UNVEILGet the app

Privacy policy

Last updated July 14, 2026

The short version

Unveil is built around one promise: photos stay sealed until the reveal. This policy explains what we collect to make that work, who processes it, how long we keep it, and the rights you have over it.

Who we are

Unveil is operated by Håkon Kjelseth in Norway, the data controller for the information described here under the GDPR.

Postal address: Torshovgata 15H, Oslo, Norway. You can reach us any time at haakon.kjelseth@gmail.com.

What we collect and why

We collect only what an event needs to run:

  • Account and identity. Sign in with Apple gives us a private identifier and, if you choose to share it, your name. Guests can join anonymously instead; an anonymous account holds their photos and nothing else.
  • Photos and event content. Shots taken at an event upload to our servers and stay there for that event's participants. We strip location data and other camera metadata while each photo develops.
  • Purchases. Event upgrades run through Apple's App Store, and RevenueCat validates the receipt so we can grant the credit. We receive the purchase record, never your card details.
  • Notifications. If you turn on reveal notifications, we store a push token so we can tell you when a roll unlocks, delivered through Apple's push service.
  • Usage data. We collect basic product analytics, like which screens get used, so we can improve the app. We never run analytics on your photos.
  • Support messages. If you email us, we keep that correspondence so we can help.

Who can see your photos

Before the reveal, photos are hidden from every participant. That includes the person who took them and the event's host.

After the reveal, only the people who joined that event can see them.

Who we share it with

We don't sell your data. We rely on a few processors to run the service, each handling only what its job needs:

  • Supabase (EU, Stockholm region) hosts our database, authentication, and photo storage.
  • PostHog (EU) processes product analytics.
  • RevenueCat validates App Store purchases.
  • Apple provides Sign in with Apple, handles App Store billing, and delivers push notifications.
  • Expo delivers push notifications to your device.

Legal basis

We process your data to perform our contract with you (running the events you create and join), for our legitimate interests (improving the app and keeping it secure), with your consent where you give it (reveal notifications), and to meet legal obligations where they apply.

How long we keep it

Event content stays for the life of the event. Account data stays until you delete your account. Analytics are kept in aggregate to understand how the app is used over time.

Your rights

Under the GDPR you can:

  • Access the data we hold about you.
  • Correct anything that is wrong.
  • Delete your account and its data.
  • Receive a copy of your data, or ask us to move it.
  • Object to or restrict certain processing.
  • Withdraw consent, such as turning off reveal notifications.
  • Lodge a complaint with a supervisory authority. In Norway that is Datatilsynet.

How to exercise them

Delete your account from the app's settings and we remove your profile and photos. For anything else, email haakon.kjelseth@gmail.com and we'll take care of it.

Where your data lives

Your account, photos, and analytics are stored in the EU. Some processors, such as Apple and RevenueCat, may handle limited data outside the EEA under appropriate safeguards like the standard contractual clauses.

Children

Unveil is not directed to young children, in line with the app's App Store age rating. If you believe a child has given us data, email us and we'll remove it.

Changes

We'll post any updates to this policy here, and announce anything meaningful in the app.

Contact

Questions about privacy? Write to haakon.kjelseth@gmail.com.