Legal

Privacy Policy

Last updated: April 2026

What we collect

When you use Nenpsy as a host, we collect:

  • Email address — used to identify your account. Sign-in is handled via Google OAuth — we never store a password.
  • Name and profile image — displayed in your account and to event managers you invite.
  • Event data — event titles, dates, sections, settings, and cover images you create.
  • Google Drive OAuth tokens — used solely to write guest photos into your connected Google Drive. See the Google API section below for full details.

When guests upload photos (no account required), we collect:

  • Photos — temporarily handled during upload, then written directly to the host's Google Drive. We do not retain copies on our servers.
  • Guest name — optionally provided at upload time, attached to the photo as metadata.

How we use your data

  • To operate your albums and allow guests to upload photos.
  • To send you transactional emails (access approvals, manager invites).
  • To write guest photos directly to your Google Drive on your behalf.
  • To display your name and email within the app where relevant (e.g. manager invitations).

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.

Google API and Drive data

Nenpsy uses the Google Drive API with the drive.file scope. This means we can only access files and folders that Nenpsy itself creates in your Drive — we cannot read, modify, or delete any other files in your Drive.

Specifically, we use this access to:

  • Create a top-level folder for each album you set up.
  • Create sub-folders within that album for each section (e.g. Day 1, Reception).
  • Upload guest photos into those folders on your behalf.

We store your OAuth refresh token encrypted in our database solely to perform the above operations. We do not use your Google account data for any other purpose. You can revoke access at any time via your Google Account permissions page.

Nenpsy's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Third-party services

  • Google Drive — Photos are stored in your own Drive. Subject to Google's Privacy Policy.
  • Resend — Transactional email delivery. Subject to Resend's Privacy Policy.
  • Neon (PostgreSQL) — Event metadata and user accounts. Data is encrypted at rest.
  • Vercel — Hosting and edge delivery. Request logs may be retained for debugging.

Cookies and sessions

We use a single session cookie to keep you signed in for up to 30 days. No tracking or advertising cookies are used.

Data retention

We retain your account data for as long as your account is active. Guest photo metadata (name, upload timestamp) is retained for as long as the album exists. Photos themselves are stored in your Google Drive and governed by your own Google account settings.

Your rights

You can request deletion of your account and all associated data at any time by contacting us. We will process the request within 14 days. Deleting your account does not delete photos from your Google Drive — those remain under your control.

Contact

Questions about your data? Reach out here or email us at support@nenpsy.com.