Privacy Policy
Last updated: 20 March 2026
1. Who we are
Shotifi ("we", "us", "our") is an event photography platform operated by Focus & Co. We enable venues, photographers and event organisers to publish photos from events, and allow guests and attendees to view, react to, and download those photos.
Data Controller for the platform: Focus & Co.
Contact: privacy@shotifi.com
2. What data we collect
| Data | Purpose | Legal Basis |
|---|---|---|
| Event photos (may contain identifiable individuals) | Publishing event galleries | Legitimate interest of the photographer/venue/event organiser |
| Name & email (registered users) | Account management, communication | Contract (providing the service) |
| Guest name (optional, on guest uploads) | Attributing uploaded photos | Consent (voluntarily provided) |
| IP address (hashed) | Analytics, rate limiting, abuse prevention | Legitimate interest |
| Page views & event views | Aggregate analytics for event organisers | Legitimate interest |
| Order & payment data | Processing purchases (prints, downloads) | Contract |
3. Event photography & your rights
Photos published on Shotifi are taken at events in venues that are open to the public or semi-public (bars, clubs, festivals, weddings etc.). The legal basis for processing these photos is legitimate interest β the photographer, venue or event organiser has a legitimate interest in documenting and promoting their events.
Before photos are taken, the photographer or venue is required to display signage at the event informing attendees that photography is taking place and that photos will be published on Shotifi. Attendees who do not wish to be photographed should inform venue staff or the photographer.
4. Photo removal (Right to Erasure)
If you appear in a photo and would like it removed, you can submit a removal request at any time. We aim to process requests within 48 hours and will action all valid requests within 30 days as required by GDPR.
5. Who has access to your data
- Venue owners & photographers β can view analytics (anonymised) for their events
- Event organisers β can manage photos for events they created
- Platform administrators β for support, moderation and legal compliance
We do not sell your data to third parties. We do not share identifiable personal data with any third party except where required by law.
6. Data retention
- Event photos: Retained for the lifetime of the event listing or until removed by the uploader, event organiser, or via a removal request
- User accounts: Retained until the account is deleted
- Analytics data: IP hashes and page views are retained for 12 months
- Order data: Retained for 6 years (legal/accounting requirement)
7. Cookies
We use only essential session cookies required for the site to function (login state, CSRF protection). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Your rights under GDPR
You have the right to:
- Access β request a copy of data we hold about you
- Rectification β correct inaccurate data
- Erasure β request deletion of your data (including photos you appear in)
- Restriction β request we limit processing of your data
- Portability β receive your data in a portable format
- Object β object to processing based on legitimate interest
To exercise any of these rights, email privacy@shotifi.com or use the photo removal form.
9. Data security
All data is transmitted over HTTPS. Passwords are hashed using bcrypt. IP addresses are stored as irreversible SHA-256 hashes. Access to admin functions requires authentication.
10. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top will reflect any changes. Continued use of the site constitutes acceptance of the updated policy.
11. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).