Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for your personal data, in accordance with Regulation (EU) 2016/679 (GDPR), is:

Επωνυμία / Name: Apostolis Tselepis
ΑΦΜ / VAT: 157813781
Διεύθυνση / Address: Mitropoleos 14, Thessaloniki, Greece
Email: info.galleroo@gmail.com

2. What Data We Collect

A. For Photographers (registered users)

Full name and email address from your Google account
Unique user identifier (Google UID)
Gallery metadata: title, Google Drive folder ID, encrypted password (if set), creation date
Login date and time

B. For Clients (gallery visitors)

No registration or account creation required
We store a session cookie solely to verify the gallery password
"Favorites" photo data is stored locally on your device (localStorage)
Standard server data (IP address, browser type) via our server logs

3. Legal Basis for Processing

Contract performance (Article 6(1)(b) GDPR): Processing to provide the service you requested
Legitimate interest (Article 6(1)(f) GDPR): Service security, abuse prevention
Legal obligation (Article 6(1)(c) GDPR): Compliance with tax and accounting obligations

4. Google Drive, How We Use It

Upon Google login, Galleroo obtains exclusively read-only access to your Google Drive files. Specifically:

We read the file list (images/videos) of the folders you select
We serve photos through our server to display them to your clients
✗ We do NOT store your photos
✗ We do NOT modify or delete any file in your Drive
✗ We do NOT access files other than those in the folders you select

5. Data Processors (Third-Party Providers)

To operate the service we work with the following providers, who act as data processors:

Google Firebase (Authentication & Firestore)

Αποθηκεύει τα στοιχεία λογαριασμού (email, όνομα, UID) και τα δεδομένα των galleries. Servers: ΕΕ (europe-west). Policy: firebase.google.com/support/privacy

Google Drive API

Policy: policies.google.com/privacy

Hosting Provider

Replace this block with the privacy policy link of the hosting provider you actually use (e.g. Vercel, AWS, Hetzner, etc.).

6. Cookies

We use only strictly necessary cookies for the operation of the service. We do not use advertising or tracking cookies.

Photographer login cookie

Maintains the logged-in state of your account. Expires when the browser is closed or after 30 days.

Gallery access cookie (gallery_token)

Stores encrypted authorization to access a password-protected gallery. Contains no personal data. Expires in 7 days.

7. Data Retention

Account data: Retained for as long as the account is active
Gallery data: Retained for as long as the account is active
After account deletion: Full deletion within 30 days
Billing data: Retained for 10 years per tax legislation
Server logs: Retained for 90 days

8. Your Rights (GDPR)

Under GDPR you have the following rights:

Right of access: To receive a copy of your data
Right of rectification: To correct inaccurate data
Right of erasure ("right to be forgotten"): To request deletion of your data
Right of portability: To receive your data in a structured format
Right to object: To object to processing for legitimate interest purposes
Right to restriction: To request restriction of processing under certain conditions

To exercise any right, contact us at info.galleroo@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the competent data protection authority in your jurisdiction.

9. Data Security

We implement appropriate technical and organisational measures to protect your data: SSL/TLS encryption for all communications, gallery password encryption (bcrypt), restricted database access, and regular backups.

10. Policy Changes

We may update this Privacy Policy. In case of material changes we will notify you via email or an in-platform notification. Continued use of the service after the update constitutes acceptance of the changes.

11. Contact

For any questions about this Privacy Policy or to exercise your rights: info.galleroo@gmail.com