Privacy Policy

For some guest, RSVP, card-gift, registry, and wedding website data, the couple or event organizer may also act as an independent controller or as the main controller because they decide what information to add, publish, request, and use. Bodaya may process that data on their behalf to provide the platform.

For payment processing, card checkout, connected-account onboarding, identity or business verification, fraud controls, disputes, and payout-related data, Stripe may act as an independent controller or payment provider under Stripe's own terms, privacy notices, and legal obligations.

• Account and couple/user data, such as name, email address, authentication data, wedding or event details, language preferences, dashboard activity, and platform fee, checkout, or payment-related information where applicable.
• Guest and attendee data, such as names, emails, phone numbers, RSVP responses, meal preferences, attendance information, tags, notes, and event messages where provided.
• Registry and payment data, such as gift or contribution information, amount, currency, payment status, Stripe checkout, payment, customer, or connected-account identifiers, and transaction metadata. Bodaya does not store full card numbers.
• Technical and security data, such as IP address, device and browser information, logs, session data, security and fraud-prevention signals, cookie choices, and consent preferences.
• Support and communications data, such as support messages, access requests, feedback, password reset records, and email communication records.

• Account registration and login: we use account details to create, secure, and manage your Bodaya account.
• Wedding/event profile and website: we use event details, content, images, files, venues, schedules, travel information, FAQs, and publication settings to build and host your wedding or event website.
• Guest list and RSVP forms: we use guest details and RSVP answers to help organizers manage attendance, logistics, and event communications.
• Registry, gift, contribution, and payment forms: we use contributor and payment-related data to process contributions, notify the couple, and keep necessary records.
• Contact, support, and access forms: we use your message and contact details to respond and manage the request.
• Newsletter or updates checkbox: we use your email to send optional updates only where you opt in or where permitted by law.
• Admin, verification, and compliance documents: where applicable, we use operational records to review security, payment readiness, risk, support, and privacy requests.

• Payment providers, including Stripe and Stripe Connect, for card checkout, connected-account onboarding, payment processing, fraud controls, disputes, and payout-related workflows.
• Hosting, database, storage, and deployment providers, including Vercel and Supabase or equivalent providers.
• Email and communication providers, including Resend and any newsletter provider enabled for optional communications.
• Media, font, map, and address-search providers where a feature loads those services, including Google Fonts and OpenStreetMap/Nominatim, and image providers such as Pexels or Pixabay where selected media is used.
• Analytics providers only if enabled and only where permitted by consent or law.
• Support, security, logging, legal, accounting, and compliance providers.
• Authorities, courts, regulators, card networks, banks, payment providers, or other parties where required by law or necessary to protect rights, safety, security, payment integrity, or legal claims.

Stripe may process payment and connected-account data under its own terms and privacy notices. Bodaya does not receive or store full card numbers.

Some providers may process data outside the European Economic Area. Where this happens, Bodaya relies on appropriate safeguards required by data protection law, such as adequacy decisions, Standard Contractual Clauses, or equivalent contractual and technical protections.

• Account data: while the account is active and then for the period needed for legal, accounting, security, dispute, support, and compliance purposes.
• Wedding/event, website, registry, guest list, RSVP, upload, and translation data: while the account or workspace is active, unless deleted earlier or retained where required.
• Payment and transaction records: as needed for accounting, tax, fraud prevention, disputes, legal claims, payment reconciliation, and payment-provider requirements.
• Support messages and privacy requests: for as long as needed to handle the request and document compliance.
• Cookie consent records: normally for up to 6 months unless changed earlier or renewed after a material policy change.
• Security logs, audit logs, and rate-limit records: for the period needed to protect the platform, investigate abuse, prevent fraud, and maintain reliable service.

Fields marked as required are necessary to provide the requested service. If you do not provide them, Bodaya may not be able to create an account, process a request, complete a payment, manage an RSVP, publish a website, or provide the relevant feature.

• Access your personal data.
• Correct inaccurate data.
• Request deletion.
• Request restriction of processing.
• Object to certain processing.
• Request data portability.
• Withdraw consent.
• Lodge a complaint with a data protection authority. In Spain, you may contact the Agencia Espanola de Proteccion de Datos (AEPD).

Bodaya uses technical and organizational measures designed to protect personal data, including secure authentication, HTTP-only session cookies, access controls, rate limiting, form challenge checks, audit logging, secure hosting, and restricted administrative access. No online service can guarantee absolute security, but we work to protect the data we process.

If you interact with Bodaya through social networks, the relevant social network may also process your data under its own privacy policy. Bodaya may process public profile information, messages, comments, and interaction data only to respond to your interactions, manage our relationship with you, and share information about Bodaya.

Bodaya is intended for adult account holders. If children’s information is provided as part of guest or event planning, the account holder or organizer is responsible for ensuring they have the appropriate authority to provide it.

We may update this Privacy Policy from time to time. If changes are significant, we will take reasonable steps to notify users or make the changes clear on the platform.