Privacy Policy

1. Who we are

Your Wedding Page ("we", "us", "our") is a wedding website design service operated by its founder based in Spain, in the process of formal registration as an Autónomo (self-employed sole trader), subject to Spanish and European Union law. Our service is accessible at yourweddingpage.com.

For any questions about this policy or how we handle your data, contact us at: support@yourweddingpage.com

2. What data we collect and why

Account data

When you create an account, we collect your name and email address. If you sign in with Google, we receive your name and email from Google. This is necessary to provide you with access to your dashboard and to communicate with you about your order.

Project and wedding details

To build your wedding website, you provide us with personal information including the names of both partners, your wedding date, venue details, your story, event schedules, and any additional notes or preferences. This information is stored securely and used solely to design and generate your website.

Photos

You may upload photographs to be included in your wedding website. These are stored on our secure servers and used only for the purpose of building and hosting your site.

AI-generated website

Once you complete your brief, the project details you have provided (including names, story, venue, events, and any notes) are sent to an AI service (Anthropic's Claude API) to generate the HTML code for your custom wedding website. This is the core mechanism by which your site is built. Only the content you have explicitly entered is sent; raw photo files are not transmitted to the AI service.

Payment data

Payments are processed by Stripe, a third-party payment processor. We do not store your card details. We receive confirmation of payment and a transaction reference from Stripe. Stripe's own privacy policy applies to the processing of your payment information.

Technical data

We may collect basic technical information such as your IP address, browser type, and pages visited. This is used solely for security and to ensure our service functions correctly. We do not use analytics tracking tools without your explicit consent.

Guest data (collected on your behalf)

If your wedding website includes an RSVP feature, the personal data of your guests (names, email addresses, dietary requirements, attendance responses) is collected on your behalf. In this context, you are the data controller and we act as your data processor. See section 7 for more detail.

3. Legal basis for processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

• Contract performance — processing your account and wedding details is necessary to deliver the service you have paid for
• Legitimate interests — basic technical data for security and service maintenance
• Consent — any marketing communications or optional analytics require your explicit opt-in

4. How we store and protect your data

All data is stored on servers located within the European Union, in compliance with GDPR data residency requirements. Specifically:

• Account and project data is stored in Supabase (EU West region)
• Website files and uploaded photos are stored on our VPS, hosted by Hostinger on EU servers
• All connections are encrypted via HTTPS using TLS certificates

Your wedding website is deployed to its own domain (e.g. sofiaandjames.com), registered and hosted on our behalf via Hostinger. The published wedding site is publicly accessible to anyone with the link. You are responsible for deciding who to share your wedding URL with and what information to include on it. Your personal account data and project details on our platform remain private.

Access to your data is restricted to you (via your authenticated account) and to the service operator for the purpose of building and maintaining your website. We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Third-party services

We use the following third-party services to operate our platform. Each is GDPR-compliant and processes data within or adequately protected jurisdictions:

• Supabase — authentication and database (EU region)
• Hostinger — server hosting and domain registration (EU servers)
• Stripe — payment processing (GDPR-compliant, standard contractual clauses apply)
• Google OAuth — optional sign-in method (you may use email/password instead)
• Google Fonts — typography loaded from Google's CDN on page load
• Anthropic (Claude API) — artificial intelligence service used to generate the HTML code of your wedding website from the details you provide. Your wedding information (names, story, venue, dates, preferences) is sent to Anthropic's API for this purpose. Anthropic acts as a sub-processor. Data is processed under Anthropic's Data Processing Agreement and is not used to train AI models when accessed via the API. See anthropic.com/privacy.

We do not use Facebook Pixel, Google Analytics, or any advertising trackers.

6. How long we keep your data

• Active account data — retained for as long as your account exists
• Project details and photos — retained for the duration of your wedding website's hosting period
• Payment records — retained for 7 years as required by Spanish tax law
• Deleted accounts — data is permanently deleted within 30 days of account deletion, except where retention is required by law

7. Guest data and your responsibilities as data controller

We recommend including a brief notice on your wedding website informing guests that their RSVP data is collected for the purpose of wedding planning and will be shared with you (the couple) and not used for any other purpose.

A Data Processing Agreement (DPA) is available on request. Please contact us at support@yourweddingpage.com if you require one.

8. Your rights under GDPR

As a resident of the European Union or European Economic Area, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restriction — request that we limit how we process your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@yourweddingpage.com. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos — aepd.es) or the data protection authority in your country of residence.

9. Cookies

We use only technically necessary cookies — specifically, the authentication session cookie used to keep you logged in to your dashboard. We do not use advertising cookies, tracking cookies, or analytics cookies.

By using our service, you consent to the use of this strictly necessary cookie. No cookie consent banner is required for technically necessary cookies under GDPR.

10. Children's privacy

Our service is intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions, requests, or concerns:

• Email: