GDPR Compliance
How Invitezy complies with the General Data Protection Regulation for users in the European Economic Area, United Kingdom, and Switzerland.
This page supplements our Privacy Policy. Where this page and the Privacy Policy overlap, this page provides additional detail for users protected by the GDPR.
Who We Are (Data Controller)
For the purposes of the GDPR, the data controller of your personal data is Invitezy. If you have any questions about how we handle your personal data, contact us at invitezy.official@gmail.com.
What Personal Data We Process
Identity & Contact Data: Name, email address, phone number
Account Data: Login credentials, account preferences, subscription details
Event & Invitation Data: Content you add to invitations — names, photos, dates, venues, personal messages
Guest Data: Names and contact details of guests you add for invitations or RSVP management
Payment Data: Transaction records (full payment details are processed by our payment providers, not stored by us)
Technical Data: IP address, browser type, device information, and usage data collected via cookies
Legal Bases for Processing
Under Article 6 of the GDPR, we only process your personal data when we have a valid legal basis:
Performance of a Contract
Processing necessary to provide our Services — creating your account, hosting invitations, managing RSVPs, and processing payments.
Consent
For optional activities such as marketing emails and non-essential cookies. Withdraw at any time without affecting prior lawful processing.
Legitimate Interests
For improving our Services, preventing fraud, and ensuring security — where not overridden by your rights and freedoms.
Legal Obligation
Where we must process data to comply with applicable laws, such as tax and accounting requirements.
Your Rights Under the GDPR
If you are located in the EEA, UK, or Switzerland, you have the following rights:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
Right to Restriction
Request that we limit how we use your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format and have it transmitted to another controller.
Right to Object
Object to processing based on legitimate interests, or to direct marketing at any time.
Withdraw Consent
Withdraw any consent you have given, at any time, without affecting prior lawful processing.
Automated Decisions
We do not use your data for automated decision-making or profiling with legal or significant effects.
How to Exercise Your Rights
Email us at privacy@invitezy.com with the subject line "GDPR Request." We will respond within one month, as required. We may need to verify your identity before fulfilling your request. Exercising your rights is free of charge, except where requests are manifestly unfounded or excessive.
Guest Data & Your Responsibilities as a Host
When you add guest information (names, contact details) to manage invitations or RSVPs, you act as the data controller for that guest data, and Invitezy acts as your data processor. We process guest data only on your instructions and solely to provide the Services.
As the host, you are responsible for ensuring you have a lawful basis (such as the guest's consent or your legitimate interest in inviting them) to share their information with us.
International Data Transfers
Invitezy operates globally, and your personal data may be transferred to and processed in countries outside the EEA, including India and other jurisdictions where our hosting and service providers operate.
Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, transfers to countries with an adequacy decision, and additional technical measures such as encryption in transit and at rest.
You may request more information about the safeguards applied by contacting us.
Data Retention
We retain personal data only for as long as necessary for the purposes it was collected:
Account data: Retained while your account is active, deleted within 30–90 days of account deletion
Invitation pages: Retained until you delete them or your account is closed
Payment & transaction records: Retained as required by tax and accounting laws (typically up to 7 years)
Marketing data: Retained until you withdraw consent or unsubscribe
When data is no longer needed, we securely delete or anonymize it.
Data Processors & Sub-Processors
We use carefully selected third-party service providers to deliver our Services, including providers for cloud hosting and infrastructure, payment processing, email delivery, and analytics. Each processor is bound by a data processing agreement (DPA) requiring them to protect your data and process it only on our instructions. A current list of sub-processors is available upon request at invitezy.official@gmail.com.
Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
Encryption of data in transit (HTTPS / TLS)
Encrypted storage of sensitive data
Access controls and authentication for our systems
Regular security reviews of our infrastructure
Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.
Cookies & Consent
Non-essential cookies (such as analytics and marketing cookies) are only set with your consent, which you can give or withdraw through our cookie banner or settings. Essential cookies required for the operation of the Services are set on the basis of legitimate interest. See our Privacy Policy for full details on the cookies we use.
Changes to This Page
We may update this GDPR Compliance page from time to time to reflect changes in our practices or legal requirements. We will update the "Last Updated" date and, for material changes, notify you by email or in-app notice.
Complaints
If you believe we have not handled your personal data in accordance with the GDPR, please contact us first at privacy@invitezy.com so we can try to resolve your concern.
You also have the right to lodge a complaint with your local supervisory authority in the EEA member state where you live, work, or where the alleged infringement occurred.
A list of EU data protection authorities is available at the European Data Protection Board.
Questions about your GDPR rights?
We're here to help. Reach out to our privacy team and we'll respond within one month as required by law.
This GDPR Compliance page is effective as of June 2025.