Privacy Policy

Last Updated: December 9, 2024

1. Introduction

Sitenest Ltd ("we," "our," or "us"), operating as wedsite.ai, is committed to the protection of our users' privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wedding planning and website creation service.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

  • Basic user information (name, email address, phone number)
  • Wedding-specific information (wedding date, location, planning details)
  • Partner information (name, title)
  • Guest information (email addresses, phone numbers, dietary requirements, family relations)

2.2 Automated Data Collection

We automatically collect:

  • Usage data to improve our services and for debugging purposes
  • Analytics data through Posthog
  • Marketing-related data through Google and Facebook tracking (when enabled)

2.3 Cookies and Similar Tracking Mechanisms

We use cookies and similar tracking mechanisms to track activity on our service and maintain certain information. Our tracking implementations include:

  • Posthog analytics

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract Performance: Processing necessary for the performance of our contract with you to provide wedding planning services.
  • Legitimate Business Interests: Processing necessary for our legitimate business interests, such as improving our services and preventing fraud.
  • Legal Obligations: Processing necessary to comply with our legal obligations under UK and EU law.
  • Consent: Processing based on your specific consent, such as for marketing communications.

4. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our service
  • To enable core wedding planning features
  • To send invitations and communications to wedding guests
  • To analyse usage patterns and improve our service
  • To prioritise features and develop new products
  • For marketing purposes
  • To communicate with you about service updates and changes

5. Data Sharing and Third Parties

5.1 Third-Party Service Providers

We use the following third-party services:

  • Posthog for analytics
  • Clerk for authentication

5.2 Sub-processors and Vendor Management

We maintain a list of approved sub-processors and vendors who may process your data. We ensure that:

  • All vendors comply with GDPR requirements
  • Data Processing Agreements are in place with each vendor
  • Regular audits of vendor compliance are conducted
  • Users are informed of significant changes to our vendor list

5.3 International Transfers of Data

As a UK-based company with servers located in Germany, we transfer personal data between the UK and the European Union. These transfers are governed by the UK GDPR and EU GDPR frameworks. The European Commission has determined that the UK provides an adequate level of data protection, allowing for the free flow of personal data from the EU/EEA to the UK.

We ensure that international data transfers are carried out:

  • In accordance with applicable data protection laws
  • With appropriate safeguards in place
  • Within the framework of the UK-EU adequacy decision
  • Using standard contractual clauses where required

6. Technical Security Measures

We implement comprehensive security measures including:

  • End-to-end encryption for sensitive communications
  • Regular penetration testing and vulnerability assessments
  • Two-factor authentication for administrative access
  • Real-time security monitoring and alerting
  • Automated backup systems with encryption
  • Regular security training for all staff members
  • Access logging and audit trails
  • Network segregation and firewalls
  • Encryption of data in transit and at rest
  • Regular security assessments
  • Secure data backups
  • Staff training on data protection
  • Incident handling procedures

7. Data Protection Impact Assessment

We conduct regular Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

  • Processing of guest information for wedding invitations
  • Integration with third-party services
  • Implementation of new technologies or features
  • Changes to our data processing activities

8. Data Minimisation and Retention

We follow strict data minimisation principles:

  • We only collect data that is necessary for specific purposes
  • Data is automatically deleted after the wedding date plus 6 months, unless otherwise requested
  • Inactive accounts are reviewed and deleted after 12 months
  • Backup data is kept for up to 30 days
  • Analytics data is anonymised after 90 days

9. Incident Handling and Breach Notification

In the event of a personal data breach, we will:

  • Inform the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay if the breach is likely to result in high risk
  • Document all breaches, including facts, effects, and remedial actions taken
  • Implement measures to prevent future incidents

10. Special Categories of Data

We may process special categories of data (such as dietary requirements or accessibility needs) only with explicit consent and solely for the purpose of ensuring appropriate accommodation at wedding events. This data is:

  • Stored separately from other personal data
  • Accessible only to authorised personnel
  • Deleted immediately after the wedding event
  • Never used for marketing or analytics purposes

11. User Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access your personal data
  • Right to rectification of inaccurate personal data
  • Right to have your personal data erased
  • Right to restrict processing of your personal data
  • Right to data portability
  • Right to object to processing of your personal data
  • Right to withdraw consent

To exercise any of these rights, please contact us at [email protected]

12. Children's Privacy

We do not knowingly collect or solicit information from anyone under the age of 18. If you are under the age of 18, please do not use our service or provide any personal information.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will inform you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

14. Contact Information

If you have any questions about this Privacy Policy, please contact us at:

15. Additional Rights and Information

For UK residents, you have the right to make a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with the law.