Privacy Policy

Privacy Policy

Effective Date: 01/01/2026

1. Introduction

OneAlbum (“OneAlbum”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy (“Policy”) explains how we collect, use, store, share, and delete personal data when you access or use our website, applications, QR-code services, digital albums, and related features (collectively, the “Services”).

By accessing or using the Services, you confirm that you have read and understood this Policy and agree to its terms. If you do not agree, you should not use the Services.

We may update this Policy periodically. Where changes are material, we will notify you through the Services or by email. We encourage you to review this Policy from time to time.

Key Principles

  • We take reasonable technical and organizational measures to keep your data secure
  • We do not sell your personal data or uploaded media
  • You remain responsible for the legality and appropriateness of any content you upload

2. Definitions

  • “Services” means OneAlbum’s event media services, including QR-code albums, photo and video uploads, forms, and event-related tools
  • “Website” means OneAlbum’s official website and associated domains
  • “Personal Data” means information relating to an identified or identifiable individual
  • “User Content” means photos, videos, text, or other media uploaded by users
  • “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion
  • “Controller” means OneAlbum, which determines how and why Personal Data is processed
  • “Processor” means a third party that processes data on our behalf
  • “UK GDPR” means the United Kingdom General Data Protection Regulation
  • “Kenya DPA” means the Kenya Data Protection Act, 2019

3. Information We Collect

We collect only the information that is necessary, relevant, and proportionate to provide the Services.

3.1 Personal Data You Provide

This may include:

  • Full name
  • Email address
  • Phone number (where applicable)
  • Event details and form submissions
  • Photos, videos, messages, and other media you upload
  • Any additional information you choose to provide when using the Services

3.2 Automatically Collected Data

When you use the Services, we may automatically collect:

  • IP address
  • Browser type, device type, and operating system
  • Language preferences and approximate location
  • Pages viewed, actions taken, and interaction data

We may use cookies or similar technologies to enable essential functionality and improve user experience. You can control cookies through your browser settings, though disabling them may affect certain features.

4. How We Use Your Information

We process your information for the following purposes:

  • To provide, operate, and maintain the Services
  • To securely store and display your uploaded media
  • To manage accounts, subscriptions, and event access
  • To communicate with you regarding your account or Services
  • To improve platform performance and user experience
  • To comply with legal and regulatory obligations

We do not use your uploaded photos or videos for advertising or marketing without your explicit consent.

5. Sub-Processors and Infrastructure

To operate OneAlbum securely and efficiently, we use trusted third-party service providers (“sub-processors”) who process limited data on our behalf under contractual data-protection obligations.

Current Sub-Processors

  • DigitalOcean: Used for application hosting and backend infrastructure. Data may be processed in EU or UK regions.
  • Amazon Web Services (AWS S3): Used for secure storage of uploaded photos, videos, and media files. Data may be stored in EU or UK data centers.

We only share Personal Data with sub-processors to the extent necessary to deliver the Services and require them to implement appropriate security and confidentiality measures.

6. Children’s Privacy

The Services are not intended for use by children under the age of 13. We do not knowingly collect Personal Data from children. If we become aware that Personal Data has been collected from a child without appropriate consent, we will delete such data promptly.

7. Data Security

We implement reasonable administrative, technical, and organizational safeguards to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.

While we strive to protect your information, no method of transmission or storage is completely secure. You acknowledge and accept this risk when using the Services.

8. Your Rights

Depending on your location, you have certain rights regarding your Personal Data.

8.1 General Rights

You may request to:

  • Access your Personal Data
  • Correct or update inaccurate or incomplete data
  • Restrict or object to certain processing
  • Request deletion of your data
  • Receive information about how your data is processed

Requests can be made by contacting us at rubicksware.

8.2 UK GDPR Rights (UK & EU Users)

If you are located in the UK or EU, you also have the right to:

  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) or a relevant supervisory authority

8.3 Kenya Data Protection Act Rights (Kenya Users)

Under the Kenya DPA, you have the right to:

  • Be informed about the use of your Personal Data
  • Access and correct your data
  • Object to processing
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC)

9. International Data Transfers

Your Personal Data may be processed or stored outside your country of residence. Where this occurs, we ensure appropriate safeguards are in place, including:

  • Transfers to jurisdictions with adequate data-protection standards
  • Contractual protections aligned with UK GDPR and Kenyan data-protection requirements

10. Data Retention and Deletion

10.1 General Retention

We retain Personal Data and User Content only for as long as necessary to provide the Services, comply with legal obligations, or as otherwise described in this Policy.

10.2 Package-Based Retention and Expiry

The length of time your photos, videos, and other uploaded media are stored depends on the package or plan you select.

Once the storage period associated with your package expires, your uploaded images and media will be automatically and permanently deleted from our systems.

10.3 User-Initiated Deletion

When you choose to delete images or other media through the Services:

  • The content is removed from your account immediately
  • The deleted content is permanently erased from our active storage systems
  • Deleted content cannot be recovered once deletion is completed

10.4 Account Expiry or Inactivity

If your subscription expires or your account becomes inactive:

  • We may notify you in advance to allow you to renew or back up your data
  • If no action is taken within the stated grace period, your media and associated data may be permanently deleted

10.5 Immediate Deletion

We reserve the right to immediately delete User Content without notice where required by law or where content violates our Terms of Service, including unlawful or prohibited material.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are significant, we will notify you through the Services or by email. Continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your Personal Data, please contact us at:

OneAlbum

Address: UK, Surrey, Guildford, Dapdune Rd

Kenya, Nairobi, Westlands, Viking House

Email: admin@rubicksware.com