Privacy Policy

This Privacy Policy explains what data EasyRSVP ("we", "us") collects when you create or interact with a digital invitation, how we use it, who we share it with, how long we keep it, and the choices you have. It reflects the actual data flows of our product and the categories of providers we rely on.

1. Information We Collect

Account & authentication

• Email address (used for one-time-code login).
• A short-lived 6-digit login code, hashed and stored for up to 10 minutes.
• An account identifier and session cookie issued after successful login.

Invitation content (created by you)

• Event details you choose to enter: title, description, date, time, time zone, location or address, capacity, plus-one limit, RSVP deadline, theme, font, cover image, background music selection, custom questions you add, and additional description sections you add.
• Cover images you upload or select from a stock image library.
• If you purchase a premium upgrade, the payment reference returned by our payment processor (no card details).
• If you generate a shareable video of an invitation, the URL of the rendered video on our cloud storage.

RSVP submissions (from your guests)

• Guest name, attendance status (going / not going), number of plus-ones, plus-one names if you ask for them, and answers to any custom questions you enable.
• Optional public well-wishes / guest wall messages, only if you enable that feature.
• The submission timestamp.
• We do not ask guests for phone numbers or email addresses unless you, the host, explicitly add a custom question that asks for one.

Payment data

• Payments are processed entirely by our payment processor. We do not see or store card numbers. We receive a transaction confirmation webhook containing the order and customer reference so we can unlock premium features for your invitation.

Technical & usage data

• Standard server logs: IP address, user-agent, requested path, timestamp. Your IP is also used briefly to show prices in your local currency.
• Product analytics events such as pageviews, button clicks, share actions, and A/B test assignments. When you are signed in, these events are pseudonymous and may include your account identifier and the identifier of the invitation you are viewing.
• A pseudonymous session replay (mouse movements, clicks, scrolls) may be recorded by our session-quality provider. Form inputs are masked by default.

2. How We Use Information

• Operate the service: create, display, edit, and share your invitations and collect RSVPs.
• Authenticate you (email + one-time-code login) and keep you signed in.
• Send the one-time login code by email through our transactional email provider (no marketing or newsletter emails).
• Render shareable preview videos of your invitation on demand through our cloud rendering service.
• Show location suggestions through our mapping provider when you type an address.
• Show cover image suggestions through our stock image provider when you search for photos.
• Process payments through our payment processor when you upgrade.
• Measure product usage, run A/B tests, and improve the product using pseudonymous analytics from our analytics providers.
• Enforce invitation capacity limits and act on reports of abuse or misuse of the service.

We do not sell personal information. We do not use your data to train machine learning models. We do not run advertising networks, retargeting pixels, or third-party advertising cookies on this service.

3. Categories of Recipients

We rely on a small number of third-party service providers to operate EasyRSVP. Each provider is contractually limited to processing data on our behalf and for the purpose described, and each maintains its own published privacy commitments. The categories of providers we use are:

• Authentication and account services that verify your login and keep you signed in.
• Cloud database and file storage services that host your invitation content, RSVP submissions, and any media you upload.
• Transactional email delivery used to send your one-time login code.
• Payment processing services that collect card details directly from you and notify us of completed transactions; we do not see or store card data.
• Mapping and location services that return address suggestions when you type a location.
• Stock image services that return photo suggestions when you search for a cover image.
• Product analytics and session-quality services that help us understand usage patterns and improve the product; session replays mask form input by default.
• Cloud computing services used on demand to render preview or share videos of an invitation.
• External programmatic integrations: EasyRSVP exposes a write-action tool endpoint that creates a new draft invitation record on your behalf. The tool accepts only the following optional fields: event title, short description, event date, event time, event location as freeform text (no raw coordinates), capacity, and plus-ones per primary guest. No conversation history, message content, or unrelated context is sent to us or stored. We persist the new invitation together with a randomly generated claim token and return only a single claim link to the calling assistant; we do not return internal identifiers, timestamps, or logging metadata. Opening the link and signing in transfers the invitation to that account.

Outside of these categories, we share information only when (a) you ask us to, (b) we are required to by law, or (c) it is necessary to protect the safety, rights, or property of users or the service. We do not share personal information with advertising networks or data brokers.

4. Data Retention

• One-time login codes: up to 10 minutes, then invalidated.
• Authenticated sessions: about two weeks (the session cookie expires after roughly 14 days), or until you sign out.
• Invitations & RSVP submissions: kept until you delete the invitation; deleting the invitation removes its RSVPs.
• Draft invitations created via programmatic access: kept until claimed by a user account or removed manually.
• Uploaded media: kept until you remove it or delete the invitation it belongs to.
• Server logs: retained by our hosting provider according to its standard retention window for operational diagnostics.
• Analytics data: retained by each provider according to its own policy. You can find the retention windows of major analytics providers on their respective sites.

5. Your Rights & Controls

Subject to applicable law (including the GDPR and CCPA where relevant), you can:

• Access the data you've provided through your account dashboard.
• Edit or delete any invitation you own; deleting an invitation cascades to its RSVPs.
• Download RSVP responses for invitations you own as a CSV.
• Request account deletion or full data export by emailing support@easyrsvp.net. We complete verified requests within 30 days. After deletion we may retain a minimal record (such as a payment reference or an abuse report) only where required to meet legal, tax, or anti-fraud obligations.
• Object to or restrict certain processing (analytics, session replay) by emailing the same address.
• Authorize another person to submit a request on your behalf. We will ask them to prove they are authorized, and we will verify your identity before acting on the request.

If you are located in the European Economic Area, the United Kingdom, or another region that gives you the right to lodge a complaint with a data protection authority, you may contact your local regulator if you believe we have not handled your data correctly. We would also appreciate the chance to address your concern first at support@easyrsvp.net.

We do not sell your personal information, and we do not share it with advertising partners for cross-context behavioral advertising. Because we do not engage in either practice, Global Privacy Control (GPC) and similar opt-out signals have no additional effect for us. The processors listed in the categories above only handle data to deliver the specific service we hired them for.

6. Data Security

All traffic is served over HTTPS. Authentication and database access are protected by platform security rules and server-side validation. Payments are handled by our payment processor and never touch our servers. No system is perfectly secure, and we cannot guarantee absolute security, but we apply industry-standard practices and respond promptly to reports of vulnerabilities.

7. Children's Privacy

EasyRSVP is intended for use by adults. Invitations may relate to events for children (such as birthday parties or baby showers), but invitation records must be created and managed by users who are 18 or older. We do not knowingly allow children under 18 to create accounts or submit personal information directly to us. If you believe a minor has provided us with personal information, contact support@easyrsvp.net and we will delete it.

8. International Data Transfers

Our hosting and most of our processors are located in the United States or the European Union. By using EasyRSVP, you understand that your information may be transferred to and processed in countries with different data-protection laws. Where data is transferred outside the EEA or the United Kingdom, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum where applicable, or another approved transfer mechanism offered by the relevant provider.

9. Changes to This Policy

We may update this Privacy Policy as the product evolves or laws change. We will update the "Last updated" date at the top of this page and, for material changes, surface a notice in the product. Continued use after an update means you accept the revised policy.

10. Contact

Questions, requests, or concerns: support@easyrsvp.net.