Privacy Policy
This Privacy Policy explains how Bodaya collects, uses, stores, and protects personal data when people use our website, platform, wedding websites, dashboards, guest and RSVP features, registry and payment-related features, and related services.
This policy is intended to support transparency under the GDPR, LOPDGDD, and LSSI-CE where Spain and the European Union are relevant.
1. Who is responsible for your data
| Field | Details |
|---|---|
| Name | bodaya |
| Website | www.bodaya.es |
| Data protection contact | hello@bodaya.es |
| Support contact | hello@bodaya.es |
For some guest, RSVP, contribution, and wedding website data, the couple or event organizer may also act as an independent controller or as the main controller because they decide what information to add, publish, request, and use. Bodaya may process that data on their behalf to provide the platform.
2. Personal data we collect
- Account and couple/user data, such as name, email address, authentication data, wedding or event details, language preferences, dashboard activity, and billing or subscription information where applicable.
- Guest and attendee data, such as names, emails, phone numbers, RSVP responses, meal preferences, attendance information, tags, notes, and event messages where provided.
- Registry and payment data, such as gift or contribution information, amount, currency, payment status, Stripe checkout, payment, customer, or connected-account identifiers, and transaction metadata. Bodaya does not store full card numbers.
- Technical and security data, such as IP address, device and browser information, logs, session data, security and fraud-prevention signals, cookie choices, and consent preferences.
- Support and communications data, such as support messages, access requests, feedback, password reset records, and email communication records.
3. Why we use personal data and legal bases
| Purpose | Examples | Legal basis |
|---|---|---|
| Account creation and access | Create accounts, authenticate users, maintain sessions, and manage language preferences. | Contract |
| Platform operation | Run wedding websites, dashboards, guest lists, RSVP flows, registries, translations, uploads, and related features. | Contract |
| Registry, gifts, payments, and order records | Process contributions, payment status, Stripe metadata, receipts, reconciliation, and payment-risk review. | Contract, legal obligation, legitimate interests |
| Service emails | Send signup, password reset, RSVP, contribution, thank-you, support, and operational messages. | Contract, legitimate interests, consent where required |
| Security and fraud prevention | Protect accounts, forms, private wedding websites, admin tools, payments, and platform integrity. | Legitimate interests, legal obligation |
| Product improvement | Improve performance and product quality, including optional analytics if accepted. | Legitimate interests, consent for optional cookies |
| Marketing and newsletters | Send optional updates or campaigns when users subscribe or where otherwise permitted. | Consent or legitimate interests where allowed |
4. Processing by form or feature
- Account registration and login: we use account details to create, secure, and manage your Bodaya account.
- Wedding/event profile and website: we use event details, content, images, files, venues, schedules, travel information, FAQs, and publication settings to build and host your wedding or event website.
- Guest list and RSVP forms: we use guest details and RSVP answers to help organizers manage attendance, logistics, and event communications.
- Registry, gift, contribution, and payment forms: we use contributor and payment-related data to process contributions, notify the couple, and keep necessary records.
- Contact, support, and access forms: we use your message and contact details to respond and manage the request.
- Newsletter or updates checkbox: we use your email to send optional updates only where you opt in or where permitted by law.
- Admin, verification, and compliance documents: where applicable, we use operational records to review security, payment readiness, risk, support, and privacy requests.
5. Who we share data with
- Payment providers, including Stripe and Stripe Connect.
- Hosting, database, storage, and deployment providers, including Vercel and Supabase or equivalent providers.
- Email and newsletter providers, including Resend and Mailchimp where used.
- Media, font, and address-search providers, including Pexels, Pixabay, Google Fonts, and OpenStreetMap/Nominatim where used.
- Analytics providers only if enabled and only where permitted by consent or law.
- Support, security, logging, legal, accounting, and compliance providers.
- Authorities, courts, regulators, or other parties where required by law or necessary to protect rights, safety, security, or legal claims.
6. International transfers
Some providers may process data outside the European Economic Area. Where this happens, Bodaya relies on appropriate safeguards required by data protection law, such as adequacy decisions, Standard Contractual Clauses, or equivalent contractual and technical protections.
7. How long we keep data
- Account data: while the account is active and for a reasonable period after closure.
- Wedding/event, website, registry, guest list, RSVP, upload, and translation data: while the account or workspace is active, unless deleted earlier or retained where required.
- Payment and transaction records: as needed for accounting, tax, fraud prevention, disputes, legal claims, and payment reconciliation.
- Support messages and privacy requests: for as long as needed to handle the request and document compliance.
- Cookie consent records: normally for up to 6 months unless changed earlier or renewed after a material policy change.
- Security logs, audit logs, and rate-limit records: for a limited period needed to protect the platform and investigate abuse, fraud, or unauthorized access.
8. Mandatory and optional fields
Fields marked as required are necessary to provide the requested service. If you do not provide them, Bodaya may not be able to create an account, process a request, complete a payment, manage an RSVP, publish a website, or provide the relevant feature.
9. Your rights
- Access your personal data.
- Correct inaccurate data.
- Request deletion.
- Request restriction of processing.
- Object to certain processing.
- Request data portability.
- Withdraw consent.
- Lodge a complaint with a data protection authority. In Spain, you may contact the Agencia Espanola de Proteccion de Datos (AEPD).
10. Security
Bodaya uses technical and organizational measures designed to protect personal data, including secure authentication, HTTP-only session cookies, access controls, rate limiting, form challenge checks, audit logging, secure hosting, and restricted administrative access. No online service can guarantee absolute security, but we work to protect the data we process.
11. Social media
If you interact with Bodaya through social networks, the relevant social network may also process your data under its own privacy policy. Bodaya may process public profile information, messages, comments, and interaction data only to respond to your interactions, manage our relationship with you, and share information about Bodaya.
12. Children
Bodaya is intended for adult account holders. If children’s information is provided as part of guest or event planning, the account holder or organizer is responsible for ensuring they have the appropriate authority to provide it.
13. Changes
We may update this Privacy Policy from time to time. If changes are significant, we will take reasonable steps to notify users or make the changes clear on the platform.
14. Contact
| Field | Details |
|---|---|
| Name | bodaya |
| hello@bodaya.es |