Legal

Privacy Policy

Last Updated: May 2026 · Effective Immediately

instantpik is committed to protecting the privacy of every guest, client, and visitor. This policy explains exactly what data we collect, how we use it, how long we keep it, and your rights over it — in plain language.

Contents

01 — Who We Are
02 — What We Collect
03 — How We Use Your Data
04 — AI Face Matching & Selfie Data
05 — How Long We Keep Your Data
06 — How We Protect Your Data
07 — Third-Party Services
08 — Your Rights
09 — Contact

Who We Are

instantpik is an AI-powered event photo delivery platform based in Kadiyapulanka, East Godavari, Andhra Pradesh, India. We operate the website instantpik.com and provide AI face-recognition photo delivery, QR-based event galleries, and cloud photo storage services.

For the purposes of data protection, instantpik is the data controller for all personal data processed through our platform.

What We Collect

We collect only the minimum data needed to deliver our services:

Data Type	What It Is	Why We Need It
Guest Name	First and last name entered at QR scan	To personalise your gallery greeting
Phone Number	10-digit Indian WhatsApp number	To send your gallery link via WhatsApp
Selfie / Photo	Live selfie or uploaded photo	AI face-matching to find your event photos
Event Photos	Photos uploaded by the event organiser	Stored on AWS S3 for gallery delivery
Payment Data	Transaction confirmation ID only	Booking confirmation (card details never stored)
Technical Logs	IP address, browser type, page visits	Security monitoring only — not linked to identity

We never collect Aadhaar numbers, PAN details, financial account information, or any sensitive personal data beyond what is listed above.

How We Use Your Data

To identify your photos in the event gallery using AI face-matching (Amazon Rekognition).
To send your personal gallery link and photo count via WhatsApp.
To cache your gallery results so returning visitors load instantly without re-scanning.
To generate booking records and invoices for our photography services.
To monitor platform security and fix technical errors.

We never sell, rent, or share your personal data with third parties for marketing or advertising purposes. Your data is used exclusively to deliver the service you requested.

AI Face Matching & Selfie Data

Our AI photo delivery system uses Amazon Rekognition to find your photos. Here is exactly how it works and how your biometric data is protected:

Capture: Your selfie or uploaded photo is compressed to a maximum of 800px and transmitted over an encrypted HTTPS connection to our server.
Processing: Amazon Rekognition creates a temporary mathematical face vector (not a photo) to search the event collection. This vector exists only during the active search request.
No Permanent Storage: Amazon Rekognition does not permanently store your face data. The face vector is discarded immediately after the search completes.
Selfie File: The selfie file saved to our server is used only to log the access event. It is automatically deleted within 24 hours by our scheduled cleanup system.
No External Linking: Your facial data is never linked to any external database, social media profile, or government identity system.
Consent: By using the AI selfie search, you consent to temporary biometric processing for the sole purpose of photo delivery. You may opt out by contacting us — your event photos can be shared via alternate means.

Amazon Rekognition processes face data in compliance with AWS's own privacy and security standards. See AWS Privacy Notice for full details.

How Long We Keep Your Data

Data	Retention Period	Deletion Method
Selfie files	Maximum 24 hours	Automated cron deletion daily at midnight
Gallery cache (name, phone, matched photos)	Duration of event access period	Cleared when event expires or on request
Event photos	Per storage plan (30 days / 90 days / 1 year)	Archived after plan expires; deleted on request
Booking & invoice records	7 years (legal requirement)	Secure deletion after retention period
Payment transaction IDs	7 years (legal requirement)	Secure deletion after retention period
Technical server logs	30 days	Automatic log rotation

How We Protect Your Data

HTTPS Encryption: All data transmitted to and from instantpik.com is encrypted using TLS — including selfie uploads, gallery links, and admin access.
Private S3 Buckets: Event photos are stored in Amazon S3 with private access controls. Photos are never publicly indexed — accessible only via signed CloudFront URLs tied to the event code.
CloudFront CDN: Delivery via AWS CloudFront does not expose the original S3 storage location to guests.
Database Security: Our database is accessible only from our hosting server — not from the public internet. All passwords are hashed using bcrypt.
Automated Backups: Daily automated backups are stored in a separate, private AWS S3 bucket in the Mumbai region.
Admin Access Control: Admin panel access requires verified email and password authentication. No shared credentials are used.
Selfie Auto-Deletion: A scheduled cron job runs daily at midnight and permanently deletes all selfie files older than 24 hours from our server.

Third-Party Services

We use the following trusted third-party services. Each is governed by its own privacy policy:

Amazon Web Services (AWS): S3 storage, CloudFront CDN, and Rekognition AI face-matching — AWS Privacy Notice
Razorpay: Secure payment processing (RBI-certified) — Razorpay Privacy Policy
WhatsApp / Meta: Gallery link delivery via WhatsApp — WhatsApp Privacy Policy
Hostinger: Web hosting and server infrastructure — Hostinger Privacy Policy
Google Fonts: Typography served from Google's CDN — Google Privacy Policy

We do not use Facebook Pixel, Google Analytics, advertising trackers, or any third-party cookie-based tracking on instantpik.com.

Your Rights

Under India's Digital Personal Data Protection Act (DPDPA) 2023 and general privacy principles, you have the right to:

Access: Request a copy of the personal data we hold about you.
Deletion: Request immediate deletion of your selfie, name, phone number, or gallery access record.
Correction: Request correction of any inaccurate personal data.
Withdraw Consent: Withdraw consent for AI face-matching at any time. Your event photos can be shared via alternative means on request.
Portability: Request your personal data in a structured, readable format.
Grievance: Raise a formal complaint — we will respond in writing within 7 business days.

To exercise any of these rights, contact us at instantpik@gmail.com or WhatsApp +91 8143 779 779. We will acknowledge your request within 48 hours and resolve it within 7 business days.

Contact Our Privacy Team

Get In Touch

instantpik
Near Co-operative Bank, Kadiyapulanka,
Kadiyam Mandalam, East Godavari — 533126, Andhra Pradesh

Phone / WhatsApp: +91 8143 779 779
Email: instantpik@gmail.com

Return to Home Ask on WhatsApp