Data Privacy Statement

1. Who is responsible for your data?

The data controller is the organization or individual host that creates an event using RSVPFlow. RSVPFlow provides the underlying software as a service platform and acts as a processor for host-controlled data in most cases.

2. Information we collect

The information collected depends on whether you are a host creating events or a guest responding to an invite.

2.1 Hosts

• Name and contact details (such as email address).
• Account details such as password (securely managed by our authentication provider and never stored in plain text).
• Event information you enter, including event titles, descriptions, venues, dates, themes, hero images, and configuration settings.
• Guest list information you upload or enter, such as guest names, groups, and contact details.

2.2 Guests

• Name and, where provided, group or household details.
• Contact details such as email address or phone number (if requested by the host).
• RSVP responses (Yes / No / Maybe), headcounts (adults and kids), and any notes you choose to share with the host.
• Basic technical information like browser type and IP address, used for security and fraud prevention.

3. How we use your information

We use the information described above to:

• Provide and maintain the RSVPFlow platform.
• Allow hosts to create events, send invitations, and track responses in real time.
• Show guests an RSVP page that is personalized to their event and any extra questions the host has configured.
• Send transactional emails or messages such as account notices, RSVP confirmations, or reminders (where enabled).
• Improve the product, analyse usage patterns, and keep the service secure.

4. Legal bases for processing

Where applicable privacy law (such as the GDPR) requires a legal basis, we rely on one or more of the following:

• Performance of a contract (for example, your host plan).
• Legitimate interests (such as keeping the platform secure and functional).
• Consent, where a host chooses to collect optional information from guests.

5. How we share information

We do not sell your personal information. We may share information with:

• Service providers who help us run RSVPFlow (for example, hosting providers, analytics, or email delivery services) under appropriate data protection agreements.
• Hosts, who can see the guest information that they or their guests have entered for their event.
• Authorities or third parties when required by law or to protect the rights, property, or safety of RSVPFlow, our users, or others.

6. Data retention

We retain event and RSVP data for as long as necessary to provide the service to hosts and guests, or as required by law. Hosts may request that we remove specific events or guest records, and we may also apply automatic cleanup of inactive data in line with our internal policies.

7. Security

We use industry-standard security measures to protect your information, including encryption in transit, access controls, and secure authentication for hosts. However, no online service can guarantee absolute security, so we encourage hosts to use strong passwords and keep their login details private.

8. Your rights and choices

Depending on your location, you may have rights to:

• Access the personal data we hold about you.
• Request corrections of inaccurate information.
• Request deletion of certain data, subject to legal limits.
• Object to or restrict certain types of processing, or withdraw consent where processing is based on consent.

If you are a guest, please contact the host who invited you in the first instance. You can also contact RSVPFlow using the details below and we will help route your request.

9. International data transfers

RSVPFlow may store and process data on servers located in different countries. Where we transfer personal data across borders, we use appropriate safeguards, such as standard contractual clauses, to protect your information.

10. Changes to this statement

We may update this Data Privacy Statement from time to time. If we make material changes, we will highlight them within the app or via email where appropriate. Your continued use of RSVPFlow after changes take effect means you accept the updated terms.

11. Contact

If you have questions about this statement or how we handle your data, please contact us using the support details provided in the app or on our website.