Privacy Policy

We collect information you provide directly to us, such as:

• Account registration information (name, email, password)

• Wedding details and event information (bride & groom names, wedding date, venue details)

• Photos and other content you upload

• Guest lists and contact information (names, emails, phone numbers, dietary restrictions)

• Payment information (processed securely through Whish Pay)

• Device and browser information for security and fraud prevention

• IP addresses for security monitoring

• Session tokens and authentication cookies

• Authentication data (if you sign in with email/password)

• Google OAuth data (if you use 'Sign in with Google' - email, name, profile picture)

• reCAPTCHA data for bot protection on signup and sensitive forms

• Photo metadata (EXIF data is stripped for privacy before storage)

We use cookies and similar technologies to enhance your experience. You can manage your cookie preferences through the Cookie Settings in our footer.

Essential Cookies (Always Active):

• Authentication tokens - Session management

• Session management - User login state and security

Functional Cookies (Always Active):

• Theme preference - Light/dark mode selection

• Language selection - Your preferred language

• UI state persistence - Collapsed sections, tab states, scroll positions

Analytics Cookies (Optional - Requires Your Consent):

• Usage patterns and feature adoption analysis

• Performance monitoring and error tracking

• Aggregated statistics for service improvement

We use trusted third-party services to provide our platform:

AWS - Infrastructure Provider:

• User authentication and management

• Photo storage and static asset delivery

• Wedding data and guest information storage

• Content delivery network for fast global access

• Email notifications (verification, password reset, RSVP alerts)

Google Services:

• Google OAuth 2.0 - Optional 'Sign in with Google' feature

• reCAPTCHA - Bot protection on signup and sensitive forms

• Data shared with Google: Email, name, profile picture (only with your consent)

• Account linking: Automatic linking if email matches existing verified account

Whish Pay - Payment Processing:

• Premium account upgrades ($49.99 one-time payment)

• Payment card information is processed securely by Whish Pay (we never store card details)

We use the information we collect to:

• Provide and maintain our wedding invitation service

• Authenticate your account and manage your session

• Process Premium account upgrades through Whish Pay

• Send transactional emails (verification, password reset, RSVP notifications)

• Store and deliver your wedding photos via our CDN

• Enable RSVP tracking and guest management features

• Respond to your support requests and questions

• Improve our service, develop new features, and fix bugs

• Prevent fraud, abuse, and security threats

• Comply with legal obligations

Your data security is our top priority. We implement industry-standard security measures:

Data Location:

• Primary Region: European Union (Frankfurt, Germany)

• CDN: Edge locations worldwide for fast content delivery

• Compliance: GDPR-compliant infrastructure

Security Measures:

• Encryption in transit: TLS 1.3 for all connections

• Encryption at rest: AES-256 encryption for all stored data

• Photo storage: Secure cloud storage with private access controls

• Database: Managed database with automated daily backups

• Authentication: Secure authentication with password hashing

• Access control: Role-based permissions and principle of least privilege

Please note: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We do not sell, trade, or rent your personal information to third parties. We only share your information in these limited circumstances:

• With your explicit consent

• With service providers who assist us in operating our service (cloud infrastructure, Google, Whish Pay)

• When required by law, legal process, or to protect our rights

• In connection with a business transfer, merger, or acquisition (you will be notified)

• With wedding guests you invite (only the information you choose to share on your invitation)

Under GDPR and data protection laws, you have the following rights:

• Right to Access: Download all your data via Settings > Account > Export Data

• Right to Rectification: Edit your information anytime in Settings

• Right to Erasure ('Right to be Forgotten'): Delete your account and all associated data (Settings > Account > Delete Account)

• Right to Data Portability: Export your data in machine-readable JSON format

• Right to Restriction: Opt-out of email notifications and analytics cookies

• Right to Object: Contact us to object to specific processing activities

• Right to Withdraw Consent: Revoke consent for optional features (Google Sign-In, analytics cookies)

To exercise these rights, visit your account Settings or contact us at privacy@yallamabrook.com

We retain your data only as long as necessary to provide our service:

• Active Accounts: Data is retained while your account is active

• Deleted Accounts: All data is permanently deleted within 30 days of account deletion

• Database Backups: Removed from automated backups within 90 days

• Legal Holds: Data may be retained longer if legally required (e.g., financial records)

• Anonymous Analytics: Aggregated, anonymized data may be retained indefinitely for service improvement

You can delete your account at any time via Settings > Account > Delete Account. Before deletion, you can export all your data.

Your data is primarily stored in the European Union, but may be transferred internationally:

• Primary Region: EU (Frankfurt, Germany)

• CDN Distribution: Edge locations worldwide for fast loading

• Cloud Infrastructure: GDPR-compliant with Standard Contractual Clauses (SCCs)

• Google Services: Subject to Google's privacy policies and data processing terms

• Safeguards: We ensure adequate protection through contractual obligations and technical measures

If you are located in the EU/EEA, your data is protected under GDPR when transferred to third countries.

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@yallamabrook.com and we will delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new 'Last updated' date

• Sending an email notification to your registered email address (for significant changes)

• Displaying a notice on our website or dashboard

Your continued use of our service after changes become effective constitutes acceptance of the updated Privacy Policy.