Privacy Policy

Last updated: May 12, 2026

1. Introduction

EnFlash ("EnFlash," "we," "us," or "our") operates a two-sided marketplace connecting Clients with Creatives (such as photographers, videographers, and editors) for bookings, payments, messaging, and delivery of creative work. This Privacy Policy describes how we process personal data when you use our websites, applications, and related services (collectively, the "Services").

If you do not agree with this Policy, please do not use the Services. For how we use cookies and similar technologies, see our Cookie Policy and the cookies section of our Terms of Service.

2. Data we collect

Depending on how you use the Services, we may process:

  • Account and identity data: such as name, email, and credentials managed through our authentication provider.
  • Profile and portfolio data: for Creatives, information you add to your profile, packages, availability, and portfolio materials; for Clients, information needed to request and complete bookings.
  • Booking and transaction data: such as booking details, schedules, fees, payment status, and payout-related references processed by payment partners.
  • Communications: messages and notifications sent through the Services in connection with bookings or your account.
  • Content: photos, videos, files, and other materials uploaded or exchanged in line with the product flows.
  • Technical and usage data: such as IP address, device and browser type, approximate location derived from network signals where available, log data, diagnostics, and—if you consent—aggregated analytics about how the Services are used.

3. How we collect data

  • Directly from you when you register, complete a profile, book or offer services, pay, message, or contact us.
  • Automatically when you use the Services (for example through cookies, session mechanisms, and analytics tools subject to your choices where required).
  • From partners we use to run the platform (for example authentication, cloud infrastructure, payments, and email delivery), only as needed to provide the Services.

4. Why we use your data

We process personal data to:

  • Provide, secure, and improve the Services.
  • Create and manage accounts and profiles.
  • Facilitate bookings, payments, payouts, and disputes tooling as described in the product.
  • Enable messaging, notifications, and customer support.
  • Meet legal, tax, and regulatory obligations and respond to lawful requests.
  • Measure aggregated usage and reliability when you have consented or where otherwise permitted (see our Cookie Policy).
  • Protect users and the platform against fraud, abuse, and security threats.

We rely on appropriate legal bases under applicable law (such as contract, legitimate interests balanced against your rights, legal obligation, or consent where required).

5. Sharing

We may share personal data with:

  • Other users, as needed to operate the marketplace—for example sharing relevant booking and contact details between a Client and the Creative they book.
  • Service providers who process data on our instructions (hosting, authentication, database, storage, payments, analytics when consented, email, and similar functions).
  • Authorities or third parties when required by law or to protect rights, safety, and integrity of the Services.
  • Successors in a merger, acquisition, or asset sale, subject to this Policy or equivalent notice.

Payment card data is handled by payment partners under their terms and industry rules; we do not store full card numbers on our own servers.

6. International transfers

Our providers may process data in the European Economic Area and other countries. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards (such as standard contractual clauses) when required.

7. Retention

We keep personal data only as long as needed for the purposes above, including legal, accounting, and dispute resolution requirements. Retention periods depend on the type of data and whether you still have an active relationship with the Services.

8. Security

We implement technical and organizational measures designed to protect personal data. No online service is completely secure; we encourage strong passwords and prompt reporting of suspected unauthorized access to support-terms@enflash.co.

9. Your rights

Depending on your location, you may have rights to access, rectify, delete, restrict, or object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

To exercise your rights, contact us at privacy@enflash.co. We will respond in line with applicable law.

10. Children

The Services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have, contact us and we will take steps to delete it.

11. Changes

We may update this Privacy Policy from time to time. We will post the revised Policy and update the "Last updated" date. Where required, we will provide additional notice.

12. Governing law

This Policy is governed by the laws of Spain, excluding conflict-of-law rules that would apply another jurisdiction's laws, without prejudice to mandatory consumer protections in your country.

13. Contact

Privacy questions: privacy@enflash.co

General terms and account matters: support-terms@enflash.co