Privacy Policy
Lasso
Last updated: April 11, 2025
Overview
Lasso (“we,” “us,” or “our”) operates a post-event photo platform that helps event organizers distribute photos to attendees and measure the marketing impact of that distribution. This Privacy Policy explains how we collect, use, and protect information from both event organizers and event attendees.
This policy covers two distinct user types:
- Organizers — individuals or businesses who create a Lasso account to publish and share event photo albums
- Attendees — individuals who access a Lasso photo album via a shared link to find and download photos of themselves
Information We Collect
From Organizers
| Data | Purpose |
|---|---|
| Full name and email address | Account creation and login |
| Password (hashed, never stored in plain text) | Account authentication |
| Brand name, logo, brand color | Album customization |
| Billing information | Processed by Stripe; we do not store full card details |
| Event and album data (event name, date, occasion type, venue, attendee count, ticket link) | Album creation and management |
| Uploaded photos | Face matching and album delivery to attendees |
| Usage and analytics data | Afterglow Score calculation and dashboard reporting |
From Attendees
| Data | Purpose |
|---|---|
| Mobile phone number | SMS one-time passcode (OTP) verification |
| First name | Account personalization |
| Selfie image / facial recognition data | Matching attendee to their photos from the event |
| Photo interaction data (views, downloads, shares) | Engagement reporting to the organizing event organizer in aggregate form |
How We Use Your Information
Organizer data
- Create and manage your Lasso account
- Power your album dashboard and Afterglow Score analytics
- Process subscription payments via Stripe
- Send transactional emails such as password reset links
- Improve the platform
Attendee data
- Verify identity via a one-time SMS passcode
- Match your face to photos from the event you attended
- Provide access to your matched photos for viewing and downloading
- Report aggregate, anonymized engagement metrics to the event organizer (e.g. total views, total downloads — never individual attendee identity)
SMS Communications
We use SMS solely to deliver one-time verification codes to attendees. We do not send marketing messages, promotional content, or recurring SMS messages of any kind.
By entering your phone number on a Lasso album page, you consent to receive a single one-time passcode via SMS to verify your identity. Message and data rates may apply. You will not receive further SMS messages unless you initiate another verification.
To opt out, reply STOP to any message from us. For help, reply HELP or contact hello@lasso.pics.
Biometric Data and Facial Recognition
Lasso uses facial recognition technology to match event attendees with photos in which they appear. This section applies to attendees.
Collection. When you submit a selfie during onboarding, your facial geometry is extracted and used to search for matching photos in the event album. Your consent to this is explicit — you must check a consent checkbox before submitting your selfie.
Processing. Facial recognition processing is performed using a combination of our own infrastructure and Amazon Web Services (“AWS”). AWS processes facial data solely under our instruction and is contractually prohibited from using it for any independent purpose. No other third party receives your facial data in identifiable form.
We do not sell, lease, trade, or profit from biometric data. Facial recognition data is a mechanism for delivering the photo-finding service — it is not itself a product we monetize or share.
Retention. Facial recognition data is retained only as long as your account is active or as needed to deliver the service. You may request deletion at any time by contacting hello@lasso.pics. Deletion requests are processed within 30 days.
Organizer responsibility. Event organizers upload photos to Lasso that may contain images of attendees. By uploading photos to Lasso, organizers represent that they have the right to do so and that attendees have been or will be given the opportunity to access and manage their data through this policy.
How We Share Your Information
We do not sell personal information belonging to organizers or attendees.
We may share information with:
- Stripe — for payment processing on organizer accounts. Stripe's privacy policy governs their handling of billing data.
- Amazon Web Services — for cloud infrastructure and facial recognition processing, under strict data processing agreements.
- Other infrastructure providers — for hosting, storage, and SMS delivery, each bound by confidentiality and data processing obligations.
We do not share individual attendee identities, phone numbers, or facial data with event organizers. Organizers receive only aggregate, anonymized engagement metrics.
Data Retention
| Data type | Retention period |
|---|---|
| Organizer account data | Retained while account is active; deleted within 90 days of account closure upon request |
| Album and event data | Retained while account is active |
| Attendee account data | Retained while account is active; deleted within 30 days of deletion request |
| Biometric / facial data | Retained while attendee account is active; deleted within 30 days of deletion request |
| SMS verification logs | 90 days |
| Aggregate analytics data | Up to 24 months |
Your Rights
Both organizers and attendees have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete data
- Delete your account and associated personal data
- Withdraw consent for biometric data processing at any time
- Export your data in a portable format upon request
Attendees may additionally request deletion of their biometric data independently of their account.
To exercise any of these rights, contact hello@lasso.pics. We will respond within 30 days.
Children's Privacy
Lasso is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
Security
We implement reasonable technical and organizational safeguards to protect personal information, including encrypted storage, access controls, and secure transmission protocols. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top of this page when we do. Continued use of Lasso after changes are posted constitutes acceptance of the updated policy. For material changes, we will notify organizers by email.
Contact
For questions, data requests, or privacy concerns:
Lasso
hello@lasso.pics