What this covers
This policy explains what data Vowly collects when you create a wedding workspace, when guests submit RSVPs, and when you use our dashboard. We collect only what is needed to run the product — nothing more.
Information you give us
Account email, password (stored as a salted bcrypt hash, never in plain text), your wedding details (couple names, date, city, venue, story), the guest list you build, and any photos you upload. You own this data — you can export or delete it at any time from your Danger Zone.
Information your guests give us
When a guest submits an RSVP, we store the answers, optional name/email/phone, attending status, plus-one count, and the timestamp. We hash the submitter IP (one-way SHA-256, first 32 chars) for fraud-prevention only — we cannot reverse it.
Cookies
We use a single auth token in localStorage to keep you signed in. We do not use third-party analytics or advertising cookies on logged-in dashboards. The public invitation pages set zero tracking cookies by default.
How we measure activation (and what we deliberately do not store)
To understand whether couples are getting value from Vowly, we record a tiny set of milestone events on our own servers: a signup, a wedding created, a theme picked, the first and tenth guest added, a share-link tap, the first RSVP, an upgrade started, and an upgrade completed. Each row holds only the event name, your user id, the wedding id, a timestamp, and an optional short note (e.g. which plan was chosen). We do NOT use any third-party analytics SDK (no Google Analytics, no Meta Pixel, no PostHog), we do NOT store IP addresses or device fingerprints in this log, and the data is queryable only by Vowly admins to size traffic and improve onboarding. You can request deletion of these rows along with the rest of your account.
Concierge Setup data
If you book Concierge Setup, the intake form you submit (vibe keywords, your love story, optional notes and photos) is stored against your wedding. Each section we draft is generated by sending those details — plus your wedding facts — to OpenAI. We retain the draft and admin edits so you can revisit them; deleting your wedding deletes them too.
Third parties
Payments: Stripe (PCI-compliant; we never see card numbers). Transactional email: Resend. Optional AI copywriting: OpenAI (the prompt we send contains only your public wedding details). Uploaded images are stored on our servers or in a CDN we control — never shared with marketers.
How long we keep your data
For two years after your wedding date, your page stays live and your data remains exportable. After that, we archive guest emails and phone numbers and delete the wedding workspace unless you ask us to keep it.
Your rights
Access, correction, deletion, portability — all available from the Danger Zone inside your dashboard, or by emailing [email protected]. We respond within 30 days.
Contact
Questions about privacy? Write to [email protected]. We read every email.