1. Introduction
Pinnacle Weddings ("Pinnacle," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our website, applications, and services (the "Service").
This Policy applies to account holders ("Couples" or "Users"). If you are a wedding guest responding to an RSVP without creating an account, see Section 8 (Guest Data) and our Guest Data Notice.
2. Information We Collect
Information you provide
- Account information: name, email address, password (stored hashed by our auth provider).
- Wedding profile: couple names, wedding date, venue details, budget, checklist, timeline, seating, and other planning data you enter.
- Guest data: names, email addresses, phone numbers, mailing addresses, RSVP status, meal choices, allergies, dietary restrictions, accessibility needs, plus-one information, and notes you upload or guests submit via RSVP.
- Vendor data: vendor names, contacts, quotes, contract text, and uploaded contract files.
- Payment information: processed by Stripe; we receive subscription status and limited billing metadata, not full card numbers.
- Communications: support emails and feedback you send us.
Information collected automatically
- Device and usage data: IP address, browser type, pages visited, and timestamps when you use the Service.
- Cookies and similar technologies: authentication session cookies required to keep you logged in (see our Cookie Policy).
- Log data: server logs for security, debugging, and performance.
Information from third parties
- Stripe: payment and subscription status.
- Supabase: authentication events.
3. How We Use Information
We use personal information to:
- Provide, maintain, and improve the Service.
- Authenticate users and secure accounts.
- Process subscriptions and send billing-related communications.
- Enable RSVP collection, wedding websites, email notifications, PDF exports, and AI-assisted features.
- Respond to support requests and send service announcements.
- Detect fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our Terms.
- Analyze aggregated, de-identified usage to improve the product.
4. Legal Bases for Processing (EEA/UK)
If you are in the European Economic Area or United Kingdom, we process personal data based on: (a) performance of our contract with you; (b) your consent where required (e.g., marketing); (c) legitimate interests in operating and securing the Service; and (d) compliance with legal obligations.
When we process guest data on your behalf, you are the controller and we act as processor under our Data Processing Addendum.
6. Data Retention
We retain account and wedding data while your account is active and for a reasonable period afterward to allow reactivation, resolve disputes, and comply with law.
When you delete your account or request deletion, we will delete or anonymize personal data within 90 days except where retention is required for legal, tax, or legitimate business purposes (e.g., billing records).
Backups may retain data for a limited period before automatic purging.
7. Security
We implement administrative, technical, and organizational measures including encryption in transit, access controls, and row-level security in our database. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
You are responsible for safeguarding your password and for how you share wedding website links, RSVP URLs, and exported PDFs containing guest information.
8. Guest and RSVP Data
When you use guest list or RSVP features, you determine what data to collect and how to use it. Guests who submit RSVPs without accounts should be directed to your privacy notice and our Guest Data Notice.
Guests may contact the wedding couple directly to access or correct their RSVP information. Couples may export, update, or delete guest records through the Service.
9. Your Rights and Choices
Depending on your location, you may have the right to:
To exercise these rights, email hello@pinnacleweddings.com. We may verify your identity before responding. We will respond within the timeframe required by applicable law.
- Access, correct, or delete personal information we hold about you.
- Export your data in a portable format where technically feasible.
- Object to or restrict certain processing.
- Withdraw consent where processing is consent-based.
- Lodge a complaint with a supervisory authority.
10. California Privacy Rights (CCPA/CPRA)
California residents may request disclosure of categories of personal information collected, sources, purposes, and third parties with whom we share data. We do not sell personal information as defined by California law.
You may request deletion and correction subject to exceptions. We will not discriminate against you for exercising privacy rights.
Authorized agents may submit requests with proof of authorization.
11. International Transfers
We are based in the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the U.S. and other countries where our providers operate.
Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for transfers from the EEA/UK.
12. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. Contact us if you believe we have collected such information and we will delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. Material changes will be communicated by email or in-app notice where required by law.
14. Contact Us
Privacy questions or requests: hello@pinnacleweddings.com
