esharemo
Overview
This Privacy Policy explains what information esharemo collects, why it is used, where event files are stored, and how hosts and guests can ask questions or request help.
esharemo stores media metadata in its database and stores uploaded photos and videos in the host's connected Google Drive.
This policy should be reviewed before production use and may be updated as the product, providers, and legal requirements change.
Data controller / responsible party
esharemo is responsible for the app flows it operates, including host authentication, event workspaces, guest invitation links, upload metadata, and support requests.
Hosts are responsible for the Google Drive accounts they connect and for the event media they ask guests to upload.
Google is responsible for Google Sign-In and Google Drive services under Google's own terms and privacy policies.
Types of users covered
This policy covers people who interact with esharemo.
Covered people
- Hosts
- Guests
- People appearing in uploaded media
- Website visitors
Information collected from hosts
When a host signs in and manages an event, esharemo may collect account, event, Google Drive, and support information.
Host information
- Name
- Email address
- Google account ID
- Profile image, if used
- Login/session data
- Encrypted Google OAuth tokens
- Google Drive connection status
- Google Drive app root folder ID
- Event details created by the host
- Guest list entries added or imported by the host
- Activity logs
- Support messages, if any
Information collected from guests
Guests upload through invite links or QR codes without creating esharemo accounts.
Guest information
- Guest name
- Optional phone number, if collected
- Invite token
- Guest upload status and history
- Uploaded files
- Original filename
- Generated filename
- File size
- File type or MIME type
- Upload progress/status
- Upload failure/error data
- Browser, device, or network metadata needed for upload handling
- Secure file access/download activity, if logged
Uploaded media data
Uploaded files may include personal information.
Media may contain
- Photos
- Videos
- Faces or images of people
- Voices, if videos include audio
- Event details visible in media
- Location clues visible in the photo or video
- Metadata included in files, if preserved
Automatically collected technical data
esharemo may collect technical information needed to run, secure, and troubleshoot the service.
Technical data
- Timestamps
- Page and activity logs
- Error logs
- Upload attempt logs
- Security logs
- Cookies and session identifiers
Google user data
esharemo uses Google Sign-In for host authentication.
esharemo uses Google Drive access to create folders and upload guest media to the host’s Drive.
esharemo may store Google account identifiers, email, profile info, Drive folder IDs, Drive file IDs, and OAuth tokens needed to operate the integration.
esharemo does not request unnecessary Google permissions.
esharemo uses Google user data only to provide or improve user-facing features, such as login, Drive connection, folder creation, and upload delivery.
esharemo does not sell Google user data.
esharemo does not use Google user data for advertising, retargeting, lending, or unrelated profiling.
Google’s API policy requires clear privacy disclosures, minimum necessary permissions, secure handling, and limited use of Google user data.
Where files are stored
Actual uploaded media is stored in the host’s Google Drive.
esharemo’s database stores metadata and references, not necessarily the actual final media files.
Temporary upload/session data may be processed to complete uploads.
File access depends on the host’s connected Google Drive account.
Data sharing
esharemo shares or processes data only as needed to operate the service, comply with law, or support users.
Possible recipients or processors
- Google, for Sign-In and Drive storage
- Hosting providers, such as Vercel
- Database providers, such as PostgreSQL hosts
- Legal authorities, when required by law
- Service providers that help operate esharemo
Human access to data
esharemo team members do not casually view user media.
Access may happen only when needed for support, debugging, security, abuse investigation, legal compliance, or when the user gives permission.
Google’s Limited Use policy also restricts human access to Google user data except in specific cases like user consent, security, legal compliance, or internal aggregated operations.
Data retention and deletion
Host account data is kept while the account is active.
Event metadata is kept while the event/workspace exists.
Guest records are kept while the host keeps the event or until deleted.
Upload metadata may be kept for troubleshooting, audit, and upload history.
Failed upload logs may be kept for debugging and reliability.
Files in Google Drive remain under the host’s Google Drive account until deleted by the host or through allowed app actions.
If the host disconnects Google Drive, esharemo may lose the ability to manage/delete Drive files.
Hosts may request account deletion.
Hosts may delete events/guests/media where supported.
Guests may contact the host or esharemo to request deletion or removal.
Some deletion requests may require host cooperation because final files are stored in the host’s Google Drive.
Backup/log deletion may take additional time.
Some records may be retained when required for security, legal, or dispute reasons.
User rights
Depending on location and applicable law, users may have privacy rights over their personal information.
Possible rights
- Access personal data
- Correct inaccurate data
- Request deletion
- Object to processing
- Withdraw consent where applicable
- Request data portability, if applicable
- File a privacy complaint
Security measures
esharemo uses technical and organizational measures to protect service data.
Current and planned safeguards
- HTTPS
- Secure authentication
- Encrypted or protected OAuth tokens
- Limited access controls
- Secure upload sessions
- Origin-bound resumable Google Drive sessions
- Database access controls
- Logging and monitoring
- Rate limiting once production-ready
- Regular security improvements
Children’s privacy
esharemo is not directed to children.
Hosts should not intentionally collect children’s data without proper parent/guardian consent.
Events involving minors require extra care and appropriate consent.
Users should contact esharemo for removal requests involving minors.
International data transfers
Data may be processed or stored through third-party providers outside the Philippines.
Google, hosting providers, database providers, and other processors may operate globally.
You take reasonable steps to protect data according to applicable law.
Breach/security incident notice
esharemo will investigate suspected data incidents.
Affected users may be notified when required by law.
Authorities may be notified when legally required.
Users should report suspected unauthorized access immediately.
Changes to Privacy Policy
You may update the policy.
The effective date will change.
Major changes may be announced through the website, app, or email.
Continued use means acceptance of the updated policy.
Contact or support note
For questions about this page, contact support.esharemo@gmail.com.
