Privacy Policy

VowRegistry (“we,” “our,” or “us”) operates vowregistry.com, a wedding planning platform that helps couples create beautiful wedding websites, manage RSVPs, track registries, and coordinate their special day. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

By using VowRegistry, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our service.

A. Information You Provide Directly

• Account registration: Name, email address, and password when you create an account.
• Wedding details: Partner names, wedding date, venue, theme preferences, and other event information you choose to add.
• Guest information: Names, email addresses, mailing addresses, RSVP status, and meal preferences for guests you add to your guest list.
• Registry data: Product links, prices, and gift tracking information.
• Payment information: Billing details processed securely through Stripe. We do not store your full credit card number.
• Uploaded files: Documents, photos, and PDFs you upload (e.g., seating charts, service programs).

B. Information Collected Automatically

• Usage data: Pages visited, features used, time spent, and clicks within the platform.
• Device information: Browser type, operating system, IP address, and device identifiers.
• Cookies and similar technologies: Session cookies and authentication tokens to keep you logged in and maintain your preferences.

C. Information from Google Sign-In (Google OAuth)

If you choose to sign in or register using Google, we access the following Google account data through the Google OAuth 2.0 service:

• Basic profile information: Your name and profile picture (avatar) as stored in your Google account.
• Email address: Your Google account email address, used as your VowRegistry login identifier and for account-related communications.

We request only the minimum necessary scopes: openid, email, and profile. We do not access your Google contacts, Google Drive, Gmail, Google Calendar, or any other Google services.

When you sign in with Google, we use the data obtained solely for the following purposes:

• Authentication: To verify your identity and create or access your VowRegistry account securely, without requiring you to set a separate password.
• Account identification: Your Google email address serves as your unique identifier within our platform.
• Personalization: Your name and profile picture may be displayed within your dashboard to personalize your experience.
• Account communications: We may send transactional emails (account confirmations, RSVP notifications, subscription receipts) to your Google email address.

We do not use Google user data for advertising, profiling, or to train AI/ML models. We do not sell, rent, or share Google user data with third parties for their own marketing purposes.

We do not sell your personal information. We share data only in the following limited circumstances:

Service Providers

• Supabase — Database and authentication infrastructure. Your account data and wedding information are stored on Supabase's servers.
• Stripe — Payment processing for subscription plans and invitation orders. Stripe handles all payment card data under PCI-DSS compliance.
• SendGrid (Twilio) — Transactional email delivery (invitations, RSVP confirmations, account notifications).
• Vercel — Hosting and deployment infrastructure for the VowRegistry application.
• Lob — Physical invitation printing and mailing services, used only when you choose to order printed invitations.
• Anthropic — AI-powered features such as love story generation and check scanning. Content you submit for AI processing is sent to Anthropic's API.

All service providers are contractually obligated to use your data only to provide services to us and are prohibited from using it for their own purposes.

Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If VowRegistry is acquired, merged with, or sells substantially all of its assets to another company, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

Your data is stored on Supabase's servers, which are hosted on AWS infrastructure in the United States. We implement industry-standard security measures including:

• Encryption in transit using HTTPS/TLS for all data transferred between your browser and our servers.
• Encryption at rest for all data stored in our database.
• Row-level security policies enforced at the database level, ensuring users can only access their own data.
• Authentication tokens managed securely via Supabase Auth with short expiration windows.
• Passwords (for non-OAuth users) hashed using bcrypt — we never store plain-text passwords.
• Payment data handled entirely by Stripe under PCI-DSS Level 1 compliance — we never receive or store your full card number.

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Retention

We retain your account and wedding data for as long as your account is active or as needed to provide you with our services. Inactive accounts (no login for 24 months) may be flagged for deletion with prior email notice.

Google user data (name and email obtained via OAuth) is retained only as long as you maintain a VowRegistry account. This data is deleted when you delete your account.

Deletion Request

You may request deletion of your account and all associated data at any time by:

• Emailing us at privacy@vowregistry.com with the subject line “Account Deletion Request.”

We will permanently delete your account, wedding data, guest lists, uploaded files, and all associated personal information within 30 days of receiving your request. Note that some information may be retained in anonymized, aggregated form for analytics purposes and cannot be individually identified.

Revoking VowRegistry's access to your Google account does not automatically delete your VowRegistry account — please submit a deletion request if you wish to remove your data entirely.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate information through your dashboard settings or by contacting us.
• Deletion: Request deletion of your account and personal data (see Section 5).
• Data portability: Request your data in a machine-readable format.
• Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email, or by contacting us. Transactional emails (RSVP notifications, receipts) cannot be opted out of while your account is active.
• Revoke Google access: You can revoke VowRegistry's access to your Google account at any time via your Google Account Permissions page.

To exercise any of these rights, contact us at privacy@vowregistry.com.

VowRegistry uses essential cookies and session tokens necessary for authentication and platform functionality. We do not use third-party advertising cookies or behavioral tracking cookies.

• Session cookies: Required to keep you logged in during your session.
• Authentication tokens: Stored in your browser to persist your login across sessions.

You can configure your browser to refuse cookies, but this may prevent you from using core features of VowRegistry.

VowRegistry is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at privacy@vowregistry.com and we will take steps to delete such information.

Our platform may contain links to third-party websites, including Amazon (for wedding registries) and other services. These sites have their own privacy policies, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party site you visit.

Amazon registry links on VowRegistry may include our affiliate tag (bryanchem-20). This means VowRegistry may receive a small commission if purchases are made through these links, at no additional cost to the purchaser.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For significant changes, we will notify you by email or by displaying a prominent notice on our platform. Your continued use of VowRegistry after changes are posted constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.