Privacy Policy

1. Introduction

Bridy ("we", "our", "us") is a one-time digital wedding invitation service operated by Bridy, Inc., 123 Healdsburg Avenue, Healdsburg, California, USA. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit bridy.example or use our service.

If you live in the European Economic Area, the United Kingdom, or Switzerland, references to GDPR apply to you. If you are a California resident, references to the CCPA apply. Where there is doubt, we honor the higher standard.

2. Data controller

For visitors in the EEA, UK, or Switzerland, the data controller is Bridy, Inc. You can reach our data protection contact at hello@bridy.cc.

3. What data we collect

When you order an invitation

• Couple details — your names, wedding date, venue, contact details
• Account credentials — email address, hashed password
• Payment details — handled by Stripe; we never see your full card number
• Wedding content — photos, story text, music selections, and anything you upload

When your guests RSVP

On your behalf, we process whatever the RSVP form collects — typically names, plus-ones, attendance, dietary preferences, song requests.

Automatically

• Browser & device — type, OS, language, time zone
• Usage — pages visited, features used, approximate location from IP

4. How we use your data

• To deliver the service you ordered (legal basis: contract)
• To process payments (contract)
• To send transactional emails — receipts, design previews, delivery (contract)
• To improve the product (legitimate interest)
• For security and fraud prevention (legitimate interest)
• For marketing emails, only with your consent (consent)

5. Who we share data with

We share data only with vendors required to run the service:

• Stripe — payment processing
• AWS — cloud hosting (eu-west-1 and us-west-2)
• Postmark — transactional email delivery
• Plausible Analytics — privacy-respecting analytics (no cookies, no personal data)
• Sentry — error monitoring

We do not sell or rent personal data. We do not use guest data for advertising.

6. Data retention

• Couple accounts: 24 months after your wedding date, or until you request earlier deletion
• Guest data: 12 months after your wedding date
• Payment records: 7 years (legal requirement)
• Marketing email list: until you unsubscribe

7. International transfers

We are headquartered in the United States and process data in both the US and EU. For EEA, UK, and Swiss data subjects, transfers outside the EEA rely on the European Commission's Standard Contractual Clauses, plus supplementary technical and organizational measures.

8. Your rights

Depending on where you live, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data ("right to be forgotten")
• Restrict or object to processing
• Receive your data in a portable, machine-readable format
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority in your country

To exercise any of these rights, email hello@bridy.cc. We respond within 30 days.

9. Children

Our service is intended for couples aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us their data, email hello@bridy.cc and we will delete it.

10. Security

We encrypt your data in transit (TLS 1.3) and at rest (AES-256). Our processor, Stripe, is PCI DSS Level 1 certified. Bridy is independently audited to SOC 2 Type II annually. Card details are tokenized — we never see or store the raw number.

11. Changes to this policy

We may update this policy from time to time. If changes are material, we will email active customers and update the "Last updated" date at the top of this page. Continued use of the service after a change indicates acceptance of the revised policy.

12. Contact us