Chuphin.
Legal

Privacy Policy

Last Updated: Monday 8 June 2026

This Privacy Policy ("Policy") is provided by Chuphin (chuphin.com) (referred to in this Policy as "Chuphin", "we", "us", and "our"). This Policy sets out how we collect, hold, use, and disclose personal information in connection with the Chuphin platform and website (collectively, the "Service").

Please read this Policy carefully. By using the Service in any capacity, you ("you", "your", or the "User") acknowledge that you have read, understood, and agreed to the terms of this Policy.

This Policy forms part of our Terms of Service. If you do not agree with this Policy, you must not use the Service.

1. DEFINITIONS

The following definitions apply throughout this Policy:

"Chuphin", "we", "us", "our" refers to Chuphin (chuphin.com), a sole trader business based in Brisbane, Queensland, Australia.

"You", "your", "the User" refers to any person who accesses or uses the Service in any capacity, including as a Host, Guest, or Visitor.

"Host" refers to a person or entity who creates a Chuphin account, purchases scan credits, and sets up one or more Events using the Service.

"Guest" refers to a person who scans a Host's QR code at an Event and accesses the Chuphin browser camera without creating an account.

"Visitor" refers to a person who browses the chuphin.com website without creating an account or scanning a QR code.

"Service" refers to the Chuphin website, browser-based camera platform, host dashboard, host gallery, and all related features and services available at chuphin.com.

"Personal Information" refers to any information that identifies or could reasonably identify you as an individual.

"Event" refers to an occasion created by a Host using the Service, associated with a unique QR code and a credit allocation.

"Photos" refers to images taken by Guests using the Chuphin browser camera during an Event and uploaded to the Host's private gallery.

2. WHO THIS POLICY APPLIES TO

This Policy applies to all Users of the Service, including:

Hosts who create accounts, purchase credits, and manage Events;

Guests who scan a QR code and use the Chuphin browser camera at an Event; and

Visitors who browse chuphin.com without creating an account.

Different types of personal information are collected from Hosts and Guests. Please refer to Section 3 for a detailed breakdown.

3. WHAT PERSONAL INFORMATION WE COLLECT

3.1 Information Collected from Hosts

When a Host creates an account or purchases a credit package, we collect:

Full name and email address;

Password: stored securely using industry-standard encryption. We never store passwords in plain text;

Payment information: processed entirely by Stripe. We do not store your full credit card number or payment credentials on our systems;

Event details created by the Host, including event name, date, QR opening and closing dates and times, and credit allocation; and

Delivery address: only if the Host orders a printed photo album via our Prodigi integration.

3.2 Information Collected from Guests

When a Guest scans a QR code at an Event and uses the Chuphin browser camera, we collect:

First name only: entered voluntarily before the camera session begins;

Photos taken during the scan session; and

The Event the Guest is associated with, based on the QR code scanned.

Guests are not required to create an account and are not required to provide an email address, phone number, or any other identifying information beyond a first name.

3.3 Information Collected Automatically

When any User visits chuphin.com or uses the Service, we may automatically collect:

IP address;

Browser type and version;

Device type and operating system;

Pages visited and time spent on each page;

Referring website or traffic source; and

Date and time of access.

This data is used to operate and improve the Service. It is not used to personally identify individual Visitors without additional information.

3.4 Photos

Photos taken by Guests using the Chuphin browser camera are uploaded to secure cloud storage and made available exclusively to the Host of the Event. Photos are stored for 90 days from the date the Event ends (when the QR code closes) and then automatically and permanently deleted. If a Host orders a printed photo album, the specific Photos selected for that album are kept for an additional 90 days from the date the album order is placed, so that the order can be fulfilled and any issues with the printed album can be resolved. Those Photos are then permanently deleted. We do not review, analyse, sell, or use Photos for any purpose other than providing the Service to the Host.

Some Hosts may use the Chuphin Live Slideshow feature, which displays Photos taken during an Event on a screen at the Event in close to real time. If a Host uses this feature, Photos you take may be visible to other people present at the Event shortly after you take them. This feature is controlled entirely by the Host. If you do not wish your Photos to be shown in this way, please speak directly with the event Host.

4. HOW WE USE YOUR PERSONAL INFORMATION

We use your personal information only for the purposes it was collected and related purposes, including:

Creating and managing Host accounts;

Processing credit package purchases and top-up payments via Stripe;

Generating and delivering QR codes for Events;

Storing and displaying Photos in the Host's private Gallery;

Sending automated emails to Hosts, including QR code delivery, Event end notifications, and storage reminder emails at 30, 60, and 80 days after an Event;

Fulfilling printed photo album orders via Prodigi;

Providing customer support to Users;

Monitoring and improving the performance and reliability of the Service; and

Complying with our legal obligations.

We will only use your personal information for marketing purposes if you have given us your explicit consent. You may withdraw that consent at any time by emailing support@chuphin.com or by using the unsubscribe link in any marketing email we send to you.

We do not sell, rent, or trade your personal information to any third party. We do not use Photos for advertising, marketing, AI training, or any purpose beyond providing the Service.

5. PHOTOS: OWNERSHIP AND USE

Guests who take Photos using the Chuphin browser camera retain ownership of those Photos.

By using the Service, a Guest grants us a limited, non-exclusive, royalty-free licence to store and display their Photos within the Chuphin platform, solely for the purpose of providing the Service to the Host. This licence expires automatically when the Photos are deleted at the end of the 90-day storage window, or, where a Photo is selected for a printed album order, at the end of the additional retention period described in Section 3.4.

Hosts are granted the right to view, download, and delete Photos from their Event gallery in accordance with the features of the Service. By creating an Event, Hosts accept responsibility for ensuring that Guests at their Event are aware that Photos are being taken and collected via the Chuphin platform.

We will only use Photos for marketing or promotional purposes with the explicit written consent of both the Host and, where identifiable individuals appear in Photos, those individuals. We do not seek or assume this consent by default. Your Photos belong to you, not to us.

6. HOW WE SHARE YOUR PERSONAL INFORMATION

We do not sell or rent your personal information to any third party. We share your information only in the following limited circumstances:

6.1 Service Providers

We use trusted third-party service providers to operate the Service. These providers process your data only as necessary to perform their services for us and are bound by appropriate confidentiality and data protection obligations. Our current service providers include:

Supabase: database, user authentication, and Photo storage (servers located in the United States);

Stripe: payment processing (global, PCI DSS compliant);

Resend: automated transactional email delivery;

PostHog: website and product analytics, error monitoring, and session recording, used to understand how Users interact with the Service and to identify and fix problems (servers located in the United States);

Cloudflare: domain and network security, bot protection (including the verification check shown on our sign up, login, and contact forms), and email routing for messages sent to and from our chuphin.com email addresses;

Vercel: website and platform hosting; and

Prodigi: print on demand fulfilment for photo album orders (global operations).

6.2 Legal Obligations

We may disclose your personal information if required to do so by law, or in response to a valid request from a court, government authority, or law enforcement agency. We will only do so to the minimum extent required.

6.3 Business Transfers

If Chuphin is acquired, merged, or its assets transferred, your personal information may form part of that transaction. We will notify Users of any such change and any acquiring entity will be required to handle your information in accordance with this Policy.

7. DATA STORAGE AND SECURITY

Your personal information is stored on servers provided by Supabase, located in the United States. By using the Service, you consent to your information being stored and processed outside of Australia. We take reasonable steps to ensure our service providers maintain appropriate security protections.

The steps we take to protect your personal information include:

Secure password hashing: we never store passwords in plain text;

Encrypted data transmission via HTTPS across all parts of the Service;

Access controls limiting who can access personal data;

PCI DSS compliant payment processing via Stripe: we do not store credit card details; and

Secure third-party cloud storage with appropriate access restrictions.

No method of electronic storage or transmission is 100% secure. While we implement reasonable protections, we cannot guarantee absolute security of your information.

8. DATA BREACH NOTIFICATION

We take data security seriously. In the event of a data breach that involves your personal information, we will respond promptly and in accordance with our legal obligations under the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme.

8.1 What Constitutes a Notifiable Data Breach

A data breach is notifiable under Australian law when:

There has been unauthorised access to, unauthorised disclosure of, or loss of personal information held by us; and

The breach is likely to result in serious harm to one or more individuals whose personal information was involved.

8.2 Our Response Process

Upon becoming aware of a suspected data breach, we will:

Contain the breach and take immediate steps to limit any further access or disclosure;

Assess whether the breach is likely to result in serious harm to affected individuals;

If the breach is assessed as notifiable, notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable and no later than 30 days after becoming aware of the eligible data breach;

Notify affected individuals directly, by email where we hold a valid email address, as soon as practicable after notifying the OAIC; and

Take all reasonable steps to prevent future recurrence of the breach.

8.3 What We Will Tell You

In the event of a notifiable data breach affecting your personal information, we will inform you of:

The nature of the breach and what information was involved;

The steps we have taken or are taking to contain and address the breach; and

The steps you can take to protect yourself, including any recommended actions.

8.4 GDPR Data Breach Obligations

If you are located in the EEA, UK, or Switzerland, we will additionally comply with our obligations under the GDPR in the event of a personal data breach. Where required under the GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

8.5 Reporting a Suspected Breach

If you believe your personal information held by us has been compromised or accessed without authorisation, please contact us immediately at support@chuphin.com. We take all such reports seriously and will investigate promptly.

9. HOW LONG WE RETAIN YOUR INFORMATION

9.1 Host Account Data

We retain Host account information for as long as the account remains active. If a Host closes their account, we will delete their personal information within 30 days, except where we are required to retain certain records for legal, tax, or accounting purposes.

9.2 Event Photos

All Photos are stored for 90 days from the date the Event ends (when the QR code closes) and then automatically and permanently deleted. Photos are accessible to the Host via the Recent Events section of their dashboard during the 90-day storage window. This deletion is irreversible. We will send automated reminder emails to Hosts at 30 days, 60 days, and 80 days after their Event ends. The only exception is where a Host orders a printed photo album. In that case the specific Photos selected for the album are kept for an additional 90 days from the date the album order is placed, and are then permanently deleted.

9.3 Payment Records

Records of payment transactions are retained for seven years as required under Australian taxation law.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to operate the Service and improve your experience. Cookies are small text files stored on your device when you visit our website.

We use cookies for the following purposes:

Keeping Hosts logged in to their account;

Remembering User preferences; and

Understanding how Users interact with our website for analytics purposes.

You can disable cookies through your browser settings. If you do, some features of the Service may not function correctly, including staying logged in to your Host account.

We do not use cookies for targeted advertising or to track your activity across unaffiliated third-party websites.

11. AUSTRALIAN PRIVACY ACT COMPLIANCE

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Under Australian privacy law, you have the following rights:

11.1 Right of Access

You have the right to request access to the personal information we hold about you. We will provide a response within 30 days of a valid request. Please contact us at support@chuphin.com.

11.2 Right to Correction

If you believe that any personal information we hold about you is inaccurate, incomplete, or out of date, you have the right to ask us to correct it. We will take reasonable steps to correct the information promptly.

11.3 Right to Deletion

You may request that we delete your personal information. We will do so unless we are required by law to retain it. Closing your Host account will result in deletion of your personal information within 30 days. Photos associated with your Events will be deleted on their standard 90-day schedule.

11.4 Right to Complain

If you believe we have mishandled your personal information, please contact us first at support@chuphin.com. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. GDPR COMPLIANCE: EUROPEAN ECONOMIC AREA, UK, AND SWITZERLAND

If you are located in the European Economic Area ("EEA"), United Kingdom, or Switzerland, the General Data Protection Regulation ("GDPR") or applicable local equivalent applies to our processing of your personal information.

12.1 Data Controller and Data Processor

Chuphin is the Data Controller in respect of personal information provided by Hosts and Visitors. Where Chuphin stores Photos uploaded by Guests on behalf of a Host, Chuphin acts as a Data Processor and the Host acts as the Data Controller for those Photos.

12.2 Legal Bases for Processing

We process your personal information on the following legal bases:

Contract performance: To fulfil our obligations to you as a Host, including processing payments, creating Events, and delivering QR codes;

Legitimate interests: To operate, maintain, and improve the Service and protect the security and integrity of our platform;

Legal obligation: Where we are required by law to retain certain records; and

Consent: For marketing communications and any optional use of Photos. You may withdraw your consent at any time without affecting prior processing.

12.3 Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right of access: You may request a copy of the personal information we hold about you;

Right to rectification: You may ask us to correct inaccurate or incomplete personal information;

Right to erasure: You may ask us to delete your personal information, subject to legal retention requirements;

Right to restriction of processing: You may ask us to restrict how we process your personal information in certain circumstances;

Right to data portability: You may request your personal information in a structured, machine-readable format;

Right to object: You may object to processing based on our legitimate interests; and

Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@chuphin.com. We will respond within 30 days of your request.

12.4 International Transfers

Your personal information may be transferred to and stored in countries outside the EEA, including Australia and the United States, where our service providers are located. Where such transfers occur, we take steps to ensure your personal information is protected in accordance with GDPR requirements.

12.5 Age: EEA Residents

If you are an EEA resident under the age of 16, you must obtain consent from a parent or legal guardian before using the Service.

13. CALIFORNIA RESIDENTS: CCPA AND CPRA COMPLIANCE

If you are a California resident, the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA") provide you with specific rights regarding your personal information.

13.1 Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information as defined under the CCPA:

Identifiers: Name, email address, IP address;

Commercial information: Credit package and top-up purchase history;

Audio, electronic, visual, and photographic data: Photos taken via the Chuphin camera; and

Internet or network activity: Pages visited, browser type, device information.

13.2 Your California Privacy Rights

Right to know: You may request details of the personal information we have collected about you in the past 12 months;

Right to delete: You may request deletion of your personal information, subject to certain legal exceptions;

Right to correct: You may request correction of inaccurate personal information;

Right to opt-out of sale or sharing: We do not sell your personal information and do not share it for cross-context behavioural advertising; and

Right to non-discrimination: We will not discriminate against you for exercising any of your California privacy rights.

To exercise any of these rights, contact us at support@chuphin.com with the subject line "California Privacy Request". We will respond within 45 days.

13.3 Do Not Track

Our website does not currently respond to browser Do Not Track signals. We do not track your activity across unaffiliated third-party websites.

14. CHILDREN'S PRIVACY

The Service requires Hosts to be at least 18 years of age to create an account. We do not knowingly collect personal information from any person under the age of 18 for the purpose of creating a Host account.

Guests who access the Chuphin camera by scanning a QR code are not required to create an account. The Host is responsible for ensuring appropriate consent is obtained for the participation of any minors at their Event, including any Photos that may capture children.

We do not market our Service to children and do not knowingly collect personal information directly from children. If you believe we hold personal information about a child that was not appropriately authorised, please contact us immediately at support@chuphin.com.

15. THIRD-PARTY LINKS AND SERVICES

The chuphin.com website may contain links to third-party websites or services. This Policy does not apply to those third-party sites. We encourage you to read the privacy policies of any third-party websites you visit. We are not responsible for the privacy practices or content of any third-party websites.

16. CHANGES TO THIS POLICY

We may update this Policy from time to time. The Last Updated date at the top of this document will always reflect when the current version was last updated. If we make significant changes, we will notify registered Hosts by email. Continued use of the Service after any changes are posted constitutes acceptance of the updated Policy.

17. HOW TO CONTACT US

For any questions, requests, or complaints relating to this Policy or the handling of your personal information, please contact us at:

Chuphin
chuphin.com
support@chuphin.com
Brisbane, Queensland, Australia

We will respond to all enquiries within 30 days.

© 2026 Chuphin. All rights reserved. chuphin.com

← Back to Homepage