Privacy Policy

Last updated: 2026-04-18

[LAWYER REVIEW] Placeholder language for MVP. Illinois Biometric Information Privacy Act and GDPR-equivalent provisions should be reviewed by counsel.

1. What we collect

• Account: email, name, phone (optional), role (couple / vendor).
• Booking: event date, event type, guest count, budget, special requests, contact details you share with a vendor once the deposit is paid.
• Vendor profile: business name, portfolio images, pricing, service area, social handles.
• Payment: processed by Stripe. We do not store card numbers or bank accounts.

2. Who we share with

• Stripe — payment processing and identity verification for vendor payouts.
• Supabase — database and authentication hosting.
• Resend — transactional email delivery.
• OpenAI — generating vendor search embeddings only; no personal info sent.
• Vercel — application hosting.

We do not sell data. We do not share data with advertisers. We disclose information only as needed to operate the service and where legally required.

3. Retention

Booking details (phone, email of the other party) are purged 18 months after the event date. Vendor profiles remain until the vendor deletes the account. Transaction records are retained for 7 years per US financial regulations.

4. Your rights

You can request a copy of your data or full account deletion by emailing sardarm.khan942@gmail.com. Deletion requests complete within 30 days, excluding data we are legally required to retain (transaction history).

5. Cookies

We use strictly necessary cookies for authentication and session management. We do not use advertising, tracking, or analytics cookies at this time.

6. Security

Data is encrypted in transit (HTTPS) and at rest. Payment info never touches our servers. Access to internal systems is limited to the founding team.

7. Contact

Questions or deletion requests: sardarm.khan942@gmail.com.