Privacy Policy

Last updated: May 2026 | Sabtech Limited

    Summary: We collect your name, email, phone and photo only to provide the passport photo service. We do not sell your data. Photos are deleted immediately after delivery. We comply with UK GDPR.
  

1. Who We Are

Photobooth App is operated by Sabtech Limited. We provide digital passport and visa photo services.

Contact: info@sabtech.co.uk

2. What Data We Collect

Full name — to personalise your order and email
Email address — to deliver your photo and send order confirmation
Phone number — for order reference purposes
Government reference number — optional, provided by you for your own reference
Passport-style photograph — uploaded by you for processing
Payment details — processed securely by Stripe. We never see or store your card details.

3. How We Use Your Data

To process your photo and remove the background
To deliver your completed photo by email
To send your order confirmation
To handle refund or support requests
To maintain transaction records for accounting (name, email, amount — no photos)

4. Lawful Basis (UK GDPR)

We process your data under Article 6(1)(b) — performance of a contract. You provide data to receive the service you have paid for. For sensitive biometric-style photo data, we rely on your explicit consent given at the point of upload.

5. Photo Data — Special Category

Passport-style photographs may constitute biometric data under UK GDPR. We treat them with the highest level of care:

Photos are processed in memory only — never written to permanent disk storage
Photos are automatically deleted from our servers immediately after your email is delivered
Photos are never shared with third parties except the background removal service (remove.bg) which processes them under their own privacy policy
We do not use your photo for any purpose other than producing your order

6. Data Retention

Photos: Deleted immediately after delivery (within minutes)
Order records (name, email, amount): Retained for 7 years for accounting/tax purposes, then deleted
Payment data: Retained by Stripe under their own policy. We only store the Stripe payment reference ID.

7. Third Party Services

Stripe — payment processing (stripe.com/privacy)
remove.bg — AI background removal (remove.bg/privacy)
Resend — email delivery (resend.com/privacy)
Render.com — server hosting (render.com/privacy)

8. Your Rights

Under UK GDPR you have the right to:

Access — request a copy of data we hold about you
Erasure — request deletion of your personal data
Rectification — correct inaccurate data
Portability — receive your data in a portable format
Object — object to processing of your data
Withdraw consent — at any time for consent-based processing

To exercise any right, email info@sabtech.co.uk. We will respond within 30 days.

9. Cookies

We use only essential session cookies required for the payment process (Stripe). We do not use tracking, advertising or analytics cookies.

10. Security

We implement appropriate technical and organisational measures including HTTPS encryption, rate limiting, input validation, and security headers. Payment data is handled exclusively by Stripe who are PCI DSS Level 1 certified.

11. ICO Registration

We are registered with the Information Commissioner's Office (ICO) as required under UK data protection law.

12. Changes to This Policy

We may update this policy from time to time. The current version will always be available at this URL. Significant changes will be communicated by email.

13. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the ICO at ico.org.uk or call 0303 123 1113.

Contact Us

Sabtech Limited
Email: info@sabtech.co.uk
For data requests, refunds or support please email us and we will respond within 2 business days.