How Group Photo handles your information
Last updated: April 26, 2026
Group Photo is built to help people create a final group image from a background photo and one or more subject photos. This privacy policy explains, in plain language, what data the app uses, why it uses it, and what happens to that data.
Information we collect
- Account information: your name, email address, and a hashed version of your password.
- Photo content: background photos, subject photos, and generated final group photos.
- Group photo activity: group photo codes, contributor names, optional guest contributor names and emails, upload state, and processing status.
- Service and security data: basic server logs, request IDs, and error details needed to keep the service working and investigate issues.
How we use your information
- to create and secure your account
- to let you start or join a group photo
- to upload, store, and process the photos needed to create the final image
- to send password reset emails when requested
- to email final image links or error reports related to your group photo
- to show an optional guest name to the group photo owner and email the finished photo to a guest if they choose to enter an email address
- to prevent abuse, troubleshoot problems, and keep the app reliable
How your photos are processed
When you submit a group photo, the app sends the staged images to backend services and then uses OpenAI image generation to create the final combined image. That means the uploaded photos are processed by OpenAI for the purpose of generating your requested output.
Where data is stored and sent
- MySQL database: account records and group photo records.
- AWS S3: staged uploads and generated group photo files.
- AWS SES: password reset emails, final delivery emails, and error emails.
- OpenAI: photo inputs needed to generate the final group image.
What we do not do
- We do not sell your personal data.
- We do not use your photos for advertising.
- We do not claim that your data is anonymous when it is tied to your account or your submitted photos.
When your information is shared
Your information is shared only as needed to run the service. For example, contributor names and optional guest names are shown inside a group photo so the owner can see who contributed, emails are sent through AWS SES, files are stored in AWS S3, and image-generation requests are processed through OpenAI.
Data retention
Account records stay in the system until they are deleted by the app operator. Password reset tokens are short-lived. Uploaded photos, staged assets, generated images, and related logs may remain stored for operational and troubleshooting purposes until they are manually removed or cleaned up by the service.
Your choices
- You can choose whether to create an account or contribute a photo.
- Guest contributors can leave name and email blank; an email is only needed if they want to receive the final photo link.
- You can choose whether to participate in a collaborative group photo.
- You can request a password reset email if you lose access to your password.
- If you want your account or stored data deleted, you can use the in-app account deletion option or the public deletion request page.
Security
We use reasonable technical measures to protect account and photo data, including hashed passwords, authenticated APIs, and time-limited download links for final images. No internet service can promise perfect security, so please avoid sharing anything you would not want processed by an online service.
Children
Group Photo is not intended to collect personal information from children without the knowledge and involvement of a parent or guardian.
Changes to this policy
This privacy policy may be updated as the app changes. When it is updated, the date at the top of this page will also be updated.