How many pictures can guests take?

There is a limit on the number of 10 photos each guest can take. This ensures a diverse collection of images and encourages guests to be more selective in their shots.

Can guests see each other’s photos?

Yes, after a specific time set by you, all the photos taken by your guests will be visible to everyone.

How do guests access the Lense camera?

Guests simply scan the provided QR code, which opens the Lense camera on their phone. There's no need to download any apps for your guests.

Can guests save or share their photos?

Yes, after the event, guests can save or share their favorite photos with family and friends.

Yes, the host has the ability to delete any photos that are deemed unsuitable or inappropriate before they become available for viewing.

Privacy Policy

Last Updated: 25-03-2026

Thank you for choosing Lense. We are committed to protecting your privacy. This Privacy Policy explains how Rewaive B.V. d/b/a Lense ("we", "us", or "our") collects, uses, shares, and safeguards your personal data when you use the lense.app website, the Lense mobile application, the Lense web version, and/or the Lense services (collectively, the "Service").

Data Controller:

Rewaive B.V.
Sint-Oedenrode, the Netherlands
KvK: 94766878
Email: [email protected]

Information We Collect

We collect the following categories of personal data:

Account Data: When you register for Lense, we collect your name, email address, and phone number.

Photos: All photos you upload to Lense are stored on servers located in the European Union. Your photos belong to you, and we will never sell or use them for commercial purposes without your explicit consent.

Location Data: With your permission, we collect location data from your device to provide you with relevant, location-based content and to improve your experience. You can enable or disable location data collection at any time through your device settings. If you choose not to share your location data, you can still use the Service, but some features may be limited.

Usage Data: We collect information about how you interact with the Service, including pages visited, features used, device type, operating system, IP address, and session duration.

Content Moderation: When you upload photos to Lense, we perform automated content analysis on our own servers to detect content that violates our Terms of Service (such as nudity or explicit material). This analysis is performed entirely in-house — your photos are not sent to any third-party service for this purpose. The legal basis for this processing is our legitimate interest (Art. 6(1)(f)) in maintaining a safe platform for all users.

Analytics Data: With your consent, we use the following analytics tools to understand how users interact with the Service:

PostHog: Product analytics to understand feature usage, user flows, and Service performance.
Microsoft Clarity: Behavioral analytics including heatmaps and session recordings to understand how users navigate the Service. Clarity may capture clicks, scrolls, and mouse movements but does not capture sensitive input fields such as passwords.

These analytics tools are only activated after you have given your consent. You can withdraw your consent at any time through the cookie settings on our website or by contacting us.

Purpose and Legal Basis for Processing

We process your personal data for the following purposes, each with a corresponding legal basis under GDPR Article 6:

Service provision (storing and displaying your photos, providing location-based content, managing your account): Legal basis — contractual necessity (Art. 6(1)(b)). Processing is necessary to perform the contract between you and Lense.
Service-related communication (updates, security alerts, account notifications): Legal basis — contractual necessity (Art. 6(1)(b)).
Marketing communications (promotional offers, newsletters): Legal basis — your consent (Art. 6(1)(a)). You may withdraw your consent at any time by unsubscribing or contacting us.
Content moderation (automated NSFW analysis of uploaded photos): Legal basis — legitimate interest (Art. 6(1)(f)). Our legitimate interest is to maintain a safe platform for all users.
Analytics and Service improvement (understanding usage patterns, improving features): Legal basis — your consent (Art. 6(1)(a)). You may withdraw your consent at any time.
Legal compliance (responding to legal requests, enforcing our Terms): Legal basis — legal obligation (Art. 6(1)(c)) or legitimate interest (Art. 6(1)(f)).

Cookies and Tracking Technologies

The Service uses essential cookies that are strictly necessary for the operation of the Service, such as session and authentication cookies. These do not require your consent.

PostHog and Microsoft Clarity use tracking technologies (such as scripts and local storage) to collect analytics data as described in the "Information We Collect" section above. These non-essential tracking technologies are only activated after you have given your consent. We do not use marketing or advertising cookies.

Data Sharing and Recipients

We do not sell your personal data. We do not share your photos, personal information, or data linked to you with third parties for their own purposes without your explicit consent.

We may share your personal data with the following categories of recipients, solely to the extent necessary to provide and improve the Service. All third-party processors are bound by data processing agreements in accordance with GDPR Article 28.

Hosting and infrastructure providers: EU-based hosting providers that store and process data on our behalf.
Analytics providers: PostHog and Microsoft Clarity, as described above, to help us understand Service usage.
Payment processors: Apple App Store and Google Play Store process in-app purchase transactions. We do not directly store your payment information.
Law enforcement and regulatory authorities: When required by law, court order, or to protect the rights, property, or safety of Lense, our users, or third parties.

International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA) using EU-based hosting and storage providers.

Certain third-party analytics services we use may transfer data outside the EEA. Where such transfers occur, they are protected by appropriate safeguards, including the EU-US Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission, to ensure your data receives an adequate level of protection.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account data: Retained for the duration of your account. Upon account deletion, your personal data will be deleted within 30 days, unless retention is required by law.
Photos: Deleted when you remove them from the Service or when your account is deleted.
Usage and analytics data: PostHog data is retained for up to 1 year. Microsoft Clarity data is retained for up to 30 days. After these periods, the data is anonymized or deleted.
Legal obligations: Certain data may be retained longer where required by Dutch or EU law (for example, financial records for tax purposes).

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and applicable Dutch data protection law, you have the following rights:

Right of access: You have the right to request a copy of the personal data we hold about you.
Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
Right to erasure: You have the right to request the deletion of your personal data, subject to legal obligations that may require us to retain certain data.
Right to restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interest as the legal basis, including for analytics and direct marketing purposes.
Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. In certain circumstances, we may need to verify your identity before processing your request.

If you believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence.

Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data as soon as possible. If you believe that a child under 16 has provided us with personal data, please contact us at [email protected].

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, modification, disclosure, or destruction. These include encryption of data in transit, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, as required by GDPR Article 34.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice within the Service at least thirty (30) days before the changes take effect. We will also update the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically.

Contact

We have not appointed a Data Protection Officer as we are not required to do so under GDPR Article 37. For all privacy-related inquiries, please contact us:

Rewaive B.V.
Sint-Oedenrode, the Netherlands
KvK: 94766878
Email: [email protected]