Privacy Policy (GDPR)

WHO WE ARE AND OUR ROLE

Saventify is the controller for personal data we collect to operate the Services — this includes account and authentication data, billing and payment records, customer support, security logs, and product analytics.

When you, as an account holder ("host"), create an invitation or save-the-date and add information about your guests (names, email addresses, phone numbers, RSVP responses, dietary restrictions, etc.), you are the controller of that guest data. We act as a processor on your behalf and process that data only to provide the Services to you.

If you are a guest who received an invitation or save-the-date and have questions about how your personal data is being used, please contact the host who invited you in the first instance. We can help facilitate that contact when needed.

WHAT PERSONAL DATA WE PROCESS

The categories of personal data we process depend on how you interact with the Services. Broadly, they include:

• Account & authentication: email address, hashed password (when using email sign-in), OAuth profile data when you sign in with Google or Facebook (such as name and email), session identifiers, and a unique user ID.
• Invitation & save-the-date content: couple/host names, event dates and times, venue names and addresses, schedules, dress codes, menus, dedications, template and font choices, and any other content you add to your design.
• Guest list & RSVP data: guest names, optional email or phone, party size, attendance status, dietary restrictions, accommodation/transport notes, song requests, free-text messages to the couple, and any additional fields you choose to enable.
• Collaboration & sharing: emails of people you invite to collaborate on an invitation, permission levels, and one-time share tokens.
• Media uploads: photos and images you upload (which may depict identifiable people), stored in our media buckets and referenced from your designs.
• AI prompts & reference images: text prompts you submit and any reference image URLs you attach when generating or editing images with our AI features.
• Payments & billing: payment confirmations, transaction IDs, amounts, currency, product purchased, and webhook payloads from our payment processor. We do not store full card numbers — those are handled by our payment processor.
• Communications: newsletter subscriptions, transactional emails (such as collaborator invitations and payment receipts), and support correspondence.
• Analytics, monitoring & security: IP address (often truncated or used transiently for rate limiting and country detection), user agent, device and browser information, page views, product events, error reports, and — where you have given consent on the cookie banner — marketing/conversion event data.
• Save-the-date "egg" recipients: if a recipient redeems a special offer attached to a card, we may collect their email, optional phone, IP address, and user agent for fraud-prevention and analytics purposes.

We do not intentionally collect special categories of data (health, religion, ethnicity, etc.). Some of this information may nevertheless appear in invitation content (for example a religious ceremony note or a dietary restriction). If you choose to include such information, you are responsible for having a lawful basis to do so, and you instruct us to process it only to deliver the Services.

WHY WE PROCESS IT (LEGAL BASES)

Under the GDPR we need a legal basis for each processing activity. The bases we rely on are:

• Performance of a contract (Art. 6(1)(b)) — to create and maintain your account, store and render your invitation and save-the-date designs, manage guest lists, deliver RSVP functionality, process payments, and provide customer support directly related to the Services.
• Legal obligation (Art. 6(1)(c)) — to keep accounting and tax records, respond to lawful requests from public authorities, and maintain certain audit trails (for example payment-event logs).
• Consent (Art. 6(1)(a)) — for non-essential cookies, advertising and conversion pixels, and the newsletter. Where consent is required and you are visiting from the EU/UK/EEA/Switzerland, you can give or withdraw it at any time via the cookie banner ("Manage cookies" in the footer) or by emailing us.
• Legitimate interests (Art. 6(1)(f)) — to keep the Services secure (rate limiting, abuse and fraud detection), to debug and improve the Services with limited product analytics and error monitoring, to send transactional service emails, to communicate with you about your account, and to defend our legal rights. We balance these interests against your rights and you can object at any time.
• Processor on your instructions (Art. 28) — for guest, RSVP, and "egg" recipient data that hosts enter on the platform.

GUESTS, RSVP, AND HOST RESPONSIBILITY

If you are a host, you decide who you invite, what data you collect from them, and which RSVP fields you enable. You are responsible for ensuring that you have a lawful basis (typically your guests' consent or your own legitimate interest) to add their personal data to the Services and to send them an invitation.

We provide tools to help you keep this lightweight: you can edit, export, or delete guest entries from your invitation dashboard, and removing an invitation deletes its associated guest list.

If a guest contacts us directly with a data subject request, we will normally forward the request to the host who controls that data, and we will delete or correct the data on the host's instruction. If we cannot reasonably contact the host, we may act on the request ourselves where the law requires it.

PUBLIC INVITATIONS, SHARE LINKS, AND PUBLISHED CONTENT

Saventify is built around shareable links. When you publish an invitation or save-the-date, content (including names, dates, venues, photos, and any RSVP UI you enable) becomes accessible to anyone who has the corresponding link or invite code:

• Personal RSVP links contain a unique invite_code tied to a specific guest entry.
• General invite links let anyone with the link view the published invitation or save-the-date and submit an RSVP.
• Collaboration share tokens let people you have invited (by email) view or edit a draft invitation. These tokens are sent by transactional email and can be revoked from your dashboard.

Published invitations and save-the-dates are configured so that standard search engines should not index them, but they are still reachable to anyone with the link. Treat published links as semi-public and only share them with people you trust.

UPLOADED MEDIA AND AI FEATURES

When you upload images to the Services, they are stored in our media bucket and served via public URLs so that they can be displayed inside your invitation. Anyone with the URL of an uploaded or generated image may be able to access that file. Please do not upload images of identifiable people, children, or sensitive content unless you have the rights and consents required to do so.

When you use our AI image generation or editing features, your text prompt and any reference image you supply (or its URL) are sent to one or more AI providers — currently Google Gemini and Together AI — for the sole purpose of producing the requested image. The resulting image is stored in your account.

We retain a short, truncated record of AI prompts (typically under 200 characters) alongside model name and credit usage to operate the credits system, prevent abuse, and support you with billing or quality questions.

We do not use your prompts, reference images, or generated images to train our own models. Each AI provider processes data under its own terms and security commitments — you can review their policies for details on how they handle inputs and outputs.

PAYMENTS AND BILLING

We use Polar as our payment processor for one-time purchases such as invitation upgrades, AI credits, and save-the-date upgrades. When you check out, we share your user ID, email address, and the product details with Polar so the order can be processed. Polar handles your card or other payment-method data directly under its own privacy practices.

We store the resulting transaction confirmation, amount, currency, product purchased, and webhook payload in our database to grant you the entitlement you paid for, to provide receipts and customer support, and to satisfy our accounting and tax obligations. Where you opted in to advertising-related cookies, we may also send a conversion event (for example to Meta, TikTok, or Google) using a hashed identifier.

COOKIES, ANALYTICS, ADS, AND MONITORING

We use a small set of strictly necessary cookies and browser-storage entries to keep you logged in, remember your cookie preferences (which expire after 12 months), and detect the country you are visiting from so we know whether the consent banner is required.

If you visit from the EU, UK, EEA, or Switzerland, you will see a cookie banner the first time you visit. Marketing and advertising tools — currently the Meta Pixel, TikTok Pixel, and Google Ads tag, plus their corresponding server-side conversion APIs — only load and only fire after you accept. You can change your choice at any time via "Manage cookies" in the footer.

If you visit from outside the EU/UK/EEA/Switzerland, the banner is not displayed and marketing tools may load by default in line with the rules of your jurisdiction. If you would still like us to treat you as opted out, you can email us and we will record your preference.

We also rely on the following tools to operate, secure, and improve the Services. Where they are not strictly necessary for the Service, we rely on our legitimate interests; we work to minimise the data they receive and to disable session-replay or identifier-level tracking on sensitive screens:

• PostHog — product analytics (page views and a small set of feature events). On the public site we configure PostHog in a cookie-light mode and avoid identifying you to PostHog by name or email.
• Vercel Analytics — privacy- friendly aggregate page-view metrics for our hosting provider.
• Sentry — error and performance monitoring, including session replay sampled at a low rate. Replays may capture parts of the page you interacted with at the time of an error to help us debug. We are working to mask sensitive form fields by default; if you would like us to suppress replay for your account, contact us.
• Heyo — in-product help and support widget for signed-in users.

SUBPROCESSORS AND OTHER RECIPIENTS

We rely on a small number of vendors to deliver the Services. Each one is bound by a written data-processing agreement and processes personal data only on our instructions. The most significant ones are:

• Supabase — database, authentication, and media storage for accounts, invitations, save-the-dates, guest lists, RSVP responses, payment logs, and uploaded images.
• Vercel — hosting, edge/runtime, geo-IP detection, and aggregate analytics.
• Polar — payment processing and order management for paid features.
• Loops — transactional and marketing email (account events, share invitations, receipts, newsletter).
• Google (Gemini) and Together AI — AI image generation and editing.
• Sentry — error and performance monitoring.
• PostHog — product analytics.
• Meta, TikTok, and Google Ads — advertising measurement and conversion attribution, only when you accept marketing cookies.
• Heyo — in-product support widget.
• Google Maps — embedded map rendering when you add a venue with a map.

We may also use a small number of operational service providers (for example secret management, log aggregation, and source control) that may process limited technical data on our behalf. We will update the list above when we add or replace a material vendor.

INTERNATIONAL DATA TRANSFERS

Some of our subprocessors are based in, or operate infrastructure in, countries outside the European Economic Area and the United Kingdom — most notably the United States. When we transfer personal data internationally, we rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses (and the equivalent UK Addendum), the EU-US Data Privacy Framework where the vendor is certified, or your explicit consent for limited, specific uses.

HOW LONG WE KEEP DATA

We keep personal data only as long as we need it for the purposes described above. In practice that means:

• Account data, invitations, save-the-dates, guest lists, and uploaded media — kept while your account is active. You can delete individual items, an invitation (which removes its guests), or your whole account at any time. After account deletion we remove or anonymise associated data within a reasonable period, except where we have to keep something to comply with the law.
• Payment, billing, and tax records — kept for as long as required by accounting and tax law in our jurisdiction (typically several years).
• Security and abuse logs — kept for a short, rolling window appropriate to the threat (for example a few days for rate-limit data, longer for serious incidents).
• AI prompt and credit logs — kept for as long as needed to support the credits system and to investigate abuse, then deleted or anonymised.
• Product analytics and error reports — kept for the retention period configured in each tool, after which they are aggregated or deleted.
• Cookie consent preferences — stored locally on your device for up to 12 months, after which we ask you again.

YOUR RIGHTS

If the GDPR or UK GDPR applies to your personal data, you have the following rights, subject to the conditions and exceptions in the law:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your personal data ("right to be forgotten").
• Restriction — ask us to temporarily limit how we process your data.
• Portability — receive the data you provided to us in a structured, commonly used format, or have us transfer it to another provider where technically feasible.
• Objection — object to processing we carry out under our legitimate interests, including for direct marketing.
• Withdraw consent — at any time, where we rely on consent (for example marketing cookies or the newsletter). Withdrawing consent does not affect processing that already happened lawfully.
• Lodge a complaint with the data protection authority where you live, work, or where you think a violation occurred.

To exercise any of these rights, email us at contact@saventify.com. We may need to ask you for information to verify your identity before we act on a request, and we will respond within the time limits required by the law (normally one month).

Account holders can also delete their account and request data erasure directly from their account settings.

SECURITY

We use organisational and technical measures designed to protect personal data against accidental loss and unauthorised access, disclosure, alteration, and destruction. These include authentication and access control, row-level security on our database, principle-of-least-privilege for staff and service accounts, encryption in transit, audit logging, and ongoing monitoring with rate limiting and abuse detection.

No service is perfectly secure. If you believe your account or data has been compromised, please contact us immediately at contact@saventify.com.

CHILDREN

The Services are not directed to children. If you are a host, please do not add children's personal data to a guest list beyond what is reasonably needed to organise an event (for example a first name and age range for a meal count), and only with the consent of a parent or legal guardian. If you believe a child has provided us with personal data, please contact us so that we can delete it.

CHANGES TO THIS NOTICE

We may update this notice from time to time to reflect changes to our practices, our subprocessor list, or applicable law. When we make a material change we will update the "Last updated" date at the top, and where appropriate notify you in-product or by email.

CONTACT

For questions about this notice, our processing activities, or your data subject rights, contact us at contact@saventify.com.