Privacy Policy
Version 1.0.0 - Effective: 13 January 2025
1. Introduction and Data Controller
PerfectDay Weddings ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our wedding planning application.
Data Controller: PerfectDay Weddings
Contact: support@perfectday-weddings.com
Jurisdiction: United Kingdom
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Data We Collect
2.1 Account Data
When you use PerfectDay Weddings, we collect:
- Anonymous identifier: A unique ID generated when you first open the app. No email required.
- Email address: Only if you choose to link an email account for backup and cross-device sync.
- Display name: Optional, if you choose to set one.
You can use PerfectDay Weddings anonymously. Email linking is entirely optional and used only if you want cloud sync or account recovery features.
2.2 Wedding Planning Data
Data you enter about your wedding, including:
- Partner names and wedding date
- Venue and event details
- Budget categories, amounts, and payment schedules
- Tasks, timelines, and checklists
- Vendor information (names, contact details, quotes, contracts)
- Honeymoon plans and post-wedding items
2.3 Guest Data
Information about your wedding guests:
- Names, email addresses, phone numbers, and addresses
- Relationship groups (family, friends, colleagues)
- RSVP status and response dates
- Table assignments and seating preferences
- Whether a guest is a child
2.4 Dietary and Health Information
Special Category Data: Dietary requirements and food allergies may reveal health conditions or religious beliefs. We process this data only with your explicit consent, solely to help you plan catering for your wedding.
- Dietary requirements and restrictions
- Food allergies
- Meal preference selections
- Plus-one dietary information
2.5 RSVP Data
When guests respond via RSVP links:
- Attendance confirmation
- Meal choices from your predefined menu options
- Dietary requirements and notes
- Plus-one information (if applicable)
RSVP links use secure tokens. Guests access only their own information - never your full guest list.
2.6 Purchase and Entitlement Data
If you purchase premium features:
- Which premium tier you purchased (Command or Director)
- Purchase timestamp and platform (iOS/Android)
- Transaction identifier (for support queries)
- Entitlement status and history
We do not receive or store your payment card details. All payments are processed securely by Apple App Store or Google Play Store.
2.7 Collaborator Data
If you invite others to help plan your wedding:
- Email addresses of invited collaborators
- Permission level (viewer or editor)
- Invitation and acceptance timestamps
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Providing the wedding planning service | All wedding planning data, guest data, budget data |
| Enabling cloud sync across devices | Account data, wedding data (only if you enable sync) |
| Processing RSVP responses from guests | Guest data, dietary information, RSVP responses |
| Managing collaboration access | Collaborator email addresses, permission levels |
| Providing premium features | Entitlement data, account identifier |
| Protecting against abuse of RSVP links | Hashed IP addresses (not raw IPs), rate limit counters |
| Customer support | Account data, transaction IDs, technical logs |
We do not use your data for advertising. We do not sell your data. We do not share your data with third-party marketers.
4. Legal Basis for Processing (GDPR Article 6)
| Processing Activity | Legal Basis |
|---|---|
| Providing the core wedding planning service | Contract: Necessary to provide the service you requested |
| Processing dietary/health information | Explicit Consent: You actively enter this data for catering planning |
| Cloud sync and backup | Consent: You choose to enable these features |
| Processing payments via app stores | Contract: Necessary to fulfil your purchase |
| RSVP rate limiting and security | Legitimate Interest: Protecting the service from abuse |
| Maintaining consent records | Legal Obligation: GDPR compliance requirements |
5. Data Storage and Security
5.1 Local Storage (Your Device)
PerfectDay Weddings is designed offline-first. Your wedding planning data is stored primarily on your device.
- Encryption at rest: All sensitive data is encrypted using AES-256-GCM encryption
- Key storage: Encryption keys are stored in hardware-backed secure storage (iOS Keychain / Android Keystore)
- Encryption keys never leave your device and are not accessible to us
5.2 Cloud Storage (Optional)
If you enable cloud sync:
- Data is stored in Google Firebase Firestore
- Data is encrypted in transit using TLS 1.3
- Firebase infrastructure is located in the European Union (EU/EEA region)
- Access is controlled by security rules that enforce your permissions
5.3 Automatic Backups
The app creates automatic local backups before potentially destructive operations (like deleting a wedding). These backups:
- Are stored locally on your device
- Are retained for up to 90 days
- Maximum of 5 rolling backups kept
- Can be manually deleted by you at any time
5.4 Export Files
When you export data (PDF, CSV, JSON), these files are saved to your device. You are responsible for the security of exported files.
6. Third-Party Services
We use the following third-party services:
6.1 Google Firebase
- Purpose: Authentication, cloud database (Firestore), server functions
- Data shared: Account data, wedding data (if sync enabled)
- Location: European Union
- Privacy policy: firebase.google.com/support/privacy
6.2 RevenueCat
- Purpose: Managing in-app purchases and subscriptions
- Data shared: Anonymous user identifier, purchase receipts, entitlement status
- Privacy policy: revenuecat.com/privacy
6.3 Apple App Store / Google Play Store
- Purpose: Processing payments for premium features
- Data shared: We do not receive payment card details. Apple/Google handle payment processing.
We do not use third-party analytics services. We do not use advertising networks. We do not sell or share your data with data brokers.
7. RSVP Links: Guest Privacy
When you send RSVP links to wedding guests, those guests can respond without creating an account.
How RSVP Links Work
- Each RSVP link contains a secure, randomly generated token (256 bits of entropy)
- Tokens are hashed before storage - we cannot reverse them
- Guests see only their own information, never your full guest list
- Guests can only edit fields you have permitted (attendance, meal choice, dietary needs)
RSVP Security Measures
- Rate limiting: Protects against brute-force attempts
- IP hashing: We hash IP addresses for rate limiting. We do not store raw IP addresses.
- Token expiry: Links can be set to expire after a date or number of uses
- No account required: Guests respond without creating accounts or providing email addresses to us
Guest Data Retention
RSVP links are automatically deleted 30 days after your wedding date. Guest response data remains part of your wedding planning data until you delete it.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Wedding planning data | Until you delete it |
| Guest data | Until you delete it |
| RSVP share links | 30 days after wedding date, then automatically deleted |
| Unused collaboration invites | 7 days, then automatically deleted |
| Automatic backups | 90 days (maximum 5 backups) |
| Consent records | 3 years (legal compliance requirement) |
| Cloud data after account deletion | Deleted within 30 days |
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of Access
You can export all your wedding planning data at any time using the "Export Data" feature in Settings. This provides a complete copy of your data in a portable format.
Right to Rectification
You can edit any of your data directly within the app at any time.
Right to Erasure ("Right to be Forgotten")
You can delete individual weddings or all your data using the app's Settings. When you delete data:
- Local data is removed immediately from your device
- Cloud data (if sync was enabled) is deleted within 30 days
- Automatic backups remain until their retention period expires or you delete them manually
Right to Data Portability
You can export your data in JSON format, which can be used with other services.
Right to Withdraw Consent
You can withdraw consent for optional data processing at any time:
- Disable cloud sync to stop cloud data processing
- Use the "Withdraw Consent" option in Privacy Settings
- Delete dietary information if you no longer wish us to process it
Withdrawing consent does not affect the lawfulness of processing before withdrawal.
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
10. Children's Data
PerfectDay Weddings is intended for adults planning weddings. The app is not directed at children under 16.
However, wedding guest lists often include children. When you add children as guests:
- You can mark guests as children using the "is child" field
- You are responsible for having appropriate authority to include children's information
- We process children's guest data solely for your wedding planning purposes
- Children's data receives the same encryption and security protections as all other data
11. International Data Transfers
We process data primarily within the United Kingdom and European Economic Area.
- Firebase infrastructure is located in the EU
- RevenueCat may process data in the United States under Standard Contractual Clauses
- Apple and Google process payment data according to their respective privacy policies
Where data is transferred outside the UK/EEA, appropriate safeguards (such as Standard Contractual Clauses) are in place.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- The "Effective" date at the top will be updated
- The version number will be incremented
- You will be notified in the app if the changes are significant
- Continued use of the app after changes constitutes acceptance
For significant changes affecting how we process your data, we will ask you to review and accept the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:
Email: support@perfectday-weddings.com
We aim to respond to all privacy-related enquiries within 30 days.