Welcome to Bella Wedding AI ("we," "us," "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.
By using our platform, you agree to the collection and use of information in accordance with this Privacy Policy. This policy should be read together with our Terms of Service.
Table of Contents
1. Information We Collect
Information You Provide to Us
- Account Information: Name, email address, password, wedding date, partner information
- Profile Information: Wedding details, venue location, budget, style preferences, photos
- Payment Information: Credit card details, billing address (processed securely through Stripe)
- Communication Data: Messages to vendors, chat history with AI assistant, support requests
- User-Generated Content: Photos, videos, documents, notes, checklists, seating charts
Information Collected Automatically
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages viewed, features used, time spent, click patterns, search queries
- Location Data: Approximate location based on IP address (not precise GPS)
- Cookies & Tracking: See our Cookie Policy
Information from Third Parties
- Vendors: Information shared by vendors you connect with (availability, pricing, responses)
- Payment Processors: Transaction confirmation from Stripe (we don't store full card numbers)
- Analytics Providers: Aggregated usage statistics from Google Analytics, Mixpanel
2. How We Use Your Information
We use your information for the following purposes:
To Provide Our Services
- Create and manage your wedding planning account
- Generate AI-powered recommendations and suggestions
- Connect you with vendors in our directory
- Process payments and manage subscriptions
- Provide customer support
To Improve Our Platform
- Analyze usage patterns to enhance features
- Train and improve our AI models (using anonymized data)
- Fix bugs and technical issues
- Conduct research and development
To Communicate with You
- Send transactional emails (account confirmations, password resets, payment receipts)
- Notify you of vendor responses and booking updates
- Send marketing emails (only if you opted in, you can unsubscribe anytime)
- Respond to your inquiries and support requests
For Legal and Security Purposes
- Comply with legal obligations and law enforcement requests
- Enforce our Terms of Service and other policies
- Detect and prevent fraud, abuse, and security incidents
- Protect the rights and safety of our users and the public
3. How We Share Your Information
WE DO NOT SELL YOUR PERSONAL DATA
We have never sold user data and we never will. Your privacy is not for sale.
We may share your information in the following limited circumstances:
With Vendors You Contact
When you send an inquiry to a vendor, we share your name, contact information, wedding date, venue location, and your message with that specific vendor. This is necessary to facilitate the connection you requested.
With Service Providers
We use trusted third-party service providers to help us operate our platform:
- Stripe: Payment processing (PCI-DSS compliant)
- Supabase: Database and authentication services
- OpenAI: AI assistant functionality (data sent for processing, not training)
- Resend: Transactional email delivery
- Google Analytics / Mixpanel: Anonymized usage analytics
- Cloudflare / AWS: Hosting and content delivery
These providers are contractually obligated to protect your data and only use it for the services they provide to us.
For Legal Reasons
We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Enforce our Terms of Service
Business Transfers
If we are acquired, merge with another company, or sell our assets, your information may be transferred to the new owner. We will notify you via email or prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.
Aggregated / Anonymized Data
We may share aggregated, anonymized data that cannot identify you personally (e.g., "80% of users prefer outdoor venues") for research, marketing, or partnership purposes.
4. Your Privacy Rights
Depending on your location, you have various rights regarding your personal information:
California Residents (CCPA/CPRA Rights)
If you are a California resident, you have the right to:
- Know: Request a copy of the personal information we collected about you in the past 12 months
- Delete: Request deletion of your personal information (subject to legal exceptions)
- Correct: Request correction of inaccurate personal information
- Opt-Out: Opt out of the sale/sharing of personal data (we don't sell data, but you have this right)
- Limit: Limit the use of your sensitive personal information
- Non-Discrimination: You will not receive discriminatory treatment for exercising your rights
To exercise these rights, email us at privacy@bellaweddingai.com with subject line "CCPA Request". We will respond within 45 days.
EU Residents (GDPR Rights)
If you are in the European Union, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure ("Right to be Forgotten"): Request deletion of your data
- Restriction: Request limitation of processing in certain circumstances
- Data Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interests or for direct marketing
- Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
- Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights, email us at privacy@bellaweddingai.com with subject line "GDPR Request". We will respond within 30 days.
All Users
Regardless of location, you can always:
- Update Account Information: Edit your profile, wedding details, and preferences in your account settings
- Delete Your Account: Permanently delete your account and associated data (some records may be retained for legal compliance)
- Unsubscribe from Marketing: Click "Unsubscribe" in any marketing email or adjust email preferences in settings
- Manage Cookie Preferences: Adjust cookie settings in your browser (see our Cookie Policy)
5. Data Retention
We retain your personal information only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law. See our Data Retention & Deletion Policy for detailed timelines.
General Retention Periods:
- Active Accounts: Retained while account is active and for 3 years after last login
- Deleted Accounts: Most data deleted within 30 days; some retained for legal compliance
- Payment Records: Retained for 7 years (tax and accounting requirements)
- Consent Logs: Retained indefinitely (legal compliance proof)
- Support Tickets: Retained for 3 years
6. Data Security
We implement industry-standard security measures to protect your personal information:
Technical Safeguards
- SSL/TLS encryption for data in transit
- AES-256 encryption for data at rest
- Secure password hashing (bcrypt)
- Regular security audits and penetration testing
Organizational Safeguards
- Access controls and role-based permissions
- Employee training on data protection
- Incident response and breach notification procedures
- Vendor security assessments
Important Security Disclaimer: While we implement commercially reasonable safeguards to protect your data, no security system is perfect. We cannot and do not guarantee absolute security. You acknowledge and agree that:
- The internet is not a 100% secure environment
- You assume all risks associated with online data transmission
- We are not liable for unauthorized access resulting from circumstances beyond our reasonable control
- Third-party service providers (Supabase, Vercel, etc.) maintain their own security measures
Please use a strong, unique password and enable two-factor authentication (when available) to enhance your account security.
Data Breach Response Procedure
In the event of a security incident or data breach, we will use commercially reasonable efforts to:
- Detect and confirm the incident
- Contain and secure affected systems
- Evaluate the scope and nature of affected data
- Notify affected users within a reasonable time frame as required by applicable law
- Provide recommended protective actions (e.g., password reset, credit monitoring)
- Document remediation steps and implement additional safeguards
Note: Our liability for data breaches does not include consequential, indirect, or punitive damages. See our Terms of Service for full limitation of liability provisions.
7. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to improve your experience on our platform. For detailed information about what cookies we use and how to manage them, please see our Cookie Policy.
Types of Cookies We Use:
- Essential Cookies: Required for login, security, and core functionality (cannot be disabled)
- Analytics Cookies: Help us understand how users interact with our platform (Google Analytics, Mixpanel)
- Functional Cookies: Remember your preferences and settings
- Advertising Cookies: (If applicable) Track ad performance and retargeting
8. Children's Privacy
Our Service is NOT Intended for Children Under 18
Bella Wedding AI is designed for adults planning weddings. We do not knowingly collect personal information from anyone under 18 years of age. By using our platform, you represent that you are at least 18 years old.
If we learn that we have collected personal information from a child under 18, we will delete that information immediately. If you believe we may have information from a child under 18, please contact us at privacy@bellaweddingai.com.
9. International Data Transfers
Bella Wedding AI is based in the United States. If you are accessing our platform from outside the U.S., your information will be transferred to, stored, and processed in the United States.
For EU Users:
The U.S. may not have the same data protection laws as your country. However, we take steps to ensure your data is protected through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all service providers
- Compliance with GDPR requirements for international transfers
By using our platform, you consent to the transfer of your information to the United States and other countries where our service providers operate.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
How We Notify You of Changes:
- Material Changes: We will email you at least 30 days before changes take effect and may require you to re-consent to the updated policy
- Minor Changes: We will update the "Effective Date" at the top of this page and post a notice on our platform
Your continued use of the platform after changes take effect means you accept the updated Privacy Policy. If you do not agree, you must stop using the platform and delete your account.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Bella Wedding AI - Privacy Team
Email: privacy@bellaweddingai.com
Support Email: support@bellaweddingai.com
Mailing Address:
Bella Wedding AI
Attn: Privacy Officer
[Your Business Address]
[City, State, ZIP]
Response Time: We will respond to privacy requests within 30 days (45 days for California residents). For urgent security concerns, please include "URGENT" in your subject line.
Severability
If any provision of this Privacy Policy is found to be unlawful, void, or unenforceable, that provision shall be severed from this policy and shall not affect the validity and enforceability of the remaining provisions. This Privacy Policy is part of and incorporated into our Terms of Service.