Privacy at Grain

When you scan a QR code and join an event, Grain creates an anonymous session for your browser. We do not ask for your email, phone number, or real name. The display name you pick is shown to other guests in that event, and it can be changed by the host on request.

When you upload a photo, Grain removes the embedded location data (GPS coordinates in the EXIF block) before the file is saved. In Grain Mode the original is downscaled in your browser and the full-resolution file is discarded before upload. In Album Mode the original is preserved so the host can keep print-quality copies.

If you choose to add your email when joining, we use it for one purpose only: to send you a single notification when the photos for that event are revealed. Email is optional, never required to participate, and every notification includes a one-click unsubscribe link. Your email is deleted when the event is purged, or sooner if you erase your guest data.

Grain does not run facial recognition, biometric matching, or any form of automated face clustering. Photos are not used to train any model. We do not sell data, and we do not share it with advertising networks.

In Grain Mode, photos stay private until the host-set reveal time. Until then, only you can see the photos you took, and the server refuses to hand out anyone else's files. Hiding is enforced on the server, not just in the interface.

Each event has a retention window chosen by the host, 30 days by default. When the window closes, every photo and every guest record for that event is permanently deleted from storage and from the database. You can also erase your own photos and your guest record at any time from the event page.

Grain runs on infrastructure hosted in the European Union (Ireland). We do not transfer event data outside the EU.

For privacy questions, contact the host of the event you joined. They are the data controller for that event. Grain operates as the processor.