Version 13/07/2026
Privacy policy
Memboux is a private event-gallery service. This notice transparently describes the current technical operation; it is not a certification of compliance.
Roles and responsibility
Memboux operates the platform and accounts. Each event owner decides who is invited, the purpose of the collection and access. Uploaders confirm that they are entitled to submit the content.
Data we process
Account details, sessions and security logs, event metadata and memberships, photos/videos and technical metadata, upload-consent versions, invitations, removal requests and privacy requests. Rate limits store one-way hashed identifiers rather than raw IP addresses.
Purposes and services
Data is used for authentication, private-gallery operation, uploads, collaboration, security, abuse prevention, support and rights requests. Infrastructure is provided by Cloudflare Workers, D1 and R2; transactional email by Resend; optional Google sign-in by Google. We do not sell data or use it for advertising profiles.
Retention
Sessions expire after 30 days. Trashed media/events are permanently deleted after 30 days. Rate-limit counters expire at the end of their window. Expired invitations and verification records are automatically cleaned up. Resolved removal requests are retained for up to 12 months and resolved privacy requests for up to 3 years for audit. Event access expiry does not automatically erase memories; an event remains until its owner/admin deletes it.
Choices and rights
Users can export account data and request verified deletion from the Privacy center. Each media item offers a removal request. For access, correction, deletion, restriction or objection, use the secure request form.
Submit a requestController details pending
Before public commercial launch, the controller’s full legal name, postal address and official privacy email must be published. Until then, requests are received through the built-in form and admin panel.