Legal
Privacy Policy
Last updated 1 June 2026
This policy explains how DIVIAD (diviad.studio) handles your personal data. I am the data controller. I process data in line with UK GDPR.
What I collect
When you book or enquire I collect your name, email, phone number, and the details of your booking (date, time, service, any notes you provide). When you pay, the transaction is handled by Stripe; I receive a payment reference but not your card number.
How I use it
To arrange and deliver your session, take payment, send booking confirmations and reminders, respond to enquiries, and keep records of bookings. I rely on performing my contract with you and my legitimate interest in running the business.
Who I share it with
I use trusted providers to run the site and service: Stripe (payments), Supabase (database & photo storage), Resend (email delivery), Vercel (hosting), and — only when the optional event photo finder is used — AWS Rekognition (face matching). They process data on my behalf. I do not sell your data.
Photos
Images from your session are stored securely and shared with you via a private gallery. See my Terms for how images may be used.
Event photo finder (face matching)
At some public events I offer an optional “photo finder”: you can take a selfie to see only the photos you appear in. This works by automated face matching, which is a biometric process, provided by AWS Rekognition. Because this is special category data under UK GDPR, I only do it with your explicit consent — you actively choose to use it, and you can always browse the gallery instead.
Your selfie is used solely to perform the match and is not stored. The face data generated for an event exists only for the life of that event’s gallery and is permanently deleted when the gallery comes down (typically within 45 days). You can decline at any time, and you can ask me to remove your data sooner using the contact details below.
Analytics
I use privacy-friendly, cookieless analytics (Vercel Analytics) to understand aggregate, anonymous usage of the site. It does not identify you and does not track you across other websites.
Retention
I keep booking and payment records for as long as needed for the service and to meet legal/accounting obligations, then delete them.
Cookies
The site uses only essential cookies needed for it to function (e.g. secure sessions). I do not use advertising cookies.
Your rights
You can request access to, correction of, or deletion of your data, and object to certain processing. To exercise these rights, email bookings@diviad.studio. You may also complain to the ICO (ico.org.uk).
This page is a general template provided for convenience and is not legal advice. Please review it with a qualified professional before relying on it.

