Privacy policy

Privacy policy

with confidence

Your data and your guests' data are used to organize your wedding, not to be sold. This policy explains what Vowlora collects, why, where it is processed and how to exercise your rights.

Updated on June 1, 2026 · Version v1.0

I

Data controller

Vowlora's role depends on the processing activity.

The data controller is Enzo Guilmer, undefined, SIREN 943886077, located at 1E Rue de l'abbé reulet, 33510 Andernos. For any privacy question, the contact point is vowlora@gmail.com.

Vowlora acts as data controller for account management, billing, security, analytics, support and service operation data.

For guest data entered by organizers to plan a wedding, you determine the purposes for organizing the event. Vowlora mainly processes this data as a processor on your behalf to provide the requested features. Vowlora remains responsible for the technical processing required for security, hosting and service operation.

II

Data collected

We collect data needed for the account, the wedding and enabled modules.

Depending on your use, Vowlora may process:

  • account data: email, Supabase user identifier, login metadata and preferences;
  • wedding data: title, couple names, date, venue where applicable, tables, groups, room layout and seating configuration;
  • guest data: first name, last name, group, RSVP status, plus-ones, children, table, seating category, placement links, allergies or dietary requirements;
  • RSVP data: page code, configuration, attendance, chosen moments, menus, accommodation, transport, music requests and messages;
  • budget data: line items, amounts, vendors, payment dates, payment methods and notes;
  • menu, music and deadline data: caterer, dishes, playlists, tracks, DJ requests, tasks, dates, reminders, venues and notes;
  • payment data: Stripe customer, session, subscription, status, amount and invoice identifiers, without storing card numbers;
  • technical data: IP address, browser, device, application logs, security events and performance metrics.
III

Diets and allergies

Dietary and allergy details may constitute health data.

When the RSVP module or guest list collects dietary preferences, allergies or similar details, this information may constitute sensitive data under GDPR when it reveals a health condition.

This data should only be entered when necessary for organizing the meal or for guest safety. When a guest enters it in the RSVP form, processing is based on their explicit consent. The organizer may disable this field when not needed for the event.

IV

Why we use data

Each processing purpose serves the product, security or our obligations.

Data is used to:

  • create and secure your account;
  • save and synchronize your weddings and planning modules;
  • display RSVP pages and record guest responses;
  • apply plan limits and manage payments via Stripe;
  • generate exports or documents requested by you;
  • prevent abuse, verify public forms with Cloudflare Turnstile and resolve incidents;
  • measure product usage and diagnose errors with PostHog, where required consent has been given.
VI

Storage and providers

Application data is stored in Supabase; specialized services may intervene.

Main application data is stored in Supabase: accounts, weddings, guest lists, plans, RSVP, budget, menus, music, deadlines and billing entitlements.

  • Supabase: authentication, PostgreSQL database, functions and access controls;
  • Stripe: payment, customer, subscription, billing and management portal;
  • PostHog: product usage measurement, product identification and error tracking;
  • Cloudflare Turnstile: anti-spam verification on public RSVP forms;
  • Vercel or equivalent infrastructure: application hosting and server route execution.

We do not sell your personal data or that of your guests.

VII

Cookies and local storage

Some cookies are necessary; analytics cookies are subject to consent where required.

Vowlora uses cookies and local storage to maintain the session, retain some preferences and, with your consent where required, measure product usage.

Name or familyPurposeTypeIndicative duration
sb-*Supabase session and authenticationEssentialSession-based
vowlora_remembered_emailRemember email on the login page if requestedPreferenceUp to 1 year
wedding-sidebar-openRetain the open or closed state of the sidebarPreferenceUp to 1 year
wedding-last-selected-eventRetrieve the last opened weddingPreferenceUp to 1 year
ph_* / posthogProduct usage measurement and diagnostics via PostHogAnalytics subject to consentVariable depending on configuration
cf-turnstileAnti-spam verification for public RSVP formsSecurityAccording to Cloudflare
wedding-editor:*Local interface preferences, such as layout suggestionsLocal storageUntil browser deletion
VIII

Guest data

Guests do not necessarily create an account, but their responses may be stored.

When you add guests or publish an RSVP page, their information is processed to organize the event: invitation search, attendance, plus-ones, menus, diets, transport, accommodation, music and messages.

You commit to informing your guests about the use of their data in Vowlora and not to entering excessive or irrelevant information about the event.

IX

Data sharing

Data is only shared to provide the service or when you decide so.

Your data may be transmitted to the technical providers listed above, strictly to provide the service. It may also be visible to people with whom you share an RSVP link, an export or a document.

We may share certain data with authorities if required by law or to protect the service against misuse.

X

International transfers

Some providers may process data outside the European Economic Area.

The providers used by Vowlora may host or process certain data within or outside the European Economic Area, including for hosting, authentication, payment, security, anti-spam, usage measurement or technical support.

When personal data is transferred outside the European Economic Area, Vowlora relies on the safeguards provided by GDPR, such as an adequacy decision, standard contractual clauses or appropriate supplementary measures depending on the provider concerned.

XI

Retention periods

We retain data as long as necessary for your account, your wedding and our obligations.

CategoryRetention period
User accountUntil account deletion
Wedding data, guests, RSVP, budget, menus, music and deadlinesUntil deletion of the relevant event or account
Technical backupsUp to 30 days after deletion
Technical and security logsUp to 6 months
Usage metrics and PostHog eventsUp to 13 months maximum
Billing data, payments and accountingUp to 10 years where required by accounting or tax obligations
GDPR rights requests and support exchangesUp to 3 years after closure of the request

You can request deletion of your account or certain data at vowlora@gmail.com. Some data may be retained longer only where required by law or where necessary for the establishment, exercise or defense of rights.

XII

Account deletion

Account deletion removes associated events, with some mandatory retention.

When your account is deleted, associated wedding events and the application data attached to them are deleted from Vowlora. Active Stripe subscriptions linked to the account are cancelled.

Some data may be retained for the periods indicated above where necessary for accounting or tax obligations, security, technical backups, proof of a request or defense of rights. Technical backups are purged within a maximum of 30 days.

XIII

Security

Restricted access, Supabase RLS, RSVP codes and anti-spam protect the data.

The service uses Supabase authentication, per-user access policies, codes for RSVP pages, server-side controls and Turnstile anti-spam verification to limit unauthorized access.

No system is perfectly secure. In the event of an incident likely to pose a risk to your rights, we will take appropriate measures and inform you where required by law.

14

Your rights

Access, rectification, deletion, objection: you remain in control.

Under GDPR and applicable privacy law, you may request access, rectification, erasure, restriction, objection or portability of your personal data.

To exercise your rights, write to vowlora@gmail.com. You may also lodge a complaint with your local supervisory authority if you believe your rights are not being respected.

Vowlora responds to rights requests within one month of receipt. This deadline may be extended by two months for complex or multiple requests. Proof of identity may be requested where necessary to protect your data.

15

Minors

Vowlora is intended for adult organizers; children may appear as guests.

The service is not intended to be used by minors as account holders. Children may appear in a guest list or an RSVP response when necessary to organize the wedding.

16

Policy updates

The policy is updated when the service or providers change.

This policy may be updated to reflect changes to Vowlora, the services used or legal obligations. The update date is shown at the top of the page.

17

Contact

Questions about your data? Write to us directly.

For any question about this policy or your data, contact Vowlora at vowlora@gmail.com.

With care

Both documents move forward together.

Read the terms of use