Privacy Policy

This Privacy Policy explains how Lovento collects, uses, discloses, and protects your personal data when you use our wedding and event-management Service. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable national law.

1. Data Controller

The controller of your personal data is [COMPANY NAME], registered at [REGISTERED ADDRESS], company number [VAT/COMPANY NUMBER]. You can contact us at [email protected] for any data-protection matter.

2. Controller / Processor Roles

Lovento is the controller for personal data of account holders (couples / event organisers). When a couple uploads a guest list and uses the Service to communicate with their guests, the couple acts as the controller of the guests' personal data and Lovento acts as the processor on their behalf. The couple is responsible for ensuring a lawful basis for processing guest data and for handling guest data-subject requests, with Lovento's reasonable assistance.

3. Personal Data We Process

3.1 Account data (controller: Lovento)

• Email address (required)
• Full name (optional, provided by you)
• Hashed password (we never see or store the plain password — hashed with bcrypt)
• Account verification token and verification status
• Date of account creation, last login, last update
• Language preference

3.2 Event data (controller: Lovento, in respect of you as the organiser)

• Event title, date, venue, description, dress code, schedule
• Bride / groom names, phone numbers (optional)
• Background images, hero images, invitation media uploaded by you
• Optional gift information: IBAN, bank name, account holder name, Revolut URL — IBAN is encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256)
• Venue geolocation (used with the Google Maps API)

3.3 Guest data (controller: the couple; Lovento as processor)

• Guest email address, display name
• RSVP status (attending / declining / pending), plus-one flag, dietary notes
• Date added, last invitation sent
• Photographs uploaded by the guest, "wishes" (text messages) submitted by the guest, likes on photos

3.4 Technical and log data (controller: Lovento)

• IP address, user-agent string, timestamps of requests, error logs (for security, abuse prevention, and debugging)
• Email delivery logs (status, provider message ID, errors, attempts) for messages sent via our email provider
• Export job records (request time, status, output location, expiry)

4. Legal Bases for Processing

Purpose	Legal basis (GDPR)
Creating and operating your account, providing the Service	Art. 6(1)(b) — performance of a contract
Storing and serving photos, RSVPs, wishes you submitted	Art. 6(1)(b) — performance of a contract
Sending event-related emails to your invited guests	Couple = controller; Art. 6(1)(f) or 6(1)(a) on their side
Account verification, password security, fraud and abuse prevention	Art. 6(1)(f) — legitimate interests (security of the Service)
Optional marketing emails (product updates, newsletters, occasional offers)	Art. 6(1)(a) — consent (opt-in via unticked checkbox at registration; you may withdraw at any time)
Compliance with legal obligations (e.g. tax records, court orders)	Art. 6(1)(c) — legal obligation
Defence of legal claims	Art. 6(1)(f) — legitimate interests

Marketing consent. Promotional emails are sent only to users who have explicitly opted in by ticking the unticked optional checkbox on the registration form (a separate action from accepting the Terms). Your choice is recorded against your account. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing [email protected]. Withdrawal stops future marketing email but does not affect transactional or service-related emails, which are sent on the basis of contract performance.

5. Sub-Processors and Recipients

We share personal data with a small number of trusted vendors who process it on our behalf, under written data-processing terms (Art. 28 GDPR):

Sub-processor	Purpose	Location
Hetzner Online GmbH	Server hosting and primary database	European Union (Germany / Finland)
Cloudflare, Inc. (R2 storage)	Storage of exported event archives (ZIP files) and large media	EU storage region preferred; the company is established in the US — international transfers covered by Standard Contractual Clauses (Art. 46 GDPR)
Resend, Inc.	Transactional email delivery (verification, notifications, scheduled event emails)	EU / US — SCCs apply for any international transfer
Google LLC (Google Maps Platform)	Geocoding venue addresses for map display	US — SCCs apply

We do not sell your personal data, and we do not share it with advertisers or data brokers.

6. International Transfers

Where data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) and, where appropriate, on adequacy decisions. You can request a copy of the safeguards in place by contacting [email protected].

7. Retention Periods

• Account data: retained until you delete your account, then deleted within 30 days (a grace period during which deletion can be reversed).
• Event data and guest data: retained until the controller (you) deletes the event or the account.
• Photographs: retained while the relevant event exists; orphaned media is purged on a regular basis.
• Exported archives (ZIP): automatically deleted from Cloudflare R2 7 days after creation.
• Email-delivery logs: retained for up to 24 months for deliverability and dispute purposes.
• Security and access logs: retained for up to 12 months.
• Backups: may retain copies for a reasonable rolling window (typically up to 30 days) for disaster-recovery purposes.
• Longer retention may apply where required by law (e.g. tax, accounting) or to defend legal claims.

8. Your Rights as a Data Subject

Subject to the conditions in Articles 15–22 of the GDPR, you have the right to:

• Access — obtain confirmation of whether we process your data and a copy of it;
• Rectification — have inaccurate data corrected;
• Erasure ("right to be forgotten") — request deletion in certain circumstances;
• Restriction — limit how we process your data;
• Data portability — receive your data in a structured, machine-readable format;
• Object to processing based on legitimate interests;
• Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing);
• Not be subject to a decision based solely on automated processing producing legal or similarly significant effects — we do not perform such automated decision-making;
• Lodge a complaint with a supervisory authority. The Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα) can be reached at www.dpa.gr, Kifissias 1-3, 11523 Athens, Greece, tel. +30 210 6475600.

To exercise your rights, email [email protected]. We will respond within one (1) month, extendable by two further months for complex requests. We may need to verify your identity before acting on a request.

Guests: if your data is on the Service because a couple has added you to their guest list, please contact the couple first. We will assist them in handling your request.

9. Security

We apply appropriate technical and organisational measures, including:

• password hashing with bcrypt;
• encryption in transit (HTTPS / TLS);
• field-level encryption (Fernet) for sensitive fields such as IBAN;
• JWT-based authentication with automatic token invalidation on unauthorised responses;
• regular software updates and access controls on production infrastructure.

However, no method of storage, transmission, or security system is perfect or fully resistant to attack, hardware failure, or operator error. You acknowledge this residual risk and are encouraged to keep your own copies of important media.

10. Cookies and Local Storage

The Service does not use third-party tracking cookies, advertising cookies, or analytics tools (such as Google Analytics, Meta Pixel, etc.) at the date of this Policy. We do use browser local storage for the following strictly necessary and functional purposes:

Key	Purpose	Lifetime	Category
lovento-auth	Stores your JWT session token and minimal user profile so you remain logged in across page refreshes.	Until you log out or up to 6 months	Strictly necessary — no consent required (ePrivacy Directive Art. 5(3) exemption)
i18nextLng	Remembers your selected interface language (English or Greek).	Persistent until cleared	Functional

Because no third-party tracking is used, no cookie-consent banner is shown. If we introduce analytics or marketing tracking in the future, we will request explicit consent via a banner before any such storage is set.

11. Children

The Service is not directed to children under 18 and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email and / or in-app at least 30 days before they take effect. The "Effective date" at the top reflects the current version.

13. Contact

Questions, complaints, or requests: [email protected]. Postal: [COMPANY NAME], [REGISTERED ADDRESS].