MY WEDDING INVITEPrivacy Policy
Effective date: 14 June 2026 · Last updated: 22 June 2026
This Privacy Policy explains how MrT Stephens ("we", "us", "our") collects, uses, and protects personal data when you use My Wedding Invite (the "Service"). It is written with United Kingdom data protection law in mind, namely the UK GDPR and the Data Protection Act 2018.
For the personal data of your account (such as your own name and email), we are the data controller. For the personal data of your guests that you upload, you are the controller and we act as your processor — see Your Guests' Data below.
Who We Are
The Service is operated from the United Kingdom by MrT Stephens. For any privacy question, or to exercise your rights, contact us at mrtstephens123@gmail.com.
Data We Collect
We collect the following categories of personal data:
- Account data — your name, email address, profile image, and account identifiers.
- Authentication data — credentials and security information used to sign you in, including passkeys and active session details.
- Content you create — invitation pages, images, schedules, notes, seating layouts, and other material you upload.
- Guest data — guest names, email addresses, phone numbers, arrival times, RSVP responses, meal selections, and messages. This is usually added by the account holder, but where a host enables self-registration, a guest may also provide their own details when they RSVP.
- Usage and technical data — pages viewed, and details of invite and share-link views including IP address, approximate location (such as country) derived from it, device and browser type, and similar diagnostic information. Some of this is recorded when guests or visitors open a shared invitation page.
- Billing data — where you purchase a paid plan, limited transaction and subscription details (payments are handled by our payment provider, Stripe; we do not store full card numbers).
How We Use Personal Data
We use personal data for the purposes below, each with a lawful basis under the UK GDPR:
| Purpose | Lawful basis |
|---|---|
| Provide, operate, and maintain the Service | Performance of a contract |
| Send transactional messages (invitations, RSVPs, confirmations) | Performance of a contract |
| Secure the Service and prevent fraud or abuse | Legitimate interests |
| Understand usage and improve the Service | Legitimate interests |
| Provide customer support | Performance of a contract / legitimate interests |
| Comply with legal and accounting obligations | Legal obligation |
| Optional marketing communications | Consent |
Where we rely on legitimate interests, we have considered your rights and interests and only proceed where they are not overridden. You can object to processing based on legitimate interests at any time (see Your Rights).
Your Guests' Data
When you upload information about your guests, you decide why and how that data is used, so you are the data controller and we are your data processor. We process guest data only to provide the Service to you — for example, to send invitations you trigger, record RSVPs, and produce your exports. We do not use guest data for our own marketing.
If you enable self-registration, guests can add their own details (such as their name, contact, and arrival time) when they RSVP. If you invite other registered users to collaborate on an invite, they can view and manage the guest data associated with it. In both cases you remain the controller of that data and are responsible for handling it lawfully.
You are responsible for having a lawful basis to collect your guests' data and for giving them any privacy information they are entitled to.
Cookies and Tracking
We use cookies and similar technologies for the following purposes:
- Essential — required for core functionality such as sign-in sessions and security. These are always on.
- Analytics — privacy-friendly, aggregated usage measurement to help us improve the Service.
We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings, though disabling essential cookies may stop parts of the Service from working.
Sharing and Sub-processors
We do not sell personal data. We share it only with trusted service providers who process it on our behalf, under contract and only as needed to run the Service:
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Application hosting and content delivery | USA / global |
| Neon | Managed database hosting | EU / USA |
| Vercel Blob | Image and file storage | USA / global |
| Resend | Transactional email delivery | USA / global |
| Stripe | Payment processing and subscription billing | USA / global |
| Vercel Analytics | Aggregated, privacy-friendly usage analytics | USA / global |
We may also disclose personal data where required by law, to protect our rights, or in connection with a business transfer (such as a merger or acquisition), in which case we will let you know.
International Transfers
Some of our providers are based outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards recognised under UK law, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to countries with UK adequacy status.
Data Retention
We keep personal data only as long as necessary for the purposes it was collected, then delete or anonymise it. Typical retention periods are:
| Data | Retention |
|---|---|
| Account data | While your account is active, then up to 12 months after closure |
| Guest list and event data | While your account is active, or until you delete it |
| Billing and tax records | Up to 7 years, as required by law |
| Backups | Routine backups cycle out within a limited period after deletion |
Security
We use technical and organisational measures to protect personal data, including encryption in transit, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to respond quickly if something goes wrong.
Data Breaches
In the event of a personal data breach, we will assess the risk to affected individuals, notify the Information Commissioner's Office (ICO) where required within the legal timeframe, and inform affected individuals where the breach is likely to result in a high risk to their rights and freedoms.
Your Rights
Under UK data protection law you have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate data;
- request erasure in certain circumstances;
- restrict or object to certain processing;
- request data portability; and
- withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, contact us at mrtstephens123@gmail.com. We will respond within one month. You also have the right to complain to the ICO at ico.org.uk, though we'd appreciate the chance to resolve your concern first.
Children's Privacy
The Service is not directed at children under 13, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.
Automated Decision-Making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. We encourage you to review this page periodically.
Contact
For any privacy question, or to exercise your rights, contact us at mrtstephens123@gmail.com.