Privacy Policy

Last updated: February 25, 2026

Introduction

Welcome to Shashin's Privacy Policy. This document explains how we collect, use, disclose, and safeguard your information when you use our AI-powered photobooth service. We are committed to protecting your privacy and ensuring transparency about our data practices.

FrontHAUS Pte. Ltd. ("the Company", "we", "us", or "our") is a company incorporated under the laws of the Republic of Singapore. We comply with the Personal Data Protection Act 2012 (PDPA) of Singapore, the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using Shashin, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

Personal Information

We collect several types of information from and about users of our Service:

  • Account Information: Name, email address, password (encrypted), phone number, and country code
  • Profile Data: Company name, country, timezone, language preference, avatar image, and contact information
  • Photos & Media: Original photos, AI-processed images, AI-generated videos, session frame overlays, and associated metadata
  • Usage Data: Session activity, photo and video counts, credit usage, storage consumption, API request counts, feature interactions, and survey responses
  • Communication Data: Live chat transcripts, support ticket history, newsletter subscription preferences, and customer satisfaction survey responses
  • Device Information: IP address, browser type, operating system, device type, and device identifiers (including kiosk session data)
  • Financial Information: Subscription tier, payment method details (processed and stored securely by Stripe), credit transaction history, and invoice records

Automatically Collected Information

When you access our Service, we automatically collect certain information about your device and usage patterns, including your IP address, browser type, pages viewed, time spent on pages, and other diagnostic data.

How We Use Your Data

We use the collected data for various purposes:

  • Providing and maintaining our photobooth service and AI processing features
  • Processing payments and managing subscriptions
  • Improving service quality and AI processing workflows (your images are not used to train AI models)
  • Sending administrative information, updates, and security alerts
  • Monitoring usage patterns to detect and prevent fraud or abuse
  • Responding to customer support requests and inquiries
  • Sending newsletter communications (with your consent) and conducting customer satisfaction surveys
  • Generating public sharing links for your photos and videos when you choose to share them
  • Complying with legal obligations and protecting our legal rights

Data Sharing and Disclosure

We may share your information in the following situations:

  • Service Providers: Third-party companies that assist with payment processing (Stripe), cloud storage, content delivery and security (Cloudflare), real-time communications, analytics, and customer support
  • AI Partners: AI processing infrastructure providers for image generation (only necessary image data is transmitted;)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

Important: We never sell your personal information to third parties for marketing purposes. Your photos are processed securely.

Data Security

We implement industry-standard security measures to protect your personal information:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encrypted storage for sensitive data including passwords and payment information
  • Regular security audits and penetration testing
  • Access controls and authentication requirements for our systems
  • Employee training on data protection and privacy best practices

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to improve our security measures.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained while your account is active and for 90 days after closure
  • Photos & Media: Retained according to your preferences, typically 30-90 days unless extended
  • Transaction Records: Retained for 7 years for tax and legal compliance purposes
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely

For detailed information about our data retention practices, please see our Data Retention Policy.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request access to your personal information we hold
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information (right to be forgotten)
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data for certain purposes
  • Restriction: Request restriction of processing under certain circumstances
  • Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and become aware that your child has provided us with personal information, please contact us.

If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country where data protection laws may differ. By using our Service, you consent to the transfer of your information to these locations.

We ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission and other regulatory bodies, to protect your information during international transfers.

GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data and receive information about how it's processed
  • Right to rectification of inaccurate personal data
  • Right to erasure ("right to be forgotten") under certain circumstances
  • Right to restrict processing of your personal data
  • Right to data portability in a structured, commonly used format
  • Right to object to processing based on legitimate interests
  • Right to lodge a complaint with your local supervisory authority

CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses and service providers
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us at [email protected]. We will verify your identity before processing requests.

PDPA Rights (Singapore)

As FrontHAUS Pte. Ltd. is incorporated in Singapore, we comply with the Personal Data Protection Act 2012 (PDPA). Under the PDPA, you have the following rights:

  • Right to be informed of the purposes for which your personal data is collected, used, or disclosed
  • Right to access your personal data held by the organisation
  • Right to request correction of errors or omissions in your personal data
  • Right to withdraw consent for the collection, use, or disclosure of your personal data
  • Right to request that we transfer your personal data to another organisation (data portability)

To exercise your PDPA rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within thirty (30) business days. If you are dissatisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Technologies used include:

  • Essential Cookies: Required for the Service to function properly
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use the Service
  • Performance Cookies: Monitor and improve Service performance
  • Marketing Cookies: Used for campaign tracking and conversion measurement (consent required)

For more details about our cookie practices, please refer to our Cookie Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Sending an email notification to the address associated with your account
  • Posting a prominent notice in your dashboard
  • Updating the "Last updated" date at the top of this policy

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

[email protected]

For data subject access requests (PDPA/GDPR/CCPA), please use our dedicated privacy contact email above and include "Data Request" in the subject line.