Privacy policy
Effective as of March 28, 2026
1. Data controller
The controller of personal data is:
- Thomas Mauconduit, sole proprietor
- SIRET: 883 092 389 00039
- Email: mauc.thomas@gmail.com
2. Collected data
On the platform (at checkout)
- Email address
- Couple first names
- Wedding date
- Administrator authentication and session data (hashed password when defined on the platform, session tokens and related technical information)
- Stripe customer identifier (payment data is processed exclusively by Stripe and is not stored by us)
On wedding websites (by the couple)
- Guest names, group associations and family links
- Guest contact details (email, phone)
- Dietary information and restrictions
- RSVP statuses and related notes
- Wedding configuration (names, date, venue, colors, images)
- Uploaded files (images, PDFs) stored on Cloudflare R2
- Text customizations (i18n)
3. Purposes of processing
- Provision and operation of the wedding website service
- Guest list and RSVP management
- Wedding website customization
- Customer relationship management and support
- Payment processing
4. Legal basis
- Performance of the contract (article 6.1.b GDPR): data collected during purchase is necessary to provide the Service.
- Consent (article 6.1.a GDPR): guest data is collected by the couple, who is responsible for obtaining their guests’ consent.
5. Recipients of the data
Data may be transmitted to the following processors strictly for the purpose of providing the Service:
- Vercel Inc. — hosting of the platform and websites
- Stripe Payments Europe Ltd — payment processing
- Turso (ChiselStrike Inc.) — database hosting
- Resend Inc. — transactional email delivery
- Cloudflare Inc. — file storage (R2)
6. Transfers outside the European Union
Some processors (Vercel, Stripe, Cloudflare) are located in the United States. These transfers are governed by Standard Contractual Clauses approved by the European Commission, in accordance with article 46 GDPR.
7. Retention period
Personal data is retained for the entire period during which the wedding website is available. All data (database, files and configuration) is deleted within one month after the website’s expiration date (i.e. one month after the wedding date).
8. Your rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your personal data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of your data
- Right to portability: receive your data in a structured format
- Right to object: object to the processing of your data
- Right to restriction: request suspension of processing
To exercise these rights, contact us at: mauc.thomas@gmail.com
You also have the right to lodge a complaint with the CNIL.
9. Cookies
The website only uses cookies strictly necessary for the operation of the service. No tracking, analytics or advertising cookies are used. No consent is required for these cookies under French law.
| Cookie | Purpose | Duration |
|---|---|---|
| wedding_admin_token | Administrator authentication session (JWT, HttpOnly) | 30 days |
| wedding_guest_id | Guest session (HttpOnly) | 90 days |
| super_admin | Super administrator authentication (JWT, HttpOnly) | 30 days |
10. Security
We implement the following security measures to protect your data:
- JWT-signed authentication tokens (HS256 algorithm)
- When applicable, passwords hashed with PBKDF2 (Web Crypto API)
- Encrypted communications in transit over HTTPS (TLS)
- Secure cookies (HttpOnly, Secure, SameSite)
- No banking data stored on our servers