Privacy Policy

1. Introduction

TheInvite.se ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform.

This policy applies to all users of TheInvite.se and complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password (encrypted)
• Event Information: Event names, descriptions, dates, locations
• Guest Information: Names, email addresses, phone numbers, attendance status, group/category assignments
• Payment Information: Processed securely through Stripe (we do not store full credit card details)
• Communications: Support messages, feedback, and correspondence

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, interaction patterns
• Device Information: IP address, browser type, device type, operating system
• Cookies: Session cookies, authentication tokens, preference settings
• Analytics Data: Event attendance metrics, check-in statistics, system performance

3. How We Use Your Information

We use the collected information for:

• Providing and maintaining the Service
• Processing subscriptions and payments
• Sending event invitations and QR codes
• Managing guest lists and check-ins
• Generating analytics and reports
• Communicating service updates and support
• Detecting and preventing fraud or abuse
• Improving our Service and user experience
• Complying with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data based on:

• Contract: Processing necessary to provide the Service you requested
• Legitimate Interest: Improving our Service, fraud prevention, security
• Consent: Marketing communications (you can opt-out anytime)
• Legal Obligation: Compliance with tax, accounting, and legal requirements

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

5.1 Service Providers

• Stripe: Payment processing
• Email Service: Sending invitations and notifications
• Hosting Provider: Vercel and database hosting
• Analytics: Service improvement and performance monitoring

5.2 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account Data: Retained until account deletion
• Event Data: Deleted 14 days after event archival (or as you configure)
• Payment Records: Retained for 7 years for tax compliance
• Support Communications: Retained for 3 years

You can request data deletion at any time (see Your Rights section below).

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure password hashing (bcrypt)
• Regular security audits and updates
• Access controls and authentication
• Regular backups and disaster recovery
• Employee confidentiality agreements

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Opt-out of marketing communications anytime
• Lodge a Complaint: File a complaint with your data protection authority

To exercise these rights, contact us at privacy@theinvite.se

9. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and core functionality
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use the Service

You can control cookies through your browser settings. Disabling certain cookies may limit functionality of the Service.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it promptly.

12. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

13. Data Controller

TheInvite.se is the data controller responsible for your personal information. You are the data controller for guest information you collect through our platform, and you are responsible for ensuring compliance with applicable data protection laws.

14. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on our Service. Continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us at:

Email: privacy@theinvite.se
Support: support@theinvite.se
Website: theinvite.se

We will respond to your request within 30 days as required by GDPR.