Where do the photos from your event live? EU hosting and sovereignty, the guide
When 80 guests upload 400 photos to an online album, those images go somewhere: to servers, in a country, under specific laws. Most services don’t say where. Here’s why this question matters before your event, what changes with EU hosting, and a practical checklist to evaluate any service.
The question no one asks before sending 400 photos
Event photos are personal data under GDPR: they show faces, children, private moments. Their protection depends directly on where they are stored and the laws that apply to the host.
Yet this is the least documented aspect of the market: most sharing services don’t display where their servers are located. You have to dig into the privacy policy, if the information is even there.
What changes with EU hosting
Data hosted in the European Union remains fully within the scope of the General Data Protection Regulation: rights of access, rectification and erasure, data minimization obligations, strict rules on subcontractors, and the possibility of recourse to a supervisory authority like the CNIL , in France.
By contrast, data stored outside the Union falls under international transfers: legally possible, but subject to conditions (contractual safeguards, EU-US frameworks like Privacy Shield, which was struck down by the Court of Justice of the European Union in 2020). Legal stability is simply better when data never leaves the Union.
AI must also be sovereign
One point often goes unnoticed: moderation. When a service automatically analyzes photos to remove problematic content, those images are sent to an analysis engine. If that engine is an AI service outside the EU, your images travel, even if the main storage is European.
Sovereignty must be judged end-to-end: storage, but also processing. At Fotelya, moderation is handled by a European AI (Mistral, Paris): the photos from your event never leave the EU, whether for storage or analysis.
Fotelya’s doctrine, in black and white
- Storage in the European Union : media and database hosted in the EU, encrypted in transit and at rest.
- Processing in the European Union : moderation by European AI (Mistral), no analysis outside the EU.
- Minimization : guests need no account or identifier; they scan, they upload, that’s it.
- Automatic deletion : the gallery is deleted at the end of the plan term (30 days in the free plan, 6 to 12 months in paid plans), no perpetual archive.
- Your data stays yours : full ZIP export in original quality, including photos, videos and guestbook; no resale, no ads, no model training on your images.
This page describes a product commitment, not a plea: every point is verifiable in our privacy policy.
The checklist to evaluate any service
- Is the server location displayed anywhere (website, privacy policy)?
- Is the retention period defined, with automatic deletion at the end?
- Do guests need to create an account, or does the service work without identifiers?
- Are the list of subcontractors (host, emails, AI moderation) and their countries documented?
- If automatic image analysis exists, is it performed within the European Union?
- Can you export the entire album and then request complete erasure?
- Is the business model clear (you pay for the service) or does it rely on data exploitation?
If an answer is missing, ask the service support: the quality of the response is in itself an indicator. This article is an educational explanation, not legal advice.