Privacy Policy
Last updated: March 2026
1. What we collect
When you create an account we collect your name, email address, and any profile information you provide. When you create events we store event details, guest lists, and RSVP responses. Contact information you add (names, emails, phone numbers, notes) is encrypted at rest using AES-256-GCM before being written to our database.
2. How we use your data
We use your information solely to operate the platform: sending invitations and reminders, tracking RSVPs, and providing event management features. We do not sell your data to third parties or use it for advertising.
3. Data storage and security
Contact PII (names, emails, phone numbers, notes) is encrypted at rest with field-level AES-256-GCM encryption using HKDF-derived subkeys. Email deduplication uses HMAC-SHA256 hashes so we never store plain-text emails in search indexes. Authentication is handled by Clerk; we never store passwords.
4. Third-party services
We use the following third-party services to operate the platform:
- Clerk — authentication and user management
- Postmark — transactional email delivery
- Bandwidth — SMS delivery
- Backblaze B2 — event image storage
- Neon (PostgreSQL) — database hosting
- Railway — application hosting
5. Your rights
You can export all your data or permanently delete your account at any time from your Profile settings. Account deletion removes all personal data, events, and contacts from our systems.
6. Cookies
We use only essential session cookies required for authentication. We do not use tracking or advertising cookies.
7. Contact
Questions about this policy? Reach us at [email protected]