Privacy Policy

Last Updated: February 10, 2026

At iDoTogether, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding your information.

Information We Collect

Account Information

  • Email address
  • Name
  • Password (encrypted)
  • Authentication tokens

Wedding Information

  • Wedding date and location
  • Partner names
  • Event details
  • RSVP deadlines and settings

Guest Information

  • Names, email addresses, phone numbers
  • Mailing addresses
  • RSVP responses
  • Meal preferences and dietary restrictions
  • Song requests and messages

Payment Information

  • Billing address and phone number (collected at checkout)
  • Payment card information (processed by Stripe - we never store full card numbers)
  • Purchase history and subscription status

Usage Data

  • Pages visited and features used
  • Device information and browser type
  • IP address and location data
  • Login times and session duration

How We Use Your Information

To Provide Our Service

  • Create and manage your wedding account
  • Process guest RSVPs and collect information via magic links
  • Generate exports and reports
  • Send notifications about guest responses

For Payment Processing

  • Process payments for paid tiers
  • Send receipts and invoices
  • Manage subscription status and billing
  • Handle refunds and disputes

For Communication

  • Send important account and service updates
  • Respond to support requests
  • Send promotional emails (you can opt out)
  • Notify you of new features

To Improve Our Service

  • Analyze usage patterns and feature adoption
  • Fix bugs and technical issues
  • Develop new features
  • Optimize performance

How We Store Your Data

Data Storage

  • Primary database: Supabase (PostgreSQL) - SOC 2 Type II certified
  • Payment data: Stripe - PCI-DSS Level 1 certified
  • File uploads: Supabase Storage (encrypted at rest)
  • Backups: Automated daily backups with 30-day retention

Data Security

  • All data encrypted in transit using HTTPS/TLS
  • Database encryption at rest (AES-256)
  • Password hashing using industry-standard algorithms
  • Regular security audits and penetration testing
  • Two-factor authentication available (future feature)

Data Sharing and Third Parties

We Share Data With:

  • Stripe: Payment processing (Privacy Policy)
  • Supabase: Database and authentication (Privacy Policy)
  • Google: OAuth authentication (optional, if you use Google sign-in)

We Never:

  • Sell your data to advertisers or data brokers
  • Share guest information with third-party vendors without consent
  • Use your data for training AI models
  • Send marketing emails to your guests (unless you explicitly request it)

Your Rights and Choices

Access and Export

  • Export your guest list in multiple formats (CSV, The Knot, Zola)
  • Request a complete copy of your data by emailing support

Update and Correct

  • Edit wedding details in your settings
  • Update or delete guest information anytime
  • Change your email address or password in account settings

Delete Your Data

  • Request account deletion by emailing info@idotogether.com
  • We'll delete your data within 30 days
  • Some data may be retained for legal/accounting purposes (payment records)

Marketing Communications

  • Unsubscribe from promotional emails via link in any email
  • You'll still receive essential service emails (password resets, payment receipts)

Cookies and Tracking

Essential Cookies

  • Authentication: Keep you logged in (required for service)
  • Session management: Remember your preferences during a session

Analytics Cookies (Optional)

  • Track page views and feature usage
  • Understand how users navigate the app
  • You can opt out via cookie banner or browser settings

No Advertising Cookies

We do not use advertising cookies or allow third-party advertisers to track you on our platform.

Data Retention

  • Active accounts: Data retained as long as account is active
  • Deleted accounts: Data deleted within 30 days (except legal/financial records)
  • Payment records: Retained for 7 years for tax/legal compliance
  • Backups: Deleted data purged from backups within 30 days

International Data Transfers

Our services are hosted in the United States. By using iDoTogether, you consent to the transfer and processing of your data in the U.S. and other countries where our service providers operate.

  • EU users: We rely on Standard Contractual Clauses (SCCs) for data transfers
  • GDPR compliance: EU residents have additional rights (see below)

Children's Privacy

iDoTogether is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

GDPR Rights (EU Residents)

If you are in the European Union, you have additional rights:

  • Right to access: Request a copy of your data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion ("right to be forgotten")
  • Right to restriction: Limit how we process your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing for direct marketing
  • Right to withdraw consent: Withdraw consent at any time

To exercise these rights, email info@idotogether.com

CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use it
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we don't sell data)
  • Non-discrimination for exercising your rights

Changes to This Privacy Policy

  • We may update this policy from time to time
  • We'll notify you of significant changes via email or dashboard notice
  • "Last Updated" date at the top shows when policy was last modified
  • Continued use after changes constitutes acceptance of the new policy

Data Breach Notification

In the event of a data breach affecting your personal information:

  • We'll notify you within 72 hours of discovery
  • We'll inform relevant authorities as required by law
  • We'll take immediate steps to secure the breach

Contact Us

Questions or concerns about your privacy? We're here to help: