Your wedding is personal, and so is the information you trust us with. This Privacy Policy explains what MyKnotBook (“MyKnotBook”, “we”, “us”) collects, why we collect it, how we protect it, and the choices and rights you have. We handle personal data in line with the EU General Data Protection Regulation (GDPR) and apply security safeguards aligned with both GDPR and HIPAA standards.
1.Who we are
MyKnotBook is the data controller for the personal information we collect when you create and manage your account and wedding website. For any privacy question, or to exercise your rights, contact us at [email protected]. Where your wedding website collects information about your guests, you are the controller of that information and we act as your processor — see section 10.
2.Information we collect
We collect only what we need to run the Service:
- Account information — the names of the couple, your email address, and a securely hashed password. We never store your password in plain text.
- Wedding website content — the text, event details, settings, and media (such as photos) you add to your website.
- Guest & RSVP information — the responses and details your guests submit through your website, which you control.
- Payment information — when you buy Premium, our payment provider Paddle processes your payment and shares limited transaction metadata (such as confirmation and the plan purchased) with us. We do not receive or store your full card details.
- Consent records — the date and time you accepted our Terms, Refund Policy, and Privacy Policy.
- Technical & usage data — information such as your IP address, browser type, and log and security data generated when you use the Service, including data from Google reCAPTCHA used to prevent spam and abuse.
- Analytics data — aggregated and anonymised usage insights from Microsoft Clarity, which helps us understand how the Service is used and improve it.
3.How & why we use it
We use your information for the following purposes and on the following legal bases under the GDPR:
| Purpose | Legal basis |
|---|---|
| Create and operate your account and wedding website, and provide the features you use | Performance of our contract with you |
| Process Premium purchases and provide receipts | Performance of our contract; legal obligation (tax/accounting) |
| Protect accounts, prevent fraud and abuse, and keep the Service secure | Our legitimate interests |
| Respond to your support requests | Performance of our contract; legitimate interests |
| Improve reliability and understand how the Service is used | Our legitimate interests |
| Keep records that you accepted our policies | Legal obligation; legitimate interests |
| Send essential service messages (e.g. account or security notices) | Performance of our contract; legitimate interests |
We do not sell your personal data, and we do not use it for advertising profiling.
4.Records of consent
When you register, we record the moment you accept our Terms, Refund Policy, and Privacy Policy. We keep this as evidence of your consent and to meet our legal and accountability obligations.
5.When we share information
We share personal data only with service providers (“sub-processors”) that help us run the Service, and only as needed. These currently include:
| Provider | What it does for us |
|---|---|
| Paddle | Payment processing as Merchant of Record, tax, and receipts |
| Cloud hosting & database provider | Hosting your account, website, and data |
| Box | Secure storage for media you upload |
| Cloudflare | Content delivery, DNS, and protection against attacks |
| Google reCAPTCHA | Detecting and blocking automated abuse |
| Microsoft Clarity | Aggregated usage analytics to improve the Service |
We require our sub-processors to protect your data and use it only on our instructions. We may also disclose information where required by law, to protect our rights or the safety of others, or as part of a business transfer (for example, a merger), in which case we will let you know.
6.International transfers
We and our service providers may process your information in countries outside the one where you live. Where we transfer personal data internationally, we put appropriate safeguards in place — such as the European Commission’s Standard Contractual Clauses — so that your data continues to receive a level of protection consistent with the GDPR.
7.How long we keep it
We keep your personal data for as long as your account is active and for as long as we need it to provide the Service. After you close your account or ask us to delete your data, we delete or anonymise it within a reasonable period, except where we must keep certain records (for example, transaction and tax records) to comply with the law. Routine backups may persist for a limited time before being overwritten.
8.How we protect it
We take the security of your information seriously and apply administrative, technical, and organisational safeguards aligned with GDPR and HIPAA standards. These include encryption of data in transit, hashing of passwords, access controls, and ongoing monitoring. No online service can be guaranteed to be completely secure, but we work continuously to protect your data and will notify you and the relevant authorities of a personal data breach where the law requires.
9.Your privacy rights
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- delete your data (“the right to be forgotten”);
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent where we rely on it, without affecting earlier processing; and
- lodge a complaint with your local data-protection supervisory authority.
To exercise any of these rights, email [email protected]. We will respond within the timeframes required by law and may need to verify your identity first.
10.Your guests’ personal data
When your guests RSVP or submit information through your wedding website, you decide why and how that information is collected, which makes you its controller. MyKnotBook processes it on your behalf, only to provide the Service. You are responsible for having a lawful basis to collect your guests’ information and for letting them know how it will be used. If a guest contacts us directly about their data, we will refer them to you where appropriate.
11.Cookies & analytics
We use cookies and similar technologies that are necessary to keep you signed in and to keep the Service secure, and analytics tools such as Microsoft Clarity to understand usage in aggregate. You can control cookies through your browser settings, though disabling essential cookies may affect how the Service works.
12.Children’s privacy
The Service is intended for adults and is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.
13.Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for significant changes, take reasonable steps to let you know. Please review it periodically.
14.Contact us
To ask a question or exercise your privacy rights, reach out any time.
Email: [email protected]
This page explains MyKnotBook’s privacy practices in plain language. It is not legal advice.