Privacy Policy
Last updated: private beta — this page will carry a fixed effective date at public launch.
Who we are
Galora is operated by Galora Technologies Pvt. Ltd. (“Galora,” “we,” “us”), a software platform built for Indian wedding and event photography studios. This policy explains what information we collect from studios (our direct customers) and from the guests and clients those studios photograph, how we use it, and the rights you have over it.
What we collect
From studios (our customers): account details (name, email, WhatsApp/phone), business information, uploaded event photos, client and lead records you enter (names, contact details, event details, quotations), and payment information processed by our payment partners (see “Payments” below).
From guests and event clients: name, email, and phone number when a guest registers for a gallery or is invited by a studio; a one-time selfie photograph used to generate a face-recognition match against event photos, when a guest chooses to use that feature; and photos of the guest captured by the studio at the event.
We do not collect biometric data from anyone who does not voluntarily submit a selfie to use face-matching. Guests can use PIN-protected galleries without ever submitting a selfie.
How we use it
To operate the product: matching guest selfies to event photos, delivering galleries, sending booking/quotation/notification emails and WhatsApp messages on a studio’s behalf, and providing studios with their own business tools (leads, quotations, calendar, analytics).
We do not sell personal data to third parties, and we do not use studio or guest photos to train AI models outside of the matching process each studio explicitly uses for their own event.
Where data is processed and stored
Our application servers run on Amazon Web Services in Mumbai, India. Our primary database (Neon, a managed Postgres provider) currently runs in a Singapore data center region. Photos and exported files are stored on Cloudflare’s object storage network, with an encrypted nightly backup copy on Backblaze. This means not all Galora data is physically stored exclusively within India today.
DPDP Act 2023
We process personal data of guests and clients on behalf of, and at the direction of, the photography studio that uploaded it. We handle facial embedding data (a form of biometric identifier) only for the specific purpose of matching a guest to their own photos, and only when a guest voluntarily submits a selfie.
Any guest can request erasure of their biometric data (selfie and face embedding) at any time through the gallery they registered on — this permanently deletes the stored selfie and embedding.
Payments
Subscription payments are processed by Razorpay; UPI and credit purchases are processed by Cashfree. We do not store your full card or bank account details — those are handled directly by our payment processors. During the private beta, all plans are free and no payment is collected.
Data retention
Your rights
Studios can export their data at any time. Guests can request access to, or erasure of, their biometric data via their gallery, and can contact us directly for any other request regarding their personal data.
Contact us
Questions about this policy, or a data request, can be sent to hello@galora.in.