Privacy Policy
Last Updated: 19.04.2026
At Momentral, we care about privacy, safety, and the lawful handling of personal data. This Privacy Policy explains how Momentral collects, uses, stores, shares, protects, retains, and deletes personal data when you use our website, mobile applications, guest upload pages, event links, business tools, support channels, and related services (collectively, the “Services”).
Momentral is a platform that allows event organizers and participants to collect, upload, store, manage, and share event-related photos and videos. Because our Services involve user-generated content, this Privacy Policy also explains how we handle uploaded media and related data for trust, safety, moderation, fraud prevention, and legal compliance purposes.
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are
Momentral is the provider of the Services described in this Privacy Policy.
Data Controller Contact: Email: [email protected]
If required by applicable law, Momentral may appoint a representative, privacy contact, or data protection contact for specific jurisdictions.
2. Scope of This Privacy Policy
This Privacy Policy applies to:
• the Momentral mobile applications
• guest upload pages and event links
• the Momentral website
• event creation and event management features
• business-related dashboards and tools, if offered
• communications with support
• trust and safety, fraud prevention, moderation, and legal compliance processes related to the Services
This Privacy Policy does not apply to third-party services, websites, app stores, payment providers, analytics providers, or social media services that have their own privacy notices.
3. Categories of Personal Data We Collect
Depending on how you use the Services, we may collect the following categories of personal data.
A. Account and Profile Data
We may collect:
• name
• email address
• account identifier
• authentication-related identifiers
• profile details you choose to provide
• language, country, or region preferences
B. Event Data
We may collect:
• event title
• event type
• event date
• event settings
• visibility preferences
• event owner and collaborator information
• event links
• QR code associations
• event-related administrative settings
C. User-Generated Content
We may collect and process:
• uploaded photos
• uploaded videos
• captions, comments, or labels
• thumbnails and previews
• filenames
• technical file metadata
• upload timestamps
• moderation signals associated with uploaded files
D. Guest Upload Data
We may collect:
• guest upload session data
• guest-entered identifiers or names, if provided
• timestamps of uploads
• technical and device-related upload data
E. Device, Log, and Usage Data
We may collect:
• IP address
• device identifiers
• browser type
• operating system
• app version
• crash data
• diagnostic data
• access logs
• feature interaction data
• session and activity timestamps
F. Payment and Transaction Data
If you make purchases through app stores or other payment channels, we may receive:
• plan or package information
• transaction identifiers
• purchase status
• subscription or entitlement information
• refund status
Momentral does not store full payment card numbers when payment processing is handled by third-party payment providers or app stores.
G. Communications and Support Data
We may collect:
• support requests
• emails and messages sent to us
• user feedback
• complaints
• policy reports
• follow-up correspondence
H. Safety, Moderation, and Abuse-Prevention Data
We may collect and generate:
• content reports submitted by users
• internal review notes
• policy enforcement decisions
• trust and safety flags
• fraud indicators
• account restriction history
• records relevant to disputes, investigations, or repeat abuse
I. Data Relating to Individuals Appearing in Uploaded Content
Uploaded content may contain personal data relating to individuals who appear in event media, such as:
• facial image
• likeness
• voice
• clothing and appearance
• contextual location information
• social or family setting information visible in content
4. How We Collect Personal Data
We collect personal data:
• directly from you when you register, create an event, upload content, purchase a package, or contact us
• from guests and participants who upload content through event links or QR codes
• automatically through your use of the Services
• from app stores, payment providers, hosting providers, authentication providers, and support tools
• from reports, complaints, moderation workflows, and safety systems
5. How We Use Personal Data
We may use personal data for the following purposes:
A. To Provide and Operate the Services
We use personal data to:
• create and manage user accounts
• create and manage events
• enable uploads and access to event media
• host, organize, and display media
• generate event links and QR code flows
• enable downloads and sharing features
B. To Maintain, Improve, and Develop the Services
We use personal data to:
• monitor performance
• diagnose bugs and technical errors
• improve functionality and usability
• analyze product usage
• test new features
• maintain service reliability and security
C. To Process Transactions and Account Entitlements
We use personal data to:
• validate purchases
• activate plans and entitlements
• process refunds and billing-related support
• investigate failed or disputed purchases
D. To Communicate With You
We use personal data to:
• respond to support inquiries
• send service notices
• provide account, event, and purchase updates
• notify users of important policy or product changes
E. To Enforce Policies and Protect Safety
We use personal data to:
• review reported content
• detect fraud, spam, abuse, and misuse
• assess violations of our Terms and policies
• remove or restrict content
• suspend or terminate accounts
• preserve records relevant to policy enforcement or legal obligations
F. For Trust, Safety, Moderation, and Legal Compliance
Because Momentral hosts user-generated content, we may use uploaded content and related data to:
• detect potentially unlawful or prohibited content
• assess privacy complaints
• review intellectual property complaints
• prevent misuse of the Services
• comply with legal obligations
• protect users, children, event guests, rights holders, and the public
G. To Establish, Exercise, or Defend Legal Claims
We may use personal data where reasonably necessary to respond to disputes, legal requests, enforcement matters, or claims.
H. With Consent, Where Required
Where applicable law requires consent for specific processing, we will rely on consent and allow withdrawal for future processing where required.
6. Legal Bases for Processing
Where the GDPR, UK GDPR, Swiss law, or similar laws apply, we rely on one or more of the following legal bases:
• performance of a contract
• legitimate interests
• compliance with legal obligations
• consent
• establishment, exercise, or defense of legal claims
• vital interests or substantial public interest, where permitted by law
Examples:
• account and event functionality: performance of a contract
• security and anti-fraud: legitimate interests
• moderation and illegal content handling: legitimate interests and legal obligations, depending on the case
• responding to lawful disclosure requests: legal obligation
• optional marketing where required: consent
7. Event Organizers, Guests, and Data Roles
Momentral provides tools that event organizers use to collect and manage event-related media.
Depending on the circumstances:
• Momentral may act as an independent controller for account administration, platform operations, moderation, fraud prevention, support, security, analytics, and legal compliance.
• An event organizer may act as a separate controller for their decisions about how event content is collected, shared, displayed, and used.
• In some contexts, Momentral may process data on behalf of a business user or organizer under separate terms.
Event organizers are responsible for using the Services lawfully, including giving notices and obtaining permissions or consents where required by law, especially where content includes children, guests, or non-users.
8. Content, Moderation, and Safety
Because Momentral allows users to upload photos and videos, we may use automated tools and manual review to assess content for safety, fraud prevention, policy enforcement, and legal compliance.
This may include:
• automated scanning or classification tools
• manual review of reported or flagged content
• review of content linked to safety, abuse, privacy, copyright, or unlawful-activity concerns
• preservation of records and metadata where needed for legal compliance, dispute resolution, or safety
Momentral may remove, restrict, disable access to, preserve, or report content or accounts where we reasonably believe this is necessary to:
• enforce our Terms or policies
• comply with applicable law
• protect users or third parties
• investigate abuse
• prevent harm
9. Children’s Privacy
Momentral is a general-audience service and is not directed to children.
Any app store age rating or classification, including a “4+” rating, is a platform content classification and does not mean that children may independently use the Services or provide personal data without any authorization required by applicable law.
If a child uses the Services, such use must comply with applicable law and, where required, must be authorized or supervised by a parent, legal guardian, school, event organizer, or another legally authorized adult.
We do not knowingly collect personal data from children in violation of applicable law. If we learn that personal data relating to a child has been collected unlawfully, we may delete, restrict, preserve, or otherwise process that data as required by law, safety obligations, or dispute-handling needs.
Because event media may incidentally include images of children, users and event organizers are responsible for ensuring that they have all permissions, notices, and legal authority required to upload and share such content.
If you believe content involving a child has been uploaded unlawfully or may endanger a child, contact us immediately at [email protected].
10. Sensitive or High-Risk Content
Momentral is not intended to be used for the storage or distribution of highly sensitive or unlawful content. Users must not upload content that is illegal or prohibited by our policies, including child sexual abuse material, non-consensual intimate imagery, or other exploitative or unlawful content.
Momentral may take immediate action where such content is suspected, including removal, access restriction, suspension, evidence preservation, and reporting where required or appropriate.
11. Cookies and Similar Technologies
We and our service providers may use cookies, SDKs, local storage, and similar technologies to:
• keep users signed in
• remember preferences
• measure traffic and usage
• improve performance and security
• support diagnostics and reliability
• where permitted, support communications or analytics
Where required by law, we will seek consent before using non-essential cookies or similar technologies.
If implemented, additional information may be provided in a separate Cookie Policy or cookie notice.
12. When We Share Personal Data
We may share personal data with the following categories of recipients.
A. Service Providers
We may share data with providers that support our operations, such as:
• hosting and cloud storage providers
• content delivery providers
• analytics and diagnostics providers
• customer support providers
• authentication providers
• payment-related providers
• trust and safety providers
• communications and notification providers
These providers are authorized to use personal data only as needed to provide services to us, subject to contractual and security restrictions.
B. App Stores and Payment Providers
We may share or receive relevant transaction-related information for purchase validation, refunds, fraud prevention, and support.
C. Business Transfers
We may share data in connection with a merger, financing, acquisition, restructuring, sale of assets, or similar transaction.
D. Legal, Safety, and Enforcement Disclosures
We may disclose data where reasonably necessary to:
• comply with law, regulation, legal process, or court order
• respond to lawful requests from authorities
• enforce our Terms or policies
• investigate fraud, abuse, or unlawful conduct
• protect the rights, safety, property, or security of Momentral, users, or others
• prevent imminent harm
E. At Your Direction
We may share data where you instruct us to do so or where event-sharing features make content visible according to your settings.
We do not sell personal data for money. We do not share personal data for cross-context behavioral advertising unless expressly disclosed and permitted by applicable law.
13. International Data Transfers
Momentral may process personal data in countries other than the country where it was collected, including Türkiye, the Netherlands, and other countries where service providers operate.
Where required by law, we use appropriate safeguards for cross-border data transfers, which may include:
• adequacy decisions
• standard contractual clauses
• similar approved transfer mechanisms
• technical, contractual, and organizational safeguards appropriate to the transfer
You may contact us at [email protected] for more information about applicable safeguards.
14. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention periods depend on the type of data:
• Event media and event data: Event content may be deleted by the event owner at any time and, if not deleted earlier, is automatically deleted no later than 90 days after the event creation date.
• Account data: retained while the account remains active and for a limited period afterward where needed for legal, accounting, fraud-prevention, security, or dispute-resolution purposes.
• Support and complaint records: retained as needed to respond to requests, document decisions, and manage disputes or repeat reports.
• Logs and security records: retained for a limited period for security, troubleshooting, abuse prevention, and compliance purposes.
• Moderation and enforcement records: retained for an appropriate period to support policy enforcement, appeals, repeat-offender detection, legal compliance, and safety obligations.
If data must be preserved because of an investigation, legal hold, dispute, safety matter, or legal obligation, we may retain it beyond ordinary deletion timelines.
15. Security
We implement reasonable technical, administrative, and organizational safeguards designed to protect personal data. These measures may include:
• encryption in transit and, where appropriate, at rest
• access controls and role-based permissions
• secure development and deployment practices
• logging and monitoring
• backup and recovery processes
• environment segregation
• incident response procedures
• vendor review and contractual protections
No method of storage, transmission, or security control is completely secure, and we cannot guarantee absolute security.
16. Your Privacy Rights
Depending on your location and applicable law, you may have rights such as:
• access
• correction
• deletion
• restriction
• objection
• portability
• withdrawal of consent where processing is based on consent
• the right to lodge a complaint with a supervisory authority or regulator
We may request information to verify identity before responding to certain requests and may deny or limit requests where permitted by law.
17. EEA / UK / Switzerland Rights
If you are in the EEA, UK, or Switzerland, you may have the right to request access, rectification, erasure, restriction, objection, and portability, subject to applicable law. You may also lodge a complaint with your local data protection authority.
18. Türkiye / KVKK Rights
If Turkish data protection law applies, you may have the rights granted under applicable law, including the right to learn whether your data is processed, request information regarding processing, learn the purpose of processing, know third parties to whom data is transferred where applicable, request correction, request deletion or destruction where legal conditions are met, and request notification of these actions to relevant third parties where required.
19. California Privacy Notice
If you are a California resident, this section supplements the rest of this Privacy Policy.
In the preceding 12 months, we may have collected categories of personal information such as:
• identifiers
• transaction-related information
• commercial information
• internet or network activity information
• visual or electronic information
• device and usage information
• inferences used for security, fraud prevention, or service improvement
• sensitive personal information only where reasonably necessary for permitted purposes, if applicable
We may collect such information from:
• you
• your device
• guests and participants
• service providers
• app stores and payment providers
• fraud, trust, and safety sources
We use this information for the business and operational purposes described in this Privacy Policy.
We do not sell personal information for money. We do not knowingly sell or share personal information of minors where prohibited by law.
California residents may have rights under applicable law to know, access, correct, delete, and obtain information about our handling of personal information. Requests may be submitted to [email protected].
20. How to Exercise Privacy Rights
To submit a privacy request, contact:
Email: [email protected]
Please provide enough information for us to understand, verify, and respond to your request.
21. Complaints, Reports, and Content-Related Requests
If your request concerns:
• unlawful content
• privacy violations
• impersonation
• non-consensual intimate imagery
• copyright complaints
• child safety concerns
• emergency or high-risk content issues
please contact us at:
Email: [email protected]
We may maintain separate procedures for content reporting, child safety escalation, and intellectual property complaints.
22. Third-Party Services
The Services may contain links to or integrations with third-party services. Those third parties operate under their own terms and privacy notices, and Momentral is not responsible for their privacy practices.
23. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we may update the “Last Updated” date and provide additional notice where required by law.
24. Contact Us
If you have questions about this Privacy Policy or our privacy practices, contact:
Email: [email protected]