Joyfully Invited

Legal

Privacy Policy

Last updated: March 2026

Note: This privacy policy is currently under legal review and may be updated before launch.

1. Data Controller

Joyfully Invited, registered in Belgium, is the data controller for personal data processed through our platform. For questions about data processing, contact us at hello@joyfullyinvited.eu.

2. Data We Collect

From Creators (account holders)

  • Name and email address (via Clerk authentication)
  • Payment information (processed by Stripe, not stored by us)
  • Event details you provide (names, dates, locations, text)

From Guests (invitation recipients)

  • Name (pre-filled by the creator or entered during RSVP)
  • RSVP response and preferences (dietary, plus-ones)
  • Photos and messages submitted to event galleries and message walls

Automatically collected

  • Basic analytics (page views, device type) via server-side logging
  • IP addresses for security and abuse prevention

3. Legal Basis for Processing

  • Contract: Processing necessary to deliver the invitation service you purchased
  • Legitimate interest: Analytics, fraud prevention, and service improvement
  • Consent: Optional features like photo uploads and message walls

4. Data Processors

We share data with the following third-party processors:

  • Clerk — Authentication and user management
  • Stripe — Payment processing
  • Railway — Application hosting and database
  • Resend — Transactional email delivery
  • Cloudflare — CDN and DNS services
  • Inngest — Background job processing

5. Data Retention

  • Creator accounts: Retained while the account is active, deleted upon request
  • Guest data: Retained for 12 months after the event date, then automatically deleted
  • Payment records: Retained for 7 years as required by Belgian tax law
  • Contact form submissions: Retained for 6 months

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Our authentication provider (Clerk) sets cookies necessary for secure sign-in.

7. Your Rights (GDPR)

As a data subject in the EU, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your personal data
  • Portability — Request your data in a machine-readable format
  • Restriction — Request limitation of processing
  • Objection — Object to processing based on legitimate interest

To exercise any of these rights, email us at hello@joyfullyinvited.eu. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure database hosting, and access controls.

9. International Transfers

Some of our processors may transfer data outside the EEA. In such cases, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email.

11. Supervisory Authority

You have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) if you believe your data rights have been violated.