What this covers
This policy explains what data Vowly collects when you create a wedding workspace, when guests submit RSVPs, and when you use our dashboard. We collect only what is needed to run the product — nothing more.
Information you give us
Account email, password (stored as a salted bcrypt hash, never in plain text), your wedding details (couple names, date, city, venue, story), the guest list you build, and any photos you upload. You own this data — you can export or delete it at any time from your Danger Zone.
Information your guests give us
When a guest submits an RSVP, we store the answers, optional name/email/phone, attending status, plus-one count, and the timestamp. We hash the submitter IP (one-way SHA-256, first 32 chars) for fraud-prevention only — we cannot reverse it.
Cookies
We use a single auth token in localStorage to keep you signed in. We do not use third-party analytics or advertising cookies on logged-in dashboards. The public invitation pages set zero tracking cookies by default.
Third parties
Payments: Stripe (PCI-compliant; we never see card numbers). Transactional email: Resend. Optional AI copywriting: OpenAI (the prompt we send contains only your public wedding details). Uploaded images are stored on our servers or in a CDN we control — never shared with marketers.
How long we keep your data
For two years after your wedding date, your page stays live and your data remains exportable. After that, we archive guest emails and phone numbers and delete the wedding workspace unless you ask us to keep it.
Your rights
Access, correction, deletion, portability — all available from the Danger Zone inside your dashboard, or by emailing [email protected]. We respond within 30 days.
Contact
Questions about privacy? Write to [email protected]. We read every email.