SoInvitedSoInvited
LoginGet started

Privacy Policy

We care about your privacy. This policy explains what information we collect when you use SoInvited, how we use it, and your rights. We never sell your personal data.

Last updated:

Who we are

SoInvited is a wedding platform that helps couples create a personalised wedding website with matching stationery, manage their guest list and RSVPs, and collect photos from their guests. We operate under the trading name “SoInvited”. You can contact us at hello@soinvited.com.

We are the data controller for account data (your name, email, and account settings). For guest data entered by couples (such as guest names, emails, RSVP responses, and dietary requirements), the couple is the data controller and SoInvited acts as the data processor. See our Terms of Service for the full Data Processing Agreement.

What data we collect

Couples (account holders)

  • Account information: Name, email address, password (we never store your password in plain text)
  • Wedding details: Event date, venue, guest list, and site content you create
  • Uploaded media: Photos and other files you upload to your site
  • Usage data: How you interact with the builder app
  • Payment information: Processed by Stripe. We do not store your card details

Guests (site visitors)

This data is provided by the couple or by guests interacting with the couple’s site. The couple is the data controller for this information.

  • Name, email address
  • RSVP responses, dietary requirements, plus-one details
  • Photos uploaded to the couple’s site

If you are a wedding guest, here is what you should know about your photos:

  • Your photos are stored securely in the EU (DigitalOcean Frankfurt)
  • Photos are automatically tagged with descriptive labels (“ceremony”, “reception”) using AI. No facial recognition is used
  • The couple who created the site is the data controller for your photos
  • The couple can download and share your photos
  • You can request deletion of your photos by contacting the couple or emailing us at hello@soinvited.com
  • Your photos are never used to train AI models

Marketing site visitors

  • Analytics data via PostHog (only with your consent; see our Cookie Policy)
  • Cookie preferences

How we use your data

  • Provide and operate the service: hosting your wedding site, managing RSVPs, storing photos (lawful basis: contract performance)
  • Process payments: handling subscriptions via Stripe (lawful basis: contract performance)
  • Send transactional emails: password resets, account notifications (lawful basis: contract performance)
  • Send marketing emails: product updates and tips (lawful basis: consent; you can unsubscribe at any time)
  • Understand how our site is used and improve it: PostHog analytics, only when you accept cookies (lawful basis: consent)
  • Protect against fraud and abuse (lawful basis: legitimate interest)

AI-powered features

SoInvited uses artificial intelligence to enhance the service in two ways:

Photo auto-tagging

When guests upload photos, we use AI to automatically tag them with descriptive labels, for example “ceremony” or “reception”. This helps couples and guests browse and find photos by event moment.

This analysis identifies scenes and events in photos. It does not perform facial recognition or identify specific individuals. Photos are not categorised based on who appears in them.

Photos are sent to our AI provider (Anthropic, via Vercel AI Gateway) for real-time analysis only. Photos are not stored by the AI provider after processing and are not used to train AI models.

Site personalisation

During onboarding, we use AI to generate personalised content for your wedding site based on details you provide (your names, event date, venue, and story). This data is processed in real-time and not retained by the AI provider.

Legal basis: Legitimate interest in organising event photos efficiently and personalising site content. You can object to AI processing by contacting us at hello@soinvited.com.

Who we share your data with

We share your data only with the service providers we need to operate SoInvited:

ServicePurposeData processedLocation
VercelApp hostingRequest logs, IP addressesGlobal CDN
Render.comAPI server hostingAll service dataEU
DigitalOcean SpacesPhoto & media storageUploaded photos & mediaEU (Frankfurt)
Anthropic (via Vercel AI Gateway)AI photo tagging & site personalisationGuest photos; couple detailsUS (DPF certified, zero data retention)
StripePayment processingPayment details, emailEU/US (DPF certified)
ResendTransactional & marketing emailEmail addresses, namesUS (DPF certified)
PostHogAnalyticsUsage data (anonymised)EU
MapboxMap renderingIP addressesUS (DPF certified)

We do not sell your personal data to anyone. We do not use your content to train AI models.

How long we keep your data

Data typeRetention period
Account dataWhile your account is active + 30 days after deletion
Wedding site & guest dataWhile your site is active; deleted 30 days after account deletion
Uploaded photos & mediaSame as above
AI-generated tagsDeleted when the associated photo is deleted
Payment records7 years (Irish tax/legal requirements)
Analytics dataPer PostHog session duration; anonymised

Your rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Deleteyour data (“right to be forgotten”)
  • Restrict processing of your data
  • Object to processing of your data
  • Data portability: receive your data in a structured format
  • Withdraw consent at any time
  • Lodge a complaint with the Irish Data Protection Commission (DPC)

To exercise any of these rights, email hello@soinvited.com. We will respond within 30 days.

International data transfers

Your data is primarily stored in the EU. We use Render.com for the API server and DigitalOcean Frankfurt for media storage.

Where data is transferred to the US (Anthropic, Stripe, Resend, Mapbox), these providers are certified under the EU-US Data Privacy Framework. Vercel serves apps from global edge locations; request logs are subject to Vercel’s DPA and Standard Contractual Clauses.

Data security

We protect your data with:

  • Encryption in transit (TLS)
  • Passwords are never stored in plain text
  • Access controls and regular backups
  • Zero data retention for AI processing: photos are analysed in real-time and not persisted by the AI provider

Children’s privacy

SoInvited is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@soinvited.com.

Changes to this policy

We may update this policy from time to time. Account holders will be notified by email of significant changes. The “last updated” date at the top of this page reflects the latest version.

Contact us

If you have any questions about this privacy policy or how we handle your data, email us at hello@soinvited.com.