A wedding is a private event, but the second you gather photos from 80 guests into a shared service, you're handling personal data. Does GDPR — or in the US, CCPA — actually apply to a wedding? The honest answer: usually no, occasionally yes, and it pays to know the difference. This wedding photo privacy guide walks through the GDPR wedding photos question, the household exemption, and the handful of habits you should keep either way.

The household exemption most weddings fall under

GDPR article 2(2)(c) explicitly carves out processing carried out “by a natural person in the course of a purely personal or household activity.” A family address book or a private photo album among friends sits inside that exemption. A traditional wedding shared with family and friends usually does too. CCPA in the US similarly focuses on businesses, not private individuals organising a personal event, so a couple running their own wedding gallery is rarely in scope.

What pushes you out of the exemption

  • Public distribution. Open websites, a public Instagram hashtag feed, or anything indexable pushes you outside the personal bubble.
  • Semi-professional context. A corporate offsite, a charity fundraiser, a structured community event — GDPR applies in full and you should document it.
  • Identifiable minors.Even in a private setting, you need parental consent before sharing photos of other people's children beyond the immediate circle.

Five habits worth adopting, exemption or not

1. Tell guests what you're doing

When you share the event code, add one sentence: “Photos you upload will be stored on labo.gallery, visible to the couple and other guests, and deleted six months after the wedding.” A line on the save-the-date, the order of service, or the wedding WhatsApp group covers it.

2. Put a clock on retention

“Forever, just in case” is not a retention policy. Photobooth offers three windows depending on the plan — 30 days, 6 months, or unlimited — so pick the one that matches what you'll actually use.

3. Don't let the gallery go public

A private event code plus guest nickname and PIN is what keeps the album inside the guest list. Never post the event code on a public social feed. See how to keep event photos private and secure.

4. Honour deletion requests

A guest may decide later that they'd rather not have their photos online. Any serious service has to offer fast, effective deletion. On Photobooth, guests can delete their own uploads from their personal roll, and the admin can remove a guest, a single photo, or the whole event.

5. Treat photos of minors with extra care

When kids are around, flag it to parents up front, and think twice before reposting children of friends beyond the immediate family — whether in a printed wedding book sent out to relatives, a blog post, or a public social share.

Where your photos actually live

Photobooth uses Vercel Blob for photo storage (EU region primary, with Standard Contractual Clauses covering any third-country edges) and Neon Postgres on AWS eu-central for metadata. File URLs are not guessable and only flow through authenticated endpoints.

A word on photographer-supplied photos

If your professional photographer delivers their edits through Photobooth, that's a contractual hand-off between them and you. Photos remain their intellectual property unless the contract says otherwise. GDPR isn't the primary lens here — your shoot contract is.

A minimum-viable compliance checklist

  • Tell guests you're collecting photos (one sentence is enough).
  • Set and publish a retention window.
  • Never expose the gallery without authentication.
  • Let guests pull their photos any time.
  • Actually delete on the date you announced.

If anything serious comes up, loop in the relevant data-protection authority in your country — but for the vast majority of weddings, the five habits above cover both the legal ask and the common-courtesy one. If you want to know what to pick, see private wedding gallery vs iCloud and Google Photos or jump straight to the pricing page.