UNSEEN is a mobile app for taking photos and videos at real-world events. Someone sets up an event, generates a QR code, and the people who scan it can capture photos and videos through the app for the duration of the event. Everything stays locked until the reveal date the organiser picked, and then everyone who took part can see the whole set.
This page describes what information we hold about you when you use UNSEEN, why we have it, and what you can do about it.
You can use most of UNSEEN without giving us anything that we can link back to your identity. Scanning into someone else's event, taking photos there, and looking at the captures after the reveal all work without you signing in. If you want your events and your captures to survive losing or replacing your phone, you can sign in with Apple or Google. We do not offer email or password sign-in, and there is no "create an account" form anywhere in the app.
What we keep
Captures. The photos and videos you take inside the app are stored on our servers along with the filter preset, the timestamp, your device's platform and the app version, and an identifier that tells us which guest took them. Photos are stored twice: a filtered copy (the one that other guests see after the reveal) and an unedited original. The original is never visible inside the app or shared with anyone. It exists as an internal backup in case we ever need to reprocess the image.
Event details. When you create an event we keep its name, the date, the optional venue name and city, the capture window and reveal date you chose, and an optional cover image.
Guest details. When you scan into someone else's event we keep the first name you typed and, optionally, your relationship to the organiser. Other guests at the same event see that first name on the captures you took.
Device identifier. The first time you launch the app we generate a random identifier and store it in your phone's secure storage (iOS Keychain or Android Keystore). It survives reinstalling the app and lets us reconnect a returning guest with the captures they already took on this phone.
Apple or Google account details (only if you sign in). If you choose to sign in we receive a stable identifier from Apple or Google, plus whichever email address they decide to share with us. With Apple Sign-In you can use Hide My Email to keep your real address private. We never see your Apple or Google password.
Payment details. When you pay for an event, the payment itself is handled by Stripe. We do not see the card number, the expiry date, or the CVC. What we keep on our side is the Stripe payment identifier, the amount, the currency, and whether the payment went through.
Push notification token. If you grant the app permission to send notifications we keep the Apple or Google push token assigned to your device, so we can send you a small number of notifications tied to the lifecycle of an event (capture window opening, closing, memories ready).
What we use it for
We use the information above to run the camera service, to charge organisers for events they create, to send event-related notifications, and to act on requests to delete data.
We do not use this data to train machine-learning models, build a profile of you for advertising, or analyse your behaviour outside of operating the service. We do not sell or rent it to third parties, and there is no third-party advertising inside the app.
Who else can see it
Other guests at the same event see your captures from that event once the reveal opens. The organiser of the event sees the same set. That is how a shared event camera works.
Stripe processes payments. Supabase hosts our backend, with data stored in the European Union. Apple or Google handle the OAuth step on sign-in. Apart from those four (other event participants, Stripe, Supabase, your sign-in provider), the information does not go anywhere else.
How long we keep it
Captures stay with us for as long as the event itself exists. When an organiser deletes their event, that deletion removes every capture inside it, every guest record attached to it, and the underlying media files. If you delete your account, we remove every event you created and the captures inside those events, plus the guest registrations you claimed at events organised by other people. Stripe holds onto payment records separately under their own retention policy.
What you can do
You can use UNSEEN without signing in. Nothing in the product flow requires it.
If you did sign in, you can delete your account from inside the app at any time. Deletion removes everything described in the previous section. If you want a copy of what we hold about you before deleting, write to privacy@uncn.io and we will put together an export.
If you are in the EEA or the UK, you have access, rectification, restriction, portability, and objection rights under the GDPR. If you are in California, CCPA rights apply. Either way, write to privacy@uncn.io and we will deal with it.
Children
UNSEEN is not aimed at children under 13. We do not knowingly collect data from children under 13. If you believe we have, please tell us at privacy@uncn.io and we will delete it.
Security
The backend is hosted on Supabase, in the eu-west-1 region. Captures live in private object storage and are delivered through short-lived signed URLs. Authentication tokens on your phone are stored in the iOS Keychain or Android Keystore.
Changes to this page
If we change anything substantive on this page we will update the date at the top. For changes that affect what data we collect or who we share it with, we will also push a notice through the app before the change takes effect.
Contact
Write to privacy@uncn.io for anything related to this policy, including data access requests, complaints, or general questions.