Attempting to reconnect
Hang in there while we get back on track
GDPR & Privacy Policy
Last updated: December 5, 2025
1. Introduction
Wedding ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is a sole trader (OSVČ) established in the Czech Republic:
Controller: Jan Jakůbek
Business ID (IČO): 17413648
Registered address: U cihelny 285/41, 779 00 Olomouc
Contact [email protected]
If you have any questions about this Privacy Policy or our data practices, please contact us:
3. Personal Data We Collect
We collect and process the following types of personal data:
- Account Information: Email address, password (encrypted), and account preferences
- Wedding Information: Partner names, wedding date, location, and budget details
- Guest Information: Names, email addresses, attendance status, dietary requirements
- Checklist Data: Custom checklists, tasks, and associated budget information
- Usage Data: Log data, IP addresses, browser type, pages visited
- Communication Data: Messages sent through our platform, RSVP responses
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: When you create an account and use our services
- Contract: To provide you with the wedding planning services you requested
- Legitimate Interests: To improve our services, ensure security, and prevent fraud
- Legal Obligation: To comply with legal requirements and regulations
5. How We Use Your Data
We use your personal data for the following purposes:
- Providing and managing your wedding planning account
- Enabling guest list management and RSVP functionality
- Sending invitation emails to your guests
- Tracking your wedding budget and checklists
- Communicating with you about your account and services
- Improving our services and user experience
- Ensuring security and preventing unauthorized access
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your data only in the following limited circumstances:
- Service Providers (subprocessors): The named third parties listed below, engaged only as necessary to run the service
- Wedding Guests: Information you choose to share with your guest list
- Legal Requirements: When required by law, court order, or government regulation
Subprocessors
We engage the following subprocessors to operate the service. Each processes personal data only on our documented instructions under a data processing agreement (GDPR Art 28):
| Subprocessor | Purpose | Data | Location / transfer safeguard |
|---|---|---|---|
| Stripe Payments Europe | Payment and subscription processing | Email, billing details, customer ID | EU entity; any US backstop covered by SCCs |
| Resend | Transactional and update email delivery | Recipient email address, message content | United States — Standard Contractual Clauses (SCCs) |
| Fly.io / Tigris | Application hosting and object storage | All stored data (database, photos) | United States — Standard Contractual Clauses (SCCs) |
| AppSignal | Application performance monitoring | Request metadata (may contain limited PII) | EU-hosted (Netherlands) |
| Plausible Analytics | Privacy-friendly web analytics | Page path, anonymized IP address | EU-hosted, cookieless |
| Apple | Sign in with Apple authentication | OAuth identifiers | United States — Standard Contractual Clauses (SCCs) |
| Google OAuth authentication | OAuth identifiers | United States — Standard Contractual Clauses (SCCs) | |
| Slack | Internal notifications of new registrations | Email address of newly registered users | United States — Standard Contractual Clauses (SCCs) |
Some of these subprocessors are located in the United States. Where personal data is transferred outside the European Economic Area (EEA), we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework as the safeguard for that transfer.
7. Third-Party Integrations
Our service integrates with third-party platforms to enhance functionality. Below are the integrations we use and the data involved:
Spotify Integration
We use Spotify's Web API to enable song search functionality for wedding playlists. This integration:
- Uses server-to-server authentication (Client Credentials Flow) - we do not access your personal Spotify account
- Stores only song metadata: track identifiers, song titles, artist names, album artwork URLs, and preview URLs
- Does not store or stream actual audio content
- Does not collect any personal data from Spotify users
- Periodically refreshes stored metadata to ensure accuracy
Spotify is a registered trademark of Spotify AB. Our use of Spotify's API is governed by the Spotify Developer Terms of Service. For more information about how Spotify handles data, please refer to Spotify's Privacy Policy.
8. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you services. You may delete your account at any time, after which we will delete your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.
9. Your Rights Under GDPR
Under GDPR, you have the following rights regarding your personal data:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise any of these rights, please contact us at [email protected].
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption, secure servers, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure.
11. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). Specifically, some of our subprocessors are located in the United States — namely Resend, Fly.io / Tigris, Apple, Google and Slack (and Stripe as a US backstop). We ensure that such transfers are protected by appropriate safeguards, namely the Standard Contractual Clauses approved by the European Commission and, where applicable, the EU–US Data Privacy Framework.
12. Cookies and Tracking
We use essential cookies to maintain your session and ensure proper functionality of our service. We do not use third-party tracking or advertising cookies. You can control cookie settings through your browser.
13. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Controller: Jan Jakůbek
Email: [email protected]