Privacy Policy

Eternal WeddingBells operates the website at eternalweddingbells.com and the wedding invitation platform accessible through it (the “Service”). This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights regarding that information.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

We collect information in the following ways:

Information you provide directly

• Account information - your name and email address when you register.
• Profile details - optional phone number and display name you add in Settings.
• Wedding content - couple names, wedding date, venue, photos, event descriptions, and any other content you add to your invitation.
• Guest list - names, email addresses, and phone numbers of guests you upload or add manually.
• Payment information - when you publish an invitation, your payment is processed by Stripe. We do not store your card number. we only retain a Stripe payment reference and the status of the transaction.

Information collected automatically

• Usage data - pages visited, features used, and actions taken within the dashboard.
• Device & log data - IP address, browser type, operating system, referring URL, and timestamps when you access the Service.
• Cookies & local storage - session cookies to keep you signed in, and browser local storage for preferences such as notification settings.

Information provided by your guests

• RSVP data - when a guest submits an RSVP, we collect their name, email, phone (optional), attendance status, guest count, meal preference, and any personal message they choose to leave. This data is stored on your account and visible in your dashboard.

We use the information we collect to:

• Create and maintain your account and deliver the Service.
• Host your wedding invitation and make it accessible to your guests.
• Send you RSVP notification emails when a guest replies.
• Process your one-time payment securely via Stripe.
• Respond to your support requests or enquiries.
• Detect and prevent fraud, spam, or abuse of the platform.
• Improve the Service based on aggregate, anonymised usage patterns.
• Comply with legal obligations where required.

We do not sell your personal data to third parties, use it for advertising purposes, or share it with partners for their own marketing.

We share your information only in the limited circumstances described below:

Service providers

We work with a small number of trusted third-party providers who process data on our behalf:

• Supabase - database hosting and authentication. Your account and wedding data are stored on Supabase's infrastructure.
• Stripe - payment processing. Stripe handles your card details directly and is PCI-DSS compliant.
• Vercel - application hosting and edge delivery.
• Resend / email provider - transactional email delivery for RSVP notifications.

Each provider is contractually bound to use your data only for the services they perform on our behalf and in accordance with applicable privacy law.

Legal requirements

We may disclose your information if required to do so by law or in response to a valid request from a government authority (e.g. a court order or subpoena).

Business transfers

If Eternal WeddingBells is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a notice on the Service before your data is transferred and becomes subject to a different privacy policy.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Your account and wedding content is retained for the duration of your account.
• Published invitations are hosted for 12 months from the date of publication. After that period, the public invitation URL expires and the content is archived in your dashboard.
• RSVP data remains accessible in your dashboard indefinitely unless you choose to delete it.
• Payment records are retained for 7 years to comply with financial regulations.

When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

We use the following types of cookies:

• Essential cookies - required for authentication and to keep you signed in. These cannot be disabled without breaking the Service.
• Preference cookies - stored in browser local storage to remember settings such as your dashboard layout preferences. No third party tracking cookies are used.

We do not use advertising, analytics, or third party tracking cookies. You can clear cookies at any time through your browser settings.

We take reasonable technical and organisational measures to protect your personal information, including:

• All data is transmitted over HTTPS / TLS.
• Passwords are never stored authentication is handled by Supabase Auth, which stores only a secure hash.
• Payment card data is handled entirely by Stripe and never passes through our servers.
• Database access is restricted to authenticated service roles with the minimum permissions required.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal data:

• Access - request a copy of the personal data we hold about you.
• Correction - ask us to correct inaccurate or incomplete data.
• Deletion - request that we delete your personal data. You can also delete your account directly from Settings.
• Portability - request your RSVP and guest data in a structured, machine-readable format (CSV export is available in your dashboard).
• Objection / restriction - object to or ask us to limit certain types of processing.
• Withdrawal of consent - where processing is based on consent, you may withdraw it at any time.

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Eternal WeddingBells operates globally. Your information may be stored and processed in countries outside your own, including the United States and the European Economic Area. We ensure that any such transfers comply with applicable data protection laws, including through Standard Contractual Clauses where required.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, for material changes, notify you by email or via a notice in the dashboard. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.