← Blog
Blog · EU hosting: where do the photos from your event live?
Guide

Where do the photos from your event live? EU hosting and sovereignty, the guide

When 80 guests upload 400 photos to an online album, those images go somewhere: to servers, in a country, under specific laws. Most services don’t say where. Here’s why this question matters before your event, what changes with EU hosting, and a practical checklist to evaluate any service.

The question no one asks before sending 400 photos

Event photos are personal data under GDPR: they show faces, children, private moments. Their protection depends directly on where they are stored and the laws that apply to the host.

Yet this is the least documented aspect of the market: most sharing services don’t display where their servers are located. You have to dig into the privacy policy, if the information is even there.

What changes with EU hosting

Data hosted in the European Union remains fully within the scope of the General Data Protection Regulation: rights of access, rectification and erasure, data minimization obligations, strict rules on subcontractors, and the possibility of recourse to a supervisory authority like the CNIL , in France.

By contrast, data stored outside the Union falls under international transfers: legally possible, but subject to conditions (contractual safeguards, EU-US frameworks like Privacy Shield, which was struck down by the Court of Justice of the European Union in 2020). Legal stability is simply better when data never leaves the Union.

AI must also be sovereign

One point often goes unnoticed: moderation. When a service automatically analyzes photos to remove problematic content, those images are sent to an analysis engine. If that engine is an AI service outside the EU, your images travel, even if the main storage is European.

Sovereignty must be judged end-to-end: storage, but also processing. At Fotelya, moderation is handled by a European AI (Mistral, Paris): the photos from your event never leave the EU, whether for storage or analysis.

Fotelya’s doctrine, in black and white

This page describes a product commitment, not a plea: every point is verifiable in our privacy policy.

The checklist to evaluate any service

If an answer is missing, ask the service support: the quality of the response is in itself an indicator. This article is an educational explanation, not legal advice.

Frequently Asked Questions

Does the GDPR apply to non-European services as well?
Yes, as soon as they target individuals located in the European Union. However, the practical application (controls, remedies, data transfers) is more straightforward when the company and servers are within the Union: the question of hosting therefore remains relevant even when facing a service that is compliant on paper.
How can I find out where a service hosts the photos?
Look in the privacy policy for the list of subcontractors and their locations. If the information is not there, ask the support team. At Fotelya, EU hosting is publicly displayed and detailed in the privacy policy.
Is a wedding subject to the GDPR?
Purely private and family sharing benefits from exemptions, but the service you use to host the photos is fully subject to the GDPR for everything it does with your data. For a professional event, the organizer is also responsible for its own data processing: if in doubt, your DPO or the CNIL are the references.
What happens to the photos at the end?
At Fotelya: you download the complete album (ZIP, original quality), then the gallery is automatically deleted when the plan expires. Automatic deletion prevents forgotten archives from lingering on a server for years.

See also