep it.

Cookies and local storage

We use no advertising or cross-site tracking cookies, and there is no consent banner because we set no non-essential cookies.

Cookies

There is exactly one: nisan_admin_<your-event>. We set it only after a host enters their private host code, so the browser stays signed in to manage that gallery. It is strictly necessary for that function, lasts 30 days, and is restricted to our own site (SameSite=Strict).

Local storage on your device

We keep a few small, strictly-functional values in your browser’s local storage so the app works: your language choice, an optional guest name you’ve typed, a record of what you’ve already uploaded (so you don’t upload duplicates), and a short timestamp that throttles how often the app registers a “view”. These are necessary for features you’ve asked for, so they don’t require consent, and they are not used to profile or track you.

Analytics

The usage measurement described above is cookieless and stores nothing on your device that identifies you; we rely on our legitimate interests for it, not consent.

Who else is involved

We keep Keepcove deliberately small. The providers that help us run it are:

Cloudflare — hosts the website, stores the uploaded photos and configuration (Cloudflare R2), and runs the bot check (“Turnstile”) at sign-up. When you create a gallery, Turnstile receives a token and your IP address to confirm you’re not a bot.
Google Fonts — our pages, including galleries, load fonts from Google’s servers (fonts.googleapis.com and fonts.gstatic.com). This means Google receives your IP address, browser user-agent and referring page each time a page loads. We use Google Fonts to render the site’s typography and rely on our legitimate interests; we plan to self-host these fonts in future to remove this transfer.
Stripe — handles payments when a host takes a gallery live, acting as merchant of record. The checkout page (and only that page) loads Stripe’s payment software, and Stripe receives the card details, billing address and email needed to process the payment, handle applicable taxes, and send receipts — see Stripe’s privacy policy. Guest gallery pages never load Stripe and guests never pay.

We use no analytics SDKs, ad networks or social-media tracking pixels.

Where your data is processed

Cloudflare and Google are global providers and may process data on servers outside the UK and EEA, including in the United States. Where data is transferred outside the UK/EEA, those transfers are covered by the safeguards in our providers’ data-processing terms — typically the UK International Data Transfer Addendum and the EU Standard Contractual Clauses (and, for Google, the EU–US Data Privacy Framework where it applies).

How long we keep it

We don’t delete things on a fixed schedule — a gallery is meant to last. We keep your data until the gallery’s host deletes it or asks us to:

A host can delete uploaded photos and videos themselves from the gallery’s host view.
Self-service deletion covers the uploaded media. It does not currently remove a host’s own configuration (including the stored email) or the anonymous usage markers — to delete those, email [email protected] and we’ll handle it.
Guests can’t delete their own uploads from the gallery. If you’ve uploaded something, or appear in a photo, and want it removed, ask the gallery’s host, or contact us at [email protected] and we’ll route it.
The temporary links used to view or upload files expire after one hour, so there are no permanent public links to your photos.

Automated decisions

We don’t make any automated decisions that have a legal or similarly significant effect on you. The only automated check is the bot/abuse screen at sign-up (Cloudflare Turnstile), which scores whether a request looks automated.

Your rights

Under the UK GDPR (and the EU GDPR) you have the right to access the personal data we hold about you; to ask us to correct it; to ask us to delete it; to restrict or object to how we use it; and to receive it in a portable format. Because we rely on legitimate interests for security, analytics and link-recovery, you have a specific right to object to that processing.

To exercise any of these, email [email protected]. You also have the right to complain to the Information Commissioner’s Office (ICO), or, if you’re in the EU, to your local data protection authority — though we’d appreciate the chance to put things right first.

If you’re in the United States

Keepcove is available worldwide. If you’re in the United States, we do not sell your personal information, and we don’t share it for cross-context behavioural advertising. If you’re a California resident, you have the right to know what personal information we hold about you and to ask us to delete it — contact [email protected].

Children

Keepcove is intended for adults organising and attending events; it isn’t directed at children, and we don’t knowingly collect personal data from children. Children may, of course, appear in photos that guests upload — those are handled like any other uploaded photo, and a host or guardian can ask us to remove them.

Changes to this policy

If we change this policy, we’ll update the “last updated” date shown beneath the title, which always reflects the current version.

Contact

Questions, requests or complaints about privacy: [email protected] — TRIOFLOW LABS LTD, company number 16731070 (England and Wales).