Your data is yours. Period.

• Account info: Your email address and a hashed password (we never store your password in plain text).
• Wedding content: Event details, venue info, FAQs, travel info, and other content you add to your site.
• Encrypted guest data: RSVP responses and guest details are encrypted in your browser before reaching our servers. We cannot read this data.
• Photos: Uploaded images are stored in a private bucket with time-limited access URLs. Only you and your guests can view them.
• Payment info: Handled entirely by Stripe. We never see or store card numbers.

• No tracking pixels. No Google Analytics, no Facebook Pixel, no Nexxen, no ad tech of any kind.
• No data sales. We never sell, share, or trade your data or your guests' data with advertisers or data brokers.
• No marketing to your guests. We don't email your guest list. Ever.
• No behavioral profiling. We don't build profiles of you or your guests for advertising purposes.
• No vendor marketplace. We don't monetize vendor referrals or show sponsored content.

We use three external services, all chosen for their privacy and security practices:

• Stripe — Payment processing. PCI-DSS Level 1 compliant. We never touch your card details.
• Resend — Transactional email only (account confirmation, RSVP notifications). No marketing, no guest list access.
• Cloudflare R2 — Private file storage. Photos are stored in a private bucket accessible only via authenticated, time-limited URLs.

None of these services receive plaintext guest PII. That's the entire list — no hidden partners, no ad networks.

Guest RSVP data is encrypted in your browser using public-key cryptography (crypto_box_seal via libsodium). Only you and your authorized collaborators hold the decryption keys. Key derivation uses Argon2id, the same family of algorithms used by Signal and ProtonMail.

This is a zero-knowledge architecture: our servers never see plaintext guest data. Even if our database were compromised, attackers would find only encrypted blobs with no way to decrypt them.

• Export your data: Download your full guest list and RSVP responses as CSV at any time from your dashboard.
• Delete your account: When you leave, your data leaves with you. Account deletion removes all associated wedding data, encrypted guest records, and uploaded files.
• No lock-in: Your wedding content and guest data belong to you. We don't hold it hostage.