Souvenir

Privacy Policy

Last updated: May 19, 2026

Souvenir is a small operation. Most people who use it want to turn a folder of photos into a book they can hold. This page explains what we collect to make that work, who we share it with, and how to get it back or delete it. We try to keep it plain.

1. Introduction

This Privacy Policy describes how The Souvenir Team, doing business as Souvenir, collects, uses, and discloses personal information when you visit our website, use our mobile app, place an order, or otherwise interact with our service (together, the Service). In this policy we use we, us, and Souvenir to mean the same thing, and you to mean the person reading it.

By using the Service you agree to the practices described here. If you do not agree, do not use the Service.

2. Information we collect

We collect the following categories of personal information.

Account information

When you create an account we collect your email address, a password (stored as a one-way salted hash — we never see the plaintext), and the name you choose to display. If you sign in through Apple or Google, we receive a unique provider identifier and whatever profile data those services pass us (typically email and name). We also keep a verification flag, a one-time verification code if you used the email signup flow, and an optional avatar URL.

Photos and book content

When you upload a photo to a memory, we store the original image and a thumbnail in encrypted cloud storage. We retain the dimensions, file size, and content type. Your photos are scoped to your account; nobody else can see them unless you explicitly invite a collaborator to a shared memory.

Camera metadata (EXIF). Most photos include hidden data the camera writes when the shutter clicks — the date and time, and (if location services were enabled) the GPS coordinates and altitude where the photo was taken. On first sign-in we ask whether Souvenir may read this data. If you say Allow, we extract and store the date taken, latitude, longitude, and altitude for each photo so we can auto-fill your book's dates, sort photos in shot order, suggest a name like "TOKYO · MAY 2026," show photos on a map inside the editor, add a printable trip-map page, and group your book by day. If you sayNot now or decline later in Settings, we do not read or store any of this data. You can revisit the choice in Settings › Preferences › Photos at any time. Disabling the toggle stops future uploads from being read; the separateClear my photo metadata button removes any date and location data we previously stored.

Inside the editor, we also store the layout you build: the position and size of each photo, the text you type, the fonts and colors you choose, and the page order. This data is what gets turned into a printable file when you order a book.

Shipping and recipient information

When you order a book, we collect the recipient's name and shipping address. You can ship to multiple addresses on a single order; we store each recipient separately. We may also collect an optional phone number or email address for delivery notifications. If you use address autocomplete, the strings you type are sent to a third-party autocomplete provider so it can return suggestions; when you confirm an address, we may also validate it against an address validation service to catch typos.

Payment information

Payments are processed by Stripe. Your card number never touches our servers. Stripe collects your card details directly in their secure form embedded in our checkout. From them, we receive a payment reference, the status of the charge, the amount paid, the currency, and the last four digits and brand of your card so we can show it on your order confirmation. We use that reference to issue refunds when we choose to.

Communications with us

When you email our support address, we keep a copy of the conversation so we can follow up.

Usage information

We collect a small amount of analytics data to understand how the Service is used and to find bugs. This includes the pages you view, the buttons you tap, which step of the editor or checkout you reached, the country your device reports, and a randomly generated identifier for your browser or device. We do not record what you type, do not capture screen recordings, and do not track you across other websites. Sensitive fields are stripped at the source before anything leaves your browser.

3. How we use your information

We use your information to:

  • Provide the Service — let you sign in, build memories, upload photos, and place orders.
  • Produce and ship the books you order.
  • Send you transactional messages: order confirmation, shipping updates, payment failures, refunds, password resets, and email verification codes.
  • Respond to your support requests.
  • Detect, prevent, and address fraud, abuse, and technical problems.
  • Improve the product by understanding which features are used and where people get stuck.
  • Comply with legal obligations (tax, accounting, lawful requests from authorities).

We do not sell your personal information. We do not share it with advertisers. We do not use your photos or anything else you upload to train artificial-intelligence models, our own or anyone else's.

4. Who we share information with

To run the Service we rely on a small set of trusted third-party providers, each of which receives only the information they need for the role they play. Below is a categorical list of the providers we use today. Specific company identities are available on request to support@souvenir.press.

Identity and authentication provider

Hosts the account database and verifies sign-ins. Receives: your email, password hash, OAuth provider identifier, and account metadata.

Cloud storage provider

Stores your uploaded photos, generated thumbnails, and printable book files in encrypted object storage. Receives: image and document data.

Payment processor (Stripe)

Processes card payments. We name Stripe directly because their branded checkout form is what you interact with at the payment step. Stripe collects your card data and returns a reference. See Stripe's own privacy policy at stripe.com/privacy.

Print fulfillment provider

Produces your physical book and ships it to the recipient. Receives: recipient name, full shipping address, optional phone number or email for delivery notification, and the printable file that contains your photos and layout. This provider does not receive your account email or password and does not retain your photos beyond what is needed to print and ship the order.

Transactional email provider

Sends order confirmations, shipping notifications, payment-failure notices, refund notifications, and verification codes. Receives: your email address and the contents of the message.

Address autocomplete and validation

Returns suggestions as you type an address at checkout, and (optionally) validates the final address against postal databases. Receives: the typed address string and the candidate address you confirm.

Analytics provider

Records anonymized usage events so we can see funnel drop-offs and bugs. Sensitive data is scrubbed before it leaves your device; the analytics provider receives only scrubbed event names, an opaque device identifier, and the URL path you are on (with any record IDs or query parameters stripped).

We may also disclose your information to comply with law (subpoenas, court orders, lawful requests from government authorities) or to enforce our Terms of Service, prevent fraud, or protect the rights, property, or safety of our users or the public. If Souvenir is ever acquired or merged, your information may be transferred to the acquirer as part of the transaction, subject to this policy.

5. International transfers

Souvenir is operated from New Hampshire, United States. Our service providers are located in the United States, the United Kingdom, the European Union, and elsewhere. If you use the Service from outside the United States — Souvenir ships worldwide — your information is transferred to and processed in these jurisdictions.

Where the law requires it, we put safeguards in place to protect your information when it crosses borders:

  • For users in the European Economic Area and Switzerland, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) with our service providers.
  • For users in the United Kingdom, we rely on the UK International Data Transfer Addendum issued by the Information Commissioner's Office.
  • For users in other countries with cross-border-transfer rules (for example, Canada under PIPEDA, Brazil under the LGPD, or Australia under the Privacy Act), we rely on the transfer mechanisms that those laws permit.

You can ask us for a copy of the safeguards in place for a specific transfer by emailing support@souvenir.press.

6. How long we keep things

We keep your personal information only as long as we need it for the purposes described above. As a general rule:

  • Account data — until you delete your account. After deletion, we may keep a minimal record (your user identifier and the fact that the account existed) for a short period to handle disputes and prevent abuse.
  • Photos and book content — until you delete them or delete your account.
  • Order records — up to seven years after the order, to comply with US tax and accounting law. Personal identifiers in order records may be anonymized after you delete your account; the underlying order line items are retained for the legal retention period.
  • Payment records — held by Stripe per their own retention policies (typically seven years for tax and dispute reasons).
  • Support emails — up to three years from the last reply.
  • Server logs and analytics — up to thirteen months.

7. Your rights

Depending on where you live, you may have some or all of the following rights in your personal information:

  • Access — ask us for a copy of the information we hold about you.
  • Correction — ask us to fix anything that is wrong.
  • Deletion — ask us to delete your information. You can also delete your account yourself from the Preferences screen at any time.
  • Portability — ask us for your information in a structured, commonly used, machine-readable format.
  • Restriction — ask us to limit how we use your information while a dispute is being resolved.
  • Objection — object to specific uses of your information.
  • Withdrawal of consent — where we rely on your consent for a particular use, you can take it back.

If you are in California, you have substantially similar rights under the California Consumer Privacy Act. We do not sell or share your personal information for cross-context behavioral advertising, so the right to opt out of "sale" or "sharing" under the CCPA does not change anything for you here, but you still have the rights to know, correct, and delete as described above. We will not retaliate against you for exercising any of these rights.

8. How to exercise your rights

The fastest way to delete your account and the data tied to it is from inside the app: Profile → Preferences → Delete my account. For everything else, email us at support@souvenir.press. We aim to respond within thirty days for requests made under the European GDPR and forty-five days for requests made under the California CCPA. We may ask you to verify your identity before acting on a request — typically by replying from the email address on your account.

If you believe we have failed to handle your request properly, you have the right to lodge a complaint with your local data protection authority:

  • In the European Union and EEA, your country's data protection authority — the European Data Protection Board lists them at edpb.europa.eu/about-edpb/about-edpb/members_en.
  • In the United Kingdom, the Information Commissioner's Office at ico.org.uk.
  • In Switzerland, the Federal Data Protection and Information Commissioner at edoeb.admin.ch.
  • In Australia, the Office of the Australian Information Commissioner at oaic.gov.au.
  • In Canada, the Office of the Privacy Commissioner at priv.gc.ca.
  • In the United States, your state attorney general's office.
  • In other countries, the regulator responsible for data protection or consumer protection where you live.

9. Security

We protect your information with industry-standard measures: HTTPS in transit, encryption at rest in object storage, hashed passwords, scoped access tokens, and the principle of least privilege for the small number of people who can see operational data. We test the system regularly and patch known vulnerabilities promptly. No system is perfectly secure; we will tell you and the appropriate regulator if we ever learn of a breach that affects your personal information.

10. Children

Souvenir is not directed to children under the age of thirteen. We do not knowingly collect personal information from children under thirteen. If we learn that we have collected information from a child under thirteen, we will delete it. If you are a parent or guardian and you believe your child has signed up, email us at support@souvenir.press and we will take care of it. If you are between thirteen and eighteen, you may only use the Service with the involvement of a parent or guardian, as further described in our Terms of Service.

11. Cookies and similar storage

We use a small set of cookies and locally-stored values to keep you signed in, remember your preferences, and measure usage. We do not use cookies for advertising.

What we store on your device:

  • An authentication session, so you stay signed in across visits.
  • A small number of preferences keys (whether you've completed onboarding, the last text style you used in the editor, an editor sync identifier).
  • An opaque analytics identifier and device identifier set by our analytics provider, used to group events into sessions.

What we do not use:

  • No Google Analytics, no Meta (Facebook) Pixel, no TikTok Pixel, no other third-party advertising or social-media trackers.
  • No cross-site behavioral tracking.
  • No session-replay or screen-recording cookies.

You can clear local data in your browser's settings, or log out to clear the authentication session.

12. Changes to this policy

We may update this policy from time to time as the Service evolves or the law changes. When we make a material change, we will update the "Last updated" date at the top of this page and, where required, notify you by email. The version of the policy in effect when you use the Service is the version that governs.

13. Contact

Questions, requests, complaints, or anything else: email support@souvenir.press. You can also write to us at The Souvenir Team, doing business as Souvenir, New Hampshire, USA. (Add a postal address before launch.)