TEST-UMGEBUNG – Dies ist nicht die Produktionsseite. Daten können jederzeit zurückgesetzt werden.
Skip to main content
W
Weddy
Log in🇩🇪Start

Privacy Policy

1. Introduction

This privacy policy informs you about the processing of personal data when using Weddy (weddysuite.com). We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

2. Controller

Controller within the meaning of the GDPR is:

Stargate Innovationhub

Florian Aboutara

Albert-Schweitzer-Allee 9

65203 Wiesbaden

Deutschland

E-Mail: info@weddysuite.com

3. Collection and Storage of Personal Data

3.1 When Visiting the Website

When you visit our website, information is automatically sent to our website's server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer (anonymized)
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, operating system

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection.

3.2 Registration and Use

When registering and using Weddy, we collect the following personal data:

  • Email address
  • Password (stored encrypted)
  • Wedding data you enter (names, dates, texts, images)
  • Guest lists and RSVP responses
  • Uploaded media (photos, documents)

The legal basis is Art. 6 para. 1 s. 1 lit. b GDPR (contract fulfillment).

4. Data Transfer

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

  • You have given your express consent (Art. 6 para. 1 s. 1 lit. a GDPR)
  • The transfer is necessary for contract processing (Art. 6 para. 1 s. 1 lit. b GDPR)
  • There is a legal obligation (Art. 6 para. 1 s. 1 lit. c GDPR)

5. Services and Processors Used

5.1 Supabase (Database and Authentication)

We use Supabase for data storage and user authentication. The servers are located in the European Union (AWS eu-central-1, Frankfurt). Processing is based on Art. 6 para. 1 s. 1 lit. b GDPR.

Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992

Supabase Privacy Policy

5.2 Stripe (Payment Processing)

We use Stripe for payment processing. The following data is transmitted to Stripe during payment: email address, payment information. Processing is based on Art. 6 para. 1 s. 1 lit. b GDPR.

Provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA

Stripe Privacy Policy

5.3 Resend (Email Delivery)

We use Resend for sending emails (confirmations, RSVP notifications). Email address and name are transmitted to Resend. Processing is based on Art. 6 para. 1 s. 1 lit. b GDPR.

Provider: Resend, Inc., 2261 Market Street #4059, San Francisco, CA 94114, USA

Resend Privacy Policy

5.4 OpenAI (AI Features)

We use the OpenAI API for AI-powered features such as text generation and the help assistant. Texts you enter may be transmitted to OpenAI. Processing is based on Art. 6 para. 1 s. 1 lit. a GDPR (consent) or Art. 6 para. 1 s. 1 lit. b GDPR (contract fulfillment for premium features). OpenAI does not store data to improve their models when using the API.

Provider: OpenAI, LLC, 3180 18th Street, San Francisco, CA 94110, USA

OpenAI Privacy Policy

5.5 Upstash (Rate Limiting)

To protect against abuse, we use Upstash Redis for rate limiting. Anonymized access data is temporarily stored. Processing is based on Art. 6 para. 1 s. 1 lit. f GDPR (legitimate interest in security).

Provider: Upstash, Inc.

Upstash Privacy Policy

6. Cookies

We use cookies to make our website user-friendly. Cookies are small text files that are stored on your device.

6.1 Necessary Cookies

These cookies are essential for the website to function and cannot be disabled. They include:

  • Session cookies for login
  • Security cookies (CSRF protection)
  • Cookie preference cookie

Legal basis: Art. 6 para. 1 s. 1 lit. f GDPR (legitimate interest)

6.2 Analytics Cookies (optional)

With your consent, we use analytics cookies to understand and improve the use of our website. These cookies are only activated after your explicit consent.

Legal basis: Art. 6 para. 1 s. 1 lit. a GDPR (consent)

7. Your Rights

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about your data stored with us.
  • Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR): You can request the deletion of your data, provided there are no legal retention obligations.
  • Right to Restriction (Art. 18 GDPR): You can request the restriction of processing of your data.
  • Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21 GDPR): You can object to the processing of your data.
  • Withdrawal of Consent (Art. 7 para. 3 GDPR): You can revoke a given consent at any time.

To exercise your rights, please contact: info@weddysuite.com

8. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The supervisory authority responsible for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
https://datenschutz.hessen.de

9. Data Security

We use technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures include:

  • SSL/TLS encryption for all data transfers
  • Encrypted storage of passwords (bcrypt)
  • Row Level Security (RLS) at database level
  • CSRF protection for all forms
  • Rate limiting against abuse
  • Regular security updates

10. Storage Duration

We only store your personal data for as long as is necessary to fulfill the purposes for which it was collected or as required by law.

  • Account data: Until deletion of your account
  • Wedding data: Until deletion of your wedding or account
  • Billing data: 10 years (legal retention period)
  • Log files: 30 days

11. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to adapt it to changed legal situations or changes to the service and data processing. The current version is always available on our website.

Last updated: January 2026