Privacy Policy
Summary
We respect your privacy. This policy explains what we collect, why, how long, and your rights.
What we collect
- Account & billing data (email, password hash, subscription status; via Stripe).
- Product usage (basic server logs & security events).
- Event data you create (names, seating, menu selections). Allergy fields may contain health data.
Why we process
- Contract: provide the app, support, and billing.
- Legitimate interests: keep the service secure, prevent abuse.
- Consent: allergy info (guests explicitly consent in the form) and any optional communications.
Data roles
For guests’ event data, you (organiser) are data controller and we are processor; for your account/billing data, we are controller.
Retention
- Events auto-archive 7 days after the event date.
- Archived events auto-delete after 100 days unless you enable “Keep indefinitely”.
- You can delete events earlier; deleting an event removes its guests.
Sharing & subprocessors
- Stripe for payments (card data goes to Stripe).
- Database/hosting providers used to run the app.
- We do not sell personal data.
Security
We use HTTPS, hashed passwords, session cookies with httpOnly and sameSite=lax, rate-limits, and access controls. You must also protect administrator access to your account.
Your rights
Depending on your location, you may have rights to access, correct, delete, or port your data and to object/restrict certain processing. Contact us to exercise your rights.