Skip to main content

Privacy Policy

Last updated: April 8, 2026

1. Data controller

The data controller is Vanille Digital Ltd., whose registered office is located at 49 Avenue Digpol, Morcellement Dookhun, Quatre Bornes, Mauritius.

Data Protection Officer (DPO): dpo@nuptia-app.com

2. Data collected

We collect the following categories of data:

  • Account data: email address, first name, last name (via registration or Google OAuth).
  • Wedding data: date, venue, names of the couple, planning preferences.
  • Guest data: names, contact details, RSVP responses, dietary preferences.
  • Vendor data: contacts, notes, shared documents, interaction history.
  • AI interactions: questions asked to the assistant, generated suggestions, conversation context.
  • Analytics data: pages visited, session duration, interactions (via Microsoft Clarity, only with your consent).

3. Purposes and legal basis

Your data is processed for the following purposes:

  • Contract performance: providing the wedding planning service, managing your account and wedding data.
  • Consent: sending marketing communications, using analytics cookies (Clarity), AI assistant processing.
  • Legitimate interest: service improvement, fraud detection, platform security.

4. Data retention

  • Active account data: retained for the duration of service use.
  • After archiving: data retained for 30 days before automatic deletion.
  • After deletion request: data deleted within 7 business days.
  • Analytics data: retained for a maximum of 13 months.

5. Sub-processors

We use the following sub-processors to operate the service:

  • Vercel Inc. (United States): application hosting.
  • Supabase Inc. (United States): database, authentication, and file storage.
  • Anthropic (United States): AI assistant (Claude).
  • Resend Inc. (United States): transactional emails.
  • Sentry Inc. (United States): monitoring and error detection.
  • Microsoft Corporation (United States): session analytics (Clarity).
  • Lemon Squeezy LLC (United States): payment processing (Merchant of Record).

Our currently active US-based sub-processors are subject to Standard Contractual Clauses (SCCs) in accordance with the GDPR to govern data transfers outside the European Union. Any new sub-processor is covered by a compliant Data Processing Agreement (DPA) before activation.

6. Your rights

Under the GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to data portability: receive your data in a structured, readable format.
  • Right to erasure: request the deletion of your data.
  • Right to restriction: restrict processing in certain cases.
  • Right to object: object to processing based on legitimate interest.

To exercise your rights, contact our DPO at dpo@nuptia-app.com. We will respond within 30 days.

You also have the right to file a complaint with the CNIL (www.cnil.fr) or your local data protection authority.

7. Cookies and trackers

Nuptia uses the following cookies:

  • Necessary cookies (Supabase authentication): essential for service operation, set without consent (legal basis: contract performance).
  • Analytics cookies (Microsoft Clarity): set only after your explicit consent. You can change your choice at any time.

You can manage your cookie preferences via the consent banner displayed on your first visit.

8. International transfers

Some of our sub-processors are located in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

9. Contact

For any questions regarding the protection of your data, contact our DPO at dpo@nuptia-app.com.