Not Just A Wedding

Privacy Policy

Last updated: 31 March 2026

We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights under UK GDPR.

1. Who We Are

Not Just A Wedding is operated as a sole trader business based in the United Kingdom. We provide an online wedding planning platform accessible at notjustawedding.uk and notjustawedding.netlify.app.

Data Controller: Not Just A Wedding
Contact: hello@notjustawedding.uk

We are registered with the Information Commissioner's Office (ICO) as required under UK data protection law.

2. What Data We Collect

Account Information

Email address (when you create an account)
Password (stored securely — we never see your actual password)

Wedding Planning Data

Names of the couple and wedding date
Guest list names, email addresses and preferences
Budget information and expense tracking
Vendor notes and saved preferences
Seating arrangements and timeline data

Payment Information

We do NOT store your card details — ever
Payments are processed entirely by Stripe, who are PCI DSS Level 1 certified
We only receive a confirmation that payment was successful, your plan level and your email address

Technical Data

Browser type and device information (collected automatically)
Pages visited and features used (anonymous analytics only)

3. How We Use Your Data

To provide the service — saving your wedding plans, preferences and progress
To manage your account — authentication, password resets and account security
To process payments — verifying your purchase and unlocking premium features
To improve the service — understanding which features are most used (anonymously)
To communicate with you — sending confirmation emails and important service updates

We do not sell your data to third parties. We do not use your data for advertising. We do not share your personal wedding details with anyone.

4. Third Party Services

We use the following trusted third-party services to operate the platform:

Supabase (Database & Authentication)

Your account data and wedding plans are stored securely on Supabase servers. Supabase is SOC 2 compliant and stores data in EU data centres. Supabase Privacy Policy →

Stripe (Payment Processing)

All payments are handled by Stripe. We never see or store your card details. Stripe is PCI DSS Level 1 certified — the highest level of payment security certification available. Stripe Privacy Policy →

Anthropic (AI Assistant)

When you use the AI Wedding Assistant, your questions are sent to Anthropic's API to generate responses. Your questions are processed to provide answers but are not used to train Anthropic's models. Anthropic Privacy Policy →

Netlify (Website Hosting)

Our website is hosted on Netlify's infrastructure based in the United States. Netlify is Privacy Shield certified. Netlify Privacy Policy →

5. Data Storage & Security

All data is encrypted in transit using HTTPS/TLS
Passwords are hashed using bcrypt — we cannot read your password
Database access is protected by Row Level Security — you can only access your own data
Payment data never touches our servers — Stripe handles all card processing
We use secure, industry-standard authentication tokens

💳 Your payment is 100% secure. Card details are entered directly on Stripe's servers and never pass through our systems. We are PCI compliant by design.

6. How Long We Keep Your Data

Account data — kept for as long as your account is active
Wedding planning data — kept until you delete it or close your account
Payment records — kept for 7 years as required by UK tax law
Technical logs — automatically deleted after 30 days

When you delete your account, all your personal data and wedding plans are permanently deleted within 30 days.

7. Your Rights Under UK GDPR

As a UK resident you have the following rights regarding your personal data:

Right of Access — request a copy of all data we hold about you
Right to Rectification — ask us to correct inaccurate data
Right to Erasure — ask us to delete your account and all associated data
Right to Portability — request your data in a machine-readable format
Right to Object — object to us processing your data
Right to Restrict Processing — ask us to limit how we use your data

To exercise any of these rights, email us at hello@notjustawedding.uk. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies & Local Storage

We use browser localStorage and sessionStorage (similar to cookies) to save your wedding planning data on your device and remember your preferences. These are:

Essential — required for the app to function (storing your wedding details locally)
Functional — remembering your UK/US preference and sign-in session

We do not use advertising cookies or third-party tracking cookies. See our Cookie Policy for full details.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are significant, notify you by email.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: hello@notjustawedding.uk
Website: notjustawedding.uk