Privacy Policy

Last updated: June 2026

This Privacy Policy explains how BrideOS ("BrideOS", "we", "us", or "our") collects, uses, shares, and protects personal data when you use our websites, web application, mobile apps, and related services (together, the "Service"). It also describes your rights and choices. By using the Service you agree to this Policy. If you do not agree, please do not use the Service.

This Policy works together with our Terms of Service. Capitalised terms not defined here have the meaning given in the Terms.

1. Who we are & your relationship with us

For your own account information (your email, name, billing data) BrideOS acts as a data controller. For the wedding information you create inside the Service — including details about your guests, family, vendors, seating, photos, and messages — you (the account owner / couple) are the controller of that information, and BrideOS acts only as a processor handling it on your behalf and following your instructions.

This means you are responsible for having a lawful basis to upload other people's personal data (for example, your guests' names, emails, phone numbers, dietary needs, or photos), and for obtaining any consent required by the laws that apply to you. You agree not to upload data you are not permitted to share.

2. Data we collect

• Account data: email address, name, password hash or third-party login identifier (Google/Apple), language and locale.
• Wedding data you enter: wedding date, locations, budget figures, checklists, schedules, guest lists and RSVPs, seating plans, registry items, moodboards, and uploaded photos.
• Guest & third-party data: information you add about other people (guests, family, vendors). You are responsible for this data as described in Section 1.
• AI inputs & outputs: prompts you submit to AI features and the generated results. Do not include sensitive information you would not want processed by an AI provider.
• Payment data: processed by Stripe. We receive confirmation, plan, and limited transaction metadata — we never see or store full card numbers.
• Technical & usage data: IP address, device and browser type, app version, push-notification token (mobile), pages and features used, timestamps, and approximate region. Some of this is used for security and abuse prevention.
• Communications: messages you send us (e.g. the contact form) and our email correspondence with you.

We do not intentionally collect special-category data (such as health, religion, or ethnicity). Some wedding choices may imply such information (for example a religious ceremony); if you enter it, you do so voluntarily and consent to us processing it to provide the Service.

3. How & why we use data

• To provide, operate, and maintain the Service and your account.
• To generate AI suggestions you request and to power planning tools.
• To process payments, manage plans, and prevent fraud (via Stripe).
• To send service emails (invitations and reminders you trigger, account, security, and transactional messages) and, where permitted, product updates you can opt out of.
• To secure the Service, detect abuse, enforce our Terms, and comply with legal obligations.
• To improve the Service using aggregated or de-identified analytics.

4. Legal bases (EEA/UK users)

Where the GDPR or UK GDPR applies, we rely on: contract (to deliver the Service you requested), legitimate interests (to secure, improve, and operate the Service), consent (for optional marketing and any special-category data you choose to provide), and legal obligation (to meet our compliance duties).

5. AI features — important notice

AI-generated content (planning suggestions, budgets, timelines, copy, images, and similar) is provided for convenience and inspiration only. It may be inaccurate, incomplete, or unsuitable for your situation, and it is not professional, legal, financial, medical, or contractual advice. Always verify prices, dates, availability, and legal requirements directly with the relevant vendors and professionals before relying on them. You are solely responsible for decisions you make based on AI output.

6. Sharing & subprocessors

We do not sell your personal data and we do not share it with advertisers for their own marketing. We share data only with trusted providers who help us run the Service, under contracts that require them to protect it:

• Supabase — database, authentication, and file storage.
• OpenAI — AI generation (prompts and outputs).
• Stripe — payment processing and billing.
• Resend — outbound transactional and notification email.
• Twilio — SMS notifications (where enabled).
• Hosting & infrastructure providers — to operate and deliver the Service.

We may also disclose data if required by law, to protect our rights or users' safety, or as part of a merger, acquisition, or sale of assets (with notice where required).

7. International transfers

Our providers may process data in countries other than yours, including the United States. Where required, such transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

8. Data retention

We keep your data while your account is active and as needed to provide the Service. You can delete content at any time, and you can delete your account to remove your personal data, subject to limited retention we may need for legal, tax, security, or dispute-resolution purposes. Backups are purged on a rolling schedule.

9. Security

We use industry-standard measures including encryption in transit, row-level security so that only you and your invited collaborators can read your wedding data, access controls, and audit logging. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential and for the security of any devices you use.

10. Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to our processing of your data, to data portability, and to withdraw consent. EEA/UK users may lodge a complaint with their supervisory authority. California residents have rights under the CCPA/CPRA, including the right to know, delete, and opt out of "sale"/"sharing" — note we do not sell personal information. To exercise any right, email privacy@brideos.com; we may need to verify your identity before responding.

11. Children

The Service is intended for adults (18+) planning a wedding and is not directed to children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, contact us and we will delete it.

12. Cookies & similar technologies

We use essential cookies for sign-in and security, a preference cookie to remember your language, and limited, privacy-respecting analytics to understand usage. You can control cookies through your browser settings; disabling essential cookies may break core functionality.

13. Third-party links & vendors

The Service may link to vendors, registries, and other third-party sites we do not control. Their privacy practices are their own, and we are not responsible for them. Review their policies before sharing data.

14. Changes to this Policy

We may update this Policy from time to time. We will revise the "Last updated" date and, for material changes, provide additional notice. Your continued use of the Service after changes take effect means you accept the updated Policy.

15. Contact

Questions or requests? Email privacy@brideos.com or use our contact form. General support: support@brideos.com.

This Policy is provided for transparency and does not constitute legal advice. Laws vary by region; where a mandatory local law grants you stronger rights, that law prevails.