Security
Last updated: May 31, 2026
Data Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS). Photos uploaded to our storage are encrypted at rest using Hetzner Object Storage's server-side encryption.
Photo Privacy
All photos are stored in a private S3-compatible bucket. Photos are never publicly accessible — they are served exclusively via time-limited, pre-signed URLs. Only event organizers and guests with the share code can view event photos.
Authentication
Event organizers authenticate via Google OAuth — we never handle passwords. Guest users remain completely anonymous with no account required. Guest tokens are randomly generated and stored in browser localStorage.
Infrastructure
- Server: Hetzner VPS (Helsinki, Finland) — fully firewalled, regular security updates
- Database: Supabase (AWS eu-central-1) — encrypted, access controlled via service role key
- Storage: Hetzner Object Storage (Nuremberg, Germany) — private bucket, pre-signed URLs only
- CDN: Cloudflare — DDoS protection, SSL termination
Payment Security
All payments are processed by Lemon Squeezy, a PCI-compliant payment processor. We never see or store your credit card details. Lemon Squeezy handles all sensitive payment data.
Data Retention & Deletion
Photos are automatically deleted 90 days after the event ends. Account data can be deleted upon request by emailing [email protected].
Vulnerability Disclosure
If you discover a security vulnerability, please email us at [email protected]. We take all reports seriously and will respond promptly.
GDPR Compliance
As a EU-based service, Disposable Events fully complies with GDPR. All data is stored within the European Union. See our Privacy Policy for more details.