Privacy Policy
Draft scaffold — review with a solicitor before processing real personal data at scale. Last updated: template.
We Do (“we”, “us”) helps couples in the UK plan weddings. We are the data controller for the personal data described here and process it under UK GDPR and PECR.
What we collect
- Account data: your name, partner's name, email, and authentication details (via Supabase Auth / Google sign-in).
- Planning data: postcode, wedding date or rough window, wedding type, events, budgets and tasks you create.
- Guest data: names and, optionally, contact details and dietary needs you enter on your guests' behalf. This is sensitive — see “Guest data” below.
Why we use it (lawful basis)
- Contract & consent: to provide the planning tools you sign up for.
- We do not sell your data or use it for advertising.
- We do not market to your guests. Guest data is used only to help you plan.
Guest data
Guests have not signed up to We Do directly, so we treat their data with extra care: it is stored privately, never emailed by default, and is deleted (along with invites and seating) when you remove a guest or delete your account.
Storage & security
Data is stored in a UK/EU region with row-level security so only you can access your wedding. Connections use HTTPS. Secrets are never exposed to the browser.
Retention
We keep your data while your account is active. You can export or delete it at any time from Settings; deletion is immediate and permanent.
Your rights
- Access and portability — export your data as JSON from Settings.
- Erasure — delete your account and all associated data from Settings.
- Rectification — edit your details at any time.
- To complain, contact the ICO (ico.org.uk).
Contact
Privacy questions: privacy@yourdomain.co.uk (placeholder — set a real contact).