Event photos are rarely just scenery. There are getting-ready shots, kids, tipsy dance-floor moments, and the one friend who never wants to be on social media. If you want to keep event photos private, you can't rely on a single password — you need a handful of habits that reduce leak risk at every stage. Here's how we think about it at Photobooth.

The four leaks that actually happen

Sharing the link with someone who wasn't invited

A guest forwards the gallery link or event code to a close friend who wasn't on the list. Two hops later, a total stranger is scrolling your wedding photos.

The accidental social-media reveal

The aunt posts a cute Instagram Story with the printed QR code visible on the table in the background. Her followers scan it, and suddenly you have extra visitors.

Personal cloud auto-sync

A guest has “share photos with family” turned on in Google Photos. Their uploads quietly propagate to their in-laws' account, pulling your wedding photos along for the ride.

The host service itself

Your host shuts down, pushes a hostile terms-of-service change, or suffers a breach. Files either go public or go dark overnight.

Seven habits that cut the risk

1. Use an event code that isn't guessable

Avoid “WEDDING” or “PARTY” on their own. A combination of names and year — “LEAANDPAUL2026” — is orders of magnitude harder to hit by accident. Photobooth enforces mixed letters and digits.

2. Share the code through private channels only

Send the code by direct message, a closed WhatsApp group, or on the printed invitation. Never post it on a public Facebook wall, a forum, or an open newsletter. Rule of thumb: if you wouldn't want a stranger to see it, don't put it somewhere a stranger can read.

3. Spell out the norm

One sentence in the invite: “Please don't share this code outside the guest list.” Not legally binding, but social norms move behaviour more than people expect.

4. Make moderation a two-click job

If someone wants a photo taken down, it should vanish immediately. Guests can delete their own photos from their roll, and the admin can remove a specific photo, an entire guest, or revoke the event code in one go.

5. Rotate the code if it leaks

If you suspect the code has escaped, change it. Yes, every guest will need to re-enter the new one — that's the cost of a clean reset, and it's the right call.

6. Pick a retention window and keep to it

The longer photos sit online, the bigger the cumulative risk. Pick a duration, tell guests, and delete on that date. See the wedding photo privacy guide.

7. Keep your own copy

Once collection is complete, pull a full ZIP of every event photo and take the public gallery down. Your memories live on your own Google Drive or external disk, with no public gateway attached.

Special case: photos of children

Photos of kids deserve an extra layer of care. Three practical rules:

  • Never tag them by full name in a public caption or comment.
  • Blur faces when a photo is re-shared outside the immediate family — a wedding book sent to distant relatives, a personal blog, a holiday card.
  • Get explicit parental consent for any public re-share, even on a personal site.

What Photobooth does on the technical side

  • Unguessable file URLs — a 36-character random identifier per file.
  • Admin password hashed with bcrypt, never stored in clear text.
  • Guest PIN hashed with bcrypt, never stored in clear text.
  • Rate limiting on login attempts to stop brute-force guesses.
  • Cookies set httpOnly, sameSite=lax, and secure in production.
  • TLS 1.2+ on every transfer.

What no technology can fix

No system can stop a guest from screenshotting a photo and re-sharing it. That's a hard limit on any photo platform. The answer is social: communicate the expectation, repeat it, and actually delete on the date you announced.

Further reading: private wedding gallery vs iCloud and Google Photos. Ready to run an event? See the pricing page.