Privacy Policy

1. Introduction

rsvps.gr is a service operated by agile turtles ("we", "our", "us"). We are committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data when you use our wedding page and RSVP management service.

2. Data Controller

The data controller for this service is agile turtles, a company registered in Greece. For any privacy-related inquiries, contact us at hello@rsvps.gr

3. Data We Collect

We collect the following types of data:

Account Data (Wedding Organizers)

• Email address (for authentication)
• Name (optional, from Google OAuth)
• Profile picture (optional, from Google OAuth)

Wedding Content

• Partner names and wedding details
• Venue information
• Uploaded images
• Custom text and story content

Guest Data (RSVP Submissions)

• Guest name
• Email address (optional)
• Phone number (optional)
• RSVP response and meal preferences
• Messages to the couple

Analytics Data

• Page views (anonymized)
• Device type (mobile/desktop)
• Referral source
• Country (from request headers)

4. How We Use Your Data

• To provide and maintain the service
• To authenticate users and manage accounts
• To send email notifications (RSVP confirmations, updates)
• To display wedding pages to guests
• To provide analytics to wedding organizers
• To improve our service

5. Legal Basis (GDPR)

We process your data based on:

• Contract: To provide the service you signed up for
• Consent: For optional features like email notifications
• Legitimate Interest: For analytics and service improvement

6. Data Sharing

We share data with:

• Supabase (database and authentication) - Data is stored in EU data centers
• Resend (email delivery) - For sending RSVP notifications
• Fly.io (hosting) - For serving the application
• Sentry (error tracking) - For debugging issues (anonymized)

We do not sell your data to third parties. We do not use your data for advertising.

7. Data Retention

• Account data: Until you delete your account
• Wedding data: Until you delete your wedding or account
• RSVP data: Until the wedding organizer deletes it or the wedding is deleted
• Analytics data: 90 days

8. Your Rights (GDPR)

You have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Delete your data ("right to be forgotten")
• Portability: Export your data
• Object: Object to certain processing
• Withdraw consent: At any time for consent-based processing

To exercise these rights, contact us at hello@rsvps.gr

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

10. Security

We implement appropriate security measures including:

• HTTPS encryption for all data in transit
• Encrypted database storage
• Row-level security policies
• Regular security updates

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or through the service.