Privacy Policy

Momently ("Momently", "we", "us", or "our") is an event photo-sharing service operated by Kodecraft ("Kodecraft"). This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use our website, applications, and related services (collectively, the "Service").

We are committed to protecting your privacy and processing personal information in accordance with the Protection of Personal Information Act, 2013 ("POPIA") of South Africa and other applicable laws.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

For purposes of POPIA, the responsible party is Kodecraft, the operator of Momently.

Contact: hello@kodecraft.co.za

For privacy-related requests or complaints, please contact us at the email above. You also have the right to lodge a complaint with the Information Regulator (South Africa) at www.justice.gov.za/inforeg.

This policy applies to:

• Event hosts who create an account and purchase event albums ("Hosts")
• Guests who upload photos or view event galleries without creating an account ("Guests")
• Visitors who browse our website without using the Service

4.1 Information from Hosts (account holders)

• Full name and email address when you register
• Account credentials (password stored in hashed form by our authentication provider)
• Payment-related information processed by Paystack (we do not store full card details)
• Event details you provide (title, subheading, banner images, gallery settings)
• Technical and usage data (IP address, browser type, device information, log data)

4.2 Information from Guests

• Display name you optionally provide when uploading photos
• Photos, captions, and related metadata you upload
• Technical data such as IP address, browser type, and upload timestamps

Guests are not required to create an account. By uploading content, Guests acknowledge that their uploaded information will be visible to other users with access to the event link or QR code.

4.3 Cookies and similar technologies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

We process personal information for the following purposes:

• Providing, operating, and maintaining the Service
• Creating and managing event albums, QR codes, and shared galleries
• Processing payments and managing event credits
• Authenticating Hosts and securing accounts
• Storing and delivering uploaded photos to authorised event participants
• Communicating with you about your account, payments, or support requests
• Detecting, preventing, and addressing fraud, abuse, or security issues
• Complying with legal obligations
• Improving and developing the Service

Our lawful bases for processing under POPIA include consent, performance of a contract, compliance with legal obligations, and legitimate interests (such as security and service improvement), where appropriate.

Event hosts are responsible for informing guests that photos will be collected and shared within the event album, and for obtaining any consent required under applicable law (including POPIA) before guests upload personal information or images of identifiable individuals.

Momently acts as a service provider to Hosts in relation to guest uploads. Hosts determine who can access their event album via the event link or QR code.

Uploaded photos and associated metadata are stored for the active period of the event album (currently up to 90 days from creation), after which they are deleted in accordance with our data retention policy.

We may share personal information with:

• Service providers who assist us in operating the Service (e.g. Supabase for database and file storage, Paystack for payment processing)
• Other users with access to your event album (for guest uploads and shared galleries)
• Law enforcement, regulators, or courts when required by law or to protect rights and safety
• Professional advisers where necessary (e.g. legal or accounting)
• A successor entity in connection with a merger, acquisition, or sale of assets

We do not sell your personal information. Third-party processors are contractually required to protect your data and use it only for the purposes we specify.

Your information may be processed and stored in South Africa and in other countries where our service providers operate. Where personal information is transferred across borders, we take reasonable steps to ensure appropriate safeguards are in place, consistent with POPIA requirements.

• Event albums and uploaded photos: retained for up to 90 days from event creation, then permanently deleted
• Account information: retained while your account is active and for a reasonable period thereafter for legal and business purposes
• Payment records: retained as required for tax, accounting, and legal compliance
• Log and security data: retained for a limited period necessary for security and troubleshooting

You may request earlier deletion of your account data subject to our legal retention obligations.

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, destruction, or alteration. These include encrypted connections (HTTPS), access controls, and secure cloud infrastructure.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Subject to applicable law, you have the right to:

• Request access to personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information, where applicable
• Object to processing in certain circumstances
• Withdraw consent where processing is based on consent
• Lodge a complaint with the Information Regulator (South Africa)

To exercise these rights, contact us at hello@kodecraft.co.za. We will respond within a reasonable time as required by law.

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

Event hosts must not use the Service to collect personal information from children without appropriate parental or guardian consent.

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. Material changes may be communicated via email or a notice on the Service. Continued use after changes constitutes acceptance of the updated policy.

For questions about this Privacy Policy or our data practices, contact:

Kodecraft (Momently)
Email: hello@kodecraft.co.za