✦ Legal

Privacy Policy

Last updated: June 2026 · Effective date: June 2026

The short version: We collect only what we need to run Vow. We never sell your data, share it with vendors, or use it to advertise to you. Your wedding plans are yours — always.

1. Who we are

Vow (“Vow”, “we”, “us”, “our”) is a wedding planning application operated by Iron Raven Design Studio Ltd (in the process of incorporation under the laws of England and Wales). Our service is accessible at vowplanner.uk.

For any privacy-related queries, contact us at hello@vowplanner.uk.

2. What data we collect

Account data

Your name and email address when you register
Your password (stored as a secure hash — we never see the plaintext)
Your beta access code, if applicable

Wedding planning data

Wedding details you enter — date, venue, names, guest count, budget
Guest list information including names, contact details, dietary requirements, and RSVP responses
Vendor details, payments, and contract notes
Checklist tasks, timeline events, and seating arrangements
Mood board images you upload
AI-generated content you create using the writing suite
Wedding website content including stories, photos, and guest messages

Technical data

Authentication tokens and session data (required to keep you logged in)
Basic server logs including IP address and browser type (retained for up to 30 days)

What we do NOT collect

We do not use advertising cookies or tracking pixels
We do not use Google Analytics or any third-party analytics service
We do not collect payment card details directly — payments are handled by our payment processor

3. How we use your data

We use your data solely to provide and improve the Vow service:

To create and manage your account
To store and display your wedding planning data across devices
To send transactional emails — access codes, confirmations, and service notifications
To respond to support requests you send us
To improve Vow based on aggregated, anonymised usage patterns

We will never use your data to send unsolicited marketing from third parties, sell access to your data to vendors or suppliers, or make automated decisions that significantly affect you.

4. Legal basis for processing (UK GDPR)

Contract performance — processing necessary to provide the service you have signed up for
Legitimate interests — service security, fraud prevention, and product improvement
Consent — for any optional communications you have opted into

5. Where your data is stored

Your data is stored securely using Supabase, hosted on Amazon Web Services (AWS) infrastructure in the European Union (EU). All data is encrypted at rest and in transit using industry-standard TLS encryption. Supabase is compliant with GDPR and SOC 2 Type II.

Email delivery is handled by Resend, a transactional email provider. Only your email address and the content of the specific email being sent is passed to Resend for delivery purposes.

6. How long we keep your data

Active accounts — we retain your data for as long as your account is active
Deleted accounts — your data is permanently deleted within 30 days of account deletion
Server logs — retained for up to 30 days for security purposes, then deleted
Backups — encrypted backups are retained for up to 90 days

7. Sharing your data

We do not sell, rent, or share your personal data with third parties for marketing purposes. We only share data in the following limited circumstances:

Service providers — Supabase (data storage) and Resend (email delivery), both bound by data processing agreements
Legal obligations — if required by law, court order, or to protect the rights and safety of others
Business transfer — if Vow is acquired or merged, your data may transfer to the new entity under the same privacy protections

We will never share your guest list, wedding plans, or any personal details with wedding vendors, advertisers, or any third party for commercial purposes.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access — request a copy of the data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your data (“right to be forgotten”)
Right to portability — request your data in a portable format
Right to restrict processing — request that we limit how we use your data
Right to object — object to processing based on legitimate interests

To exercise any of these rights, email us at hello@vowplanner.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.

9. Cookies

Vow uses only essential cookies necessary to keep you logged in and maintain your session. These are set by Supabase authentication and cannot be disabled without preventing the service from functioning. We do not use advertising, tracking, or analytics cookies.

10. Children's privacy

Vow is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us at hello@vowplanner.uk and we will delete the account promptly.

Note: your guest list may include details of minors (e.g. children attending your wedding). This data is entered by you and remains under your control. We process it solely to provide the service.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the app. The “last updated” date at the top of this page will always reflect the most recent version.

12. Contact

For any questions about this Privacy Policy or how we handle your data, please contact us at hello@vowplanner.uk.