Privacy & GDPR Policy

Last updated: 14 May 2026. We are committed to protecting your personal data.

1. Who We Are

Flashback Memories ("we", "us", "our") is the data controller for personal data processed through this platform.

2. Data We Collect

We collect: account information (name, email, password hash), uploaded file metadata (name, size, type), QR code usage data, billing information (processed via third-party payment provider), and technical data (IP address, browser type, session data).

3. Legal Basis for Processing

We process your data on the following legal bases: Contract performance (to provide the service you subscribed to), Legitimate interests (platform security and fraud prevention), Legal obligation (compliance with applicable law), and Consent (where you have given explicit consent, e.g. marketing communications).

4. How We Use Your Data

To provide and maintain the service; to process payments; to communicate with you about your account; to detect and prevent fraud or abuse; to comply with legal obligations; and (with consent) to send marketing communications.

5. Data Retention

Account data is retained for the duration of your subscription plus 30 days. Uploaded files are deleted 30 days after subscription cancellation. Billing records are retained for 7 years as required by law.

6. Your Rights (UK GDPR)

You have the right to: access your personal data; rectify inaccurate data; erasure ("right to be forgotten"); restrict processing; data portability; object to processing; and lodge a complaint with the ICO (ico.org.uk).

7. Data Sharing

We do not sell your personal data. We share data only with: payment processors (for billing), cloud storage providers (for file hosting), and where required by law.

8. Cookies

We use session cookies for authentication and functional cookies for language preferences. We do not use advertising or tracking cookies. You can manage cookie preferences via your browser settings.

9. Security

We implement technical and organisational measures to protect your data, including: JWT-based authentication, TLS/HTTPS encryption in transit, bcrypt password hashing, and strict user data isolation.

Your rights matter.

To exercise any of your data rights or to make a complaint, contact our Data Protection Officer at hello@flashbackmemories.io