Privacy Notice
How MemoryRevive handles personal information and family photographs
This notice explains what the service uses, why it is needed, who receives it, how long it is kept and the choices available to you.
1. Who is responsible
MemoryRevive is a digital photograph-restoration service operated from the United Kingdom. The operator of MemoryRevive is the controller of personal information collected through this website. Privacy questions and rights requests can be sent to hello@memoryrevive.co.uk.
2. Information we collect
- Contact and order details, such as your name, email address, billing information and order identifiers.
- The photographs you upload, private working copies, generated restorations, colourised versions, comparison files, memory-card details and download packages.
- Optional information you add for a keepsake, such as a title, approximate date or personal message.
- Your image-rights, acceptable-use and processing confirmations.
- Technical and security information, such as IP address, timestamps, browser information, access attempts and sanitised diagnostic logs.
- Messages, support correspondence, deletion requests, complaints and refund information.
Please do not put unnecessary sensitive information in memory-card text or support messages. Do not email private source photographs, full payment-card information or a secure order link unless MemoryRevive gives you an approved secure route.
3. Why we use information and our legal bases
We use information to validate uploads, create and administer an order, confirm payment, fulfil the chosen restoration option, create the finished file sizes, provide status and private downloads, send service messages, answer support requests, prevent misuse, diagnose failures, manage deletion and refunds, meet legal obligations and establish or defend legal claims.
The main legal basis is performance of the contract with you. We also rely on legal obligations for tax, accounting, consumer and regulatory records, and on legitimate interests in keeping the service secure, preventing fraud, supporting customers and resolving claims. We use consent only where a genuine choice is offered, such as separate permission to use a customer photograph in a public example. Consent can be withdrawn for future use at any time.
4. How photographs are handled
Customer photographs are private order files. They are not added to the public WordPress Media Library, published as examples, used in MemoryRevive advertising or used to train MemoryRevive models without separate written permission. The uploaded original is not overwritten; restoration uses separate working copies.
A processing copy and the restoration instructions are sent through the OpenAI API to produce the requested output. OpenAI states that API inputs and outputs are not used to train its models by default unless the API customer expressly opts in. OpenAI may process limited content and metadata for service delivery, safety and abuse prevention under its current API terms and data controls. MemoryRevive does not opt customer photographs into voluntary training or feedback sharing.
5. Who receives information
- WooCommerce and the website hosting environment, to operate the basket, checkout, order records and private application storage.
- Stripe, through the official WooCommerce payment extension, to take payment, authenticate transactions and prevent fraud. MemoryRevive code does not receive your full card number.
- OpenAI, through its API, to process a private working copy and generate the requested restoration.
- Email, backup, security and technical-support providers, where needed to deliver messages, protect the service, recover from a serious failure or resolve a support issue.
- Professional advisers, regulators, courts or law-enforcement bodies, only where reasonably necessary or legally required.
Providers receive only the information needed for their role. Some providers may process information outside the United Kingdom. Where UK data-protection law requires a transfer safeguard, MemoryRevive relies on an applicable adequacy decision or the contractual transfer mechanism available with that provider, together with proportionate security measures.
6. Storage, access and security
Photographs are stored in private local or private object storage rather than a public uploads folder. Controlled download endpoints or time-limited signed links, random internal names, file validation, access controls, audit records and expiring status tokens reduce the risk of unauthorised access. Access by an administrator is limited to support, safety and failure investigation when it is genuinely needed. No internet service can guarantee absolute security.
Keep the order-status link private. Anyone with a valid forwarded link may be able to view status, request an available action or download files until the capability expires or is revoked.
7. How long we keep information and when we delete it
- Abandoned temporary uploads are normally deleted within 24 hours.
- Original photographs, working copies and generated order files are normally kept for 30 days after completion. The private order page shows the exact deletion date and offers earlier deletion where available.
- Support enquiries are normally kept for up to 90 days after they are received, unless a longer period is needed to resolve a dispute or meet a legal duty.
- Routine diagnostic logs are normally kept for up to 30 days and are designed not to contain full private photographs or secrets.
- WooCommerce order, payment, tax, fraud-prevention and accounting records are kept for the period required by applicable law and legitimate record-keeping needs. These records are kept separately from the photograph files.
A file that has been deleted from the live service may remain in a restricted operational backup until that backup is overwritten under the hosting backup cycle. Backups are isolated from ordinary access and used only for disaster recovery. If a backup is restored, recorded deletion requests must be reapplied before normal service resumes.
8. Your rights
Depending on the circumstances, UK data-protection law may give you rights to access your information, correct inaccurate information, request erasure, restrict or object to processing, receive portable information and withdraw consent. A right can be limited where information must be retained by law, is needed to complete your contract or is required for legal claims.
Email hello@memoryrevive.co.uk to make a request. MemoryRevive may ask for proportionate evidence of identity or authority so that information is not disclosed to the wrong person. You can also complain to the UK Information Commissioner’s Office through ico.org.uk.
9. Cookies and similar technologies
Essential technologies are used for security, the WooCommerce basket, checkout, guest sessions and payment-fraud prevention. MemoryRevive does not enable optional advertising or behavioural-tracking cookies by default. If optional analytics or marketing is added, it must remain off until an appropriate choice has been made. See the Cookie Notice.
10. Changes and contact
This notice may be updated when the service, providers or legal requirements change. The date above identifies the current version. Material changes will be brought to customers’ attention where appropriate. Contact hello@memoryrevive.co.uk or use the Contact page with any privacy question.