Legal

Privacy Policy

Last updated: private beta — this page will carry a fixed effective date at public launch.

Pending founder/legal review: This policy accurately describes what Galora actually does today, verified against the live product and infrastructure. A few sections below are marked with a placeholder where a specific legal or business decision (registered company address, Grievance Officer contact required under the DPDP Act 2023, exact data-retention windows) is needed before this page can be considered final for public launch.

Who we are

Galora is operated by Galora Technologies Pvt. Ltd. (“Galora,” “we,” “us”), a software platform built for Indian wedding and event photography studios. This policy explains what information we collect from studios (our direct customers) and from the guests and clients those studios photograph, how we use it, and the rights you have over it.

Pending founder/legal review: Our registered company address and Corporate Identification Number (CIN) will be published here before public launch.

What we collect

From studios (our customers): account details (name, email, WhatsApp/phone), business information, uploaded event photos, client and lead records you enter (names, contact details, event details, quotations), and payment information processed by our payment partners (see “Payments” below).

From guests and event clients: name, email, and phone number when a guest registers for a gallery or is invited by a studio; a one-time selfie photograph used to generate a face-recognition match against event photos, when a guest chooses to use that feature; and photos of the guest captured by the studio at the event.

We do not collect biometric data from anyone who does not voluntarily submit a selfie to use face-matching. Guests can use PIN-protected galleries without ever submitting a selfie.

How we use it

To operate the product: matching guest selfies to event photos, delivering galleries, sending booking/quotation/notification emails and WhatsApp messages on a studio’s behalf, and providing studios with their own business tools (leads, quotations, calendar, analytics).

We do not sell personal data to third parties, and we do not use studio or guest photos to train AI models outside of the matching process each studio explicitly uses for their own event.

Where data is processed and stored

Our application servers run on Amazon Web Services in Mumbai, India. Our primary database (Neon, a managed Postgres provider) currently runs in a Singapore data center region. Photos and exported files are stored on Cloudflare’s object storage network, with an encrypted nightly backup copy on Backblaze. This means not all Galora data is physically stored exclusively within India today.

Pending founder/legal review: If exclusive India-only data residency is required for compliance or customer commitments, that requires either a founder decision to migrate the database to an India-region provider, or updated wording here reflecting the real, multi-region setup — do not represent this as India-only in any other page on this site.

DPDP Act 2023

We process personal data of guests and clients on behalf of, and at the direction of, the photography studio that uploaded it. We handle facial embedding data (a form of biometric identifier) only for the specific purpose of matching a guest to their own photos, and only when a guest voluntarily submits a selfie.

Any guest can request erasure of their biometric data (selfie and face embedding) at any time through the gallery they registered on — this permanently deletes the stored selfie and embedding.

Pending founder/legal review: The DPDP Act 2023 requires a named Grievance Officer with published contact details. That name and contact needs to be added here before public launch.

Payments

Subscription payments are processed by Razorpay; UPI and credit purchases are processed by Cashfree. We do not store your full card or bank account details — those are handled directly by our payment processors. During the private beta, all plans are free and no payment is collected.

Data retention

Pending founder/legal review: Exact retention periods (how long photos, guest records, and biometric data are kept after an event, and after a studio account is closed) need a founder decision before this section can state a specific number of days/months.

Your rights

Studios can export their data at any time. Guests can request access to, or erasure of, their biometric data via their gallery, and can contact us directly for any other request regarding their personal data.

Contact us

Questions about this policy, or a data request, can be sent to hello@galora.in.