Privacy
Last updated: May 2026
What we collect
When you create an account we store your email and the display name you give us. When you create an event we store the title, date, venue, and any notes you write. When a guest RSVPs we store their name, RSVP choice, and any optional details they share (email, dietary needs, plus-ones).
What we don't do
We don’t sell or share guest data. We don’t send guests marketing emails. We don’t index event pages in search engines — every event page returns noindex.
How long we keep it
Event data is kept for the duration of your hosting tier (1 year for Party / Celebration, 2 years for Grand, permanent for Enterprise). At the end of your hosting period we email you a zip archive of your data before archiving the event.
Account-level data is kept while your account is active. If you delete your account we purge all associated data within 30 days.
Your rights (UK GDPR)
You can ask us at any time to: export your data, correct your data, delete your account, or be told what data we hold about you. Email hello@onvite.co.
Photo moderation
Photos that guests upload to your event’s memory gallery are run through an automated content-safety check (Sightengine) before they appear publicly. Clearly safe photos are published instantly. Photos that the check flags as questionable are held and shown to you, the host, in a review queue on your dashboard, where you can approve or delete them. Anything matching strict categories (sexual content involving minors, extreme violence, and similar) is rejected on upload and never made available to you or anyone else; in serious cases we may be required to report it to the authorities.
Photos that you (or buyers customising an Etsy template) upload onto your own design are not actively scanned at upload time, but we do scan our photo database periodically and remove any content matching those strict categories.
Cookies + third parties
We use a single session cookie to keep you signed in. Our hosting, database, email, and content-safety check are run by Vercel, Supabase, Resend, and Sightengine — their privacy policies apply to data we send them.