WedBuild Privacy Policy
Last updated: 16 March 2026 Effective date: 16 March 2026
1. Introduction
WedBuild ("we," "us," "our") is operated by WedBuild Pty Ltd, an Australian company. We provide a wedding planning platform accessible at https://app.wedbuild.com and related services (collectively, the "Service").
This Privacy Policy explains how we collect, use, disclose, store and protect your personal information when you use our Service. It applies to all users of WedBuild, including account holders, their partners, guests, and visitors to published wedding websites.
We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy laws.
By using WedBuild, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you create a WedBuild account, we collect:
- Email address
- Password (stored as a cryptographic hash; we never store plaintext passwords)
- Authentication data if you sign in via Google (name and email provided by Google)
2.2 Wedding & Profile Information
When you set up your wedding, we collect:
- Your name and your partner's name
- Wedding date and location (including venue name, address, and geographic coordinates)
- Estimated guest count
- Primary use cases and preferences
- Currency and timezone settings
- Referral source (how you heard about WedBuild)
2.3 Guest Information
When you manage your guest list, you and your guests may provide:
- Guest names, email addresses, phone numbers, and postal addresses
- RSVP status and responses
- Meal preferences and dietary requirements
- Song requests
- Table and seating assignments
- Custom responses to questions you create
- Plus-one details
- Category and group assignments
- Notes you add about individual guests
2.4 Financial & Vendor Information
When you use the budget planner and vendor features, you may provide:
- Budget amounts and expense details
- Vendor names, contact details (email, phone, website), quotes, ratings, and notes
- Invoice details, payment records, and confirmation numbers
- Attachment files (e.g., invoices, contracts)
2.5 Wedding Website Content
When you build a wedding website, we store:
- Text, images, and design choices you create
- Published website content (accessible to anyone with the link)
- Custom domain settings
2.6 Announcements & Email Communications
When you send announcements or email campaigns, we collect:
- Email content, subject lines, and design
- Recipient email addresses, names, and phone numbers
- Delivery, open, and click tracking data
2.7 Checklist & Planning Data
When you use planning tools, we store:
- Task details, due dates, priorities, assignees, and notes
- Comments and activity logs
- File attachments you upload
2.8 Payment Information
When you subscribe to a paid plan, payment is processed by Stripe. We do not directly store your credit card number or full payment details. We store:
- Stripe customer ID and subscription ID
- Subscription tier and expiry date
Stripe's handling of your payment information is governed by the Stripe Privacy Policy.
2.9 Information Collected Automatically
When you use the Service, we automatically collect:
- Device and browser information: browser type, operating system, device type, screen resolution
- Usage data: pages visited, features used, actions taken within the app, timestamps
- IP address
- Referrer URL (the page that linked you to our Service)
- Cookies and local storage data (see Section 7)
2.10 Information from RSVP and Public Pages
When guests interact with your published wedding website, RSVP forms, "Find My Seat" pages, contact details forms, or guest self-entry forms, we collect:
- Names, email addresses, phone numbers, and addresses submitted
- RSVP responses and custom question answers
- Session data including IP address, user agent, referrer, and form progress
- Device type and visitor identifiers for website analytics
2.11 AI Assistant Interactions
When you use our AI assistant features, we collect:
- Messages and questions you send to the assistant
- Wedding context data sent to generate responses (e.g., guest counts, event details, budget data)
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Providing and Operating the Service
- Creating and managing your account
- Delivering wedding planning features (guest management, seating charts, budget planning, checklists, website builder, announcements, email campaigns, RSVP, vendor comparison)
- Processing payments and managing subscriptions
- Sending transactional emails (account confirmations, password resets, RSVP notifications)
- Enabling AI-powered assistance and recommendations
3.2 Improving the Service
- Understanding how users interact with features to improve functionality
- Analysing usage patterns and trends
- Conducting product analytics and research
- Testing new features
3.3 Communication
- Responding to support requests and enquiries
- Sending service updates and important notices
- Sending optional product tips and feature announcements (you can unsubscribe at any time)
3.4 Security and Integrity
- Detecting and preventing fraud, abuse, and security incidents
- Monitoring for errors and performance issues
- Enforcing our Terms of Service
3.5 Legal Compliance
- Complying with applicable laws, regulations, and legal processes
- Responding to lawful requests from authorities
4. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only in the following circumstances:
4.1 Service Providers
We use trusted third-party service providers who process data on our behalf to operate the Service:
| Provider | Purpose | Data Accessed |
|---|---|---|
| Supabase (US) | Database hosting, authentication, file storage | Account data, wedding data, uploaded files |
| Stripe (US) | Payment processing | Email, payment method details, subscription data |
| SendGrid (US) | Email delivery | Recipient email addresses, email content, delivery tracking |
| Sentry (US) | Error monitoring and diagnostics | Error reports, stack traces, performance data |
| PostHog (US) | Product analytics | Usage events, session data, device information |
| Google (US) | Authentication (OAuth), Maps, Fonts | Email (for sign-in), addresses (for maps), font loading |
| OpenAI (US) | AI assistant features | Messages you send, wedding context for responses |
| Railway (US) | Application hosting | All data processed by the application |
Each provider is contractually obligated to protect your data and use it only for the purposes we specify.
4.2 Public Features
When you publish a wedding website or enable public features (RSVP forms, "Find My Seat," guest self-entry), the content you publish becomes accessible to anyone who has the link. This may include:
- Wedding details, event information, and images on your website
- Guest names and seating assignments (via "Find My Seat")
- Website visit statistics
You control what is published and can unpublish at any time. We do not submit your wedding website to search engines, but we cannot guarantee it will not be indexed by third parties.
4.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or enforceable government request, or to protect the rights, property, or safety of WedBuild, our users, or the public.
4.4 Business Transfers
If WedBuild is involved in a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.
4.5 With Your Consent
We may share your information in other circumstances where you have given us explicit consent.
5. International Data Transfers
WedBuild is based in Australia. Our service providers are primarily located in the United States. By using WedBuild, your personal information may be transferred to, stored, and processed in countries outside your country of residence, including Australia and the United States.
We take steps to ensure that international transfers of personal information are subject to appropriate safeguards, including:
- Standard contractual clauses (for transfers from the EU/UK)
- Data processing agreements with all service providers
- Ensuring providers maintain appropriate security certifications and practices
For Australian users, we take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the Australian Privacy Principles.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data (active subscription): Retained while your account has an active subscription (one-time or monthly).
- Account data (expired subscription): When your subscription expires and you do not have an active monthly plan, your account enters a read-only state. Your data is retained for up to 12 months after your subscription expires. During this period, you can log in and view your data, and you can restore full access at any time by subscribing to a monthly plan. If you do not resubscribe within 12 months, your account and all associated data will be permanently deleted.
- Wedding and guest data: Retained while your account exists (including the 12-month retention period after subscription expiry). Deleted upon account deletion, subject to backup retention periods.
- Payment records: Retained for 7 years after the transaction to comply with Australian tax law and financial record-keeping requirements.
- Analytics and usage data: Retained in aggregated or anonymised form and not linked back to individual users after account deletion.
- Server logs: Retained for up to 90 days for security and debugging purposes.
- Email delivery records: Retained for up to 12 months after sending for delivery tracking and troubleshooting.
6.1 What Happens When Your Subscription Expires
When your paid subscription expires and no monthly plan is active:
- Your account enters read-only mode — you can log in and view all your data but cannot make changes.
- Your wedding website is unpublished (taken offline).
- Your RSVP forms are closed (guests can no longer submit responses).
- A 12-month countdown begins. If you do not resubscribe within this period, your account and all data will be permanently deleted.
- You will receive email notifications at key intervals (30 days before expiry, 7 days before expiry, at expiry, and periodic reminders during the retention period) informing you of your account status and how to resubscribe.
6.2 Resubscription
You may restore full access at any time during the 12-month retention period by subscribing to a monthly plan. Upon resubscription:
- Your account is immediately restored to full access.
- The 12-month deletion countdown is cancelled and reset.
- Your wedding website and RSVP forms can be manually republished and reopened.
You may request deletion of your data at any time (see Section 9).
7. Cookies and Tracking Technologies
7.1 What We Use
| Technology | Provider | Purpose | Type |
|---|---|---|---|
| Authentication tokens | Supabase | Keeping you signed in | Essential (localStorage) |
| Analytics cookies | PostHog | Understanding feature usage, session recording (production only) | Analytics (localStorage + cookie) |
| Error tracking | Sentry | Detecting and diagnosing errors, performance monitoring | Functional |
| Email tracking pixels | SendGrid | Tracking email opens and link clicks | Marketing/analytics |
| Google Fonts | Loading typefaces | Functional |
7.2 Essential Technologies
Some cookies and local storage are strictly necessary for the Service to function (e.g., authentication tokens). These cannot be disabled without breaking core functionality.
7.3 Analytics and Performance
We use PostHog for product analytics, including page views, feature usage events, and session recordings (in production only). PostHog data helps us understand how users interact with the Service so we can improve it. Session recordings do not capture passwords, payment details, or other sensitive input fields.
We use Sentry for error monitoring and performance tracking. Sentry captures error data, browser information, and page context when errors occur.
7.4 Email Tracking
When you send announcements or email campaigns through WedBuild, we embed tracking pixels and link wrappers to provide open and click analytics. This tracking applies to emails you send to your guests, not to emails we send to you.
7.5 Managing Cookies
You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service. For more information on managing cookies, visit www.allaboutcookies.org.
8. Data Security
We take the security of your personal information seriously and implement reasonable technical and organisational measures to protect it, including:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
- Encryption at rest: Data stored in our database and file storage is encrypted at rest.
- Authentication security: Passwords are cryptographically hashed. We support Google OAuth for secure sign-in. Sessions are automatically refreshed and expired.
- Access controls: Server-side authentication and authorisation on all API endpoints. Row-level security policies on database tables.
- Infrastructure security: Hosted on managed platforms (Railway, Supabase) with automatic security updates, backups, and access controls.
- Payment security: Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider. We never store full payment card details.
- Rate limiting: API rate limits protect against abuse and brute-force attacks.
- Error monitoring: Real-time error and security monitoring via Sentry.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you become aware of a security vulnerability, please contact us immediately at privacy@wedbuild.com.
9. Your Privacy Rights
Depending on your location, you have certain rights regarding your personal information. We honour these rights for all users regardless of location, to the maximum extent practicable.
9.1 All Users
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information and account. We will delete your data within 30 days, except where retention is required by law.
- Data export: Download your data in a structured, commonly used format.
- Withdraw consent: Where processing is based on consent, withdraw your consent at any time.
- Complaint: Lodge a complaint with us or with the relevant supervisory authority.
9.2 Australian Users (Privacy Act 1988)
Under the Australian Privacy Principles, you have the right to:
- Access your personal information held by us (APP 12)
- Request correction of your personal information (APP 13)
- Complain about a breach of the APPs
If you are unsatisfied with our response to a complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
9.3 European Users (GDPR / UK GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR:
- Legal basis for processing: We process your data on the following legal bases:
- Contract: Processing necessary to provide the Service you requested (Article 6(1)(b))
- Legitimate interests: Analytics, security, and service improvement (Article 6(1)(f))
- Consent: Marketing communications and optional analytics (Article 6(1)(a))
- Legal obligation: Tax and financial record-keeping (Article 6(1)(c))
- Right to restriction: Request restriction of processing in certain circumstances.
- Right to portability: Receive your data in a portable format and transmit it to another provider.
- Right to object: Object to processing based on legitimate interests, including profiling.
- Right to erasure: Request deletion of your data ("right to be forgotten").
- Automated decision-making: Our AI assistant features use automated processing to generate wedding planning suggestions (see Section 11.1). These outputs are advisory only and do not produce legal effects or similarly significant effects concerning you. You have the right to request human review of any AI-generated advice by contacting privacy@wedbuild.com.
To exercise these rights, contact us at privacy@wedbuild.com. We will respond within 30 days (or within the time required by applicable law). You may also lodge a complaint with your local data protection authority.
9.4 California Users (CCPA / CPRA)
If you are a California resident, you have the following rights:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties with whom we share it.
- Right to delete: Request deletion of your personal information.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt-out of sale or sharing: We do not sell or share your personal information for cross-context behavioural advertising.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at privacy@wedbuild.com.
10. Guest Data & Your Responsibilities
When you collect information about your wedding guests through WedBuild (via guest lists, RSVP forms, contact detail forms, or guest self-entry), please be aware:
- You are the data controller (or equivalent under applicable law) for guest information you collect. WedBuild acts as a data processor on your behalf.
- You are responsible for ensuring you have an appropriate legal basis to collect and process your guests' personal information.
- You should inform your guests that their information is being collected and processed through WedBuild.
- You should use guest data only for wedding-related purposes and not for spam, unsolicited marketing, or other inappropriate uses.
- If a guest contacts us to request access to, correction of, or deletion of their information, we will direct them to you as the account holder. We may also action the request directly where required by law.
11. AI Features and Automated Decision-Making
WedBuild offers AI-powered features, including a help assistant and a wedding planning assistant (Pro plan). When you use these features:
- Your messages and relevant wedding context (such as guest counts, event details, and budget information) are sent to OpenAI for processing.
- OpenAI processes this data to generate responses. OpenAI's handling of data is governed by the OpenAI Privacy Policy and their data usage policies. Per OpenAI's API terms, data sent via the API is not used to train their models.
- AI-generated responses are not stored by OpenAI beyond what is necessary to provide the response.
- We implement rate limits (50 requests per hour, 200 per day) to prevent misuse.
- AI features are optional. You are not required to use them.
11.1 Automated Decision-Making Disclosure
In accordance with the Privacy Act 2024 amendments, the GDPR (Article 22), and other applicable laws, we disclose the following about our use of automated decision-making:
Kinds of decisions made by automated means:
- The AI wedding planning assistant generates personalised suggestions and advice about your wedding, including seating arrangement recommendations, budget guidance, guest list insights, vendor comparisons, timeline suggestions, and general wedding planning advice.
- The AI help assistant answers questions about how to use WedBuild's features.
- Intent classification determines which subset of your wedding data is relevant to your question, so only pertinent context is sent to the AI model.
Kinds of personal information used:
- Your messages: The questions and instructions you type into the AI chat.
- Wedding context (full assistant only): Depending on your question, the system may send a relevant subset of your wedding data to OpenAI, such as event details (dates, venue names, addresses), guest names, RSVP statuses, dietary requirements, seating assignments, budget figures, vendor names, quotes, and ratings.
- Privacy protections applied before processing: Guest contact details (email addresses, phone numbers, and postal addresses) are automatically stripped from all data before it is sent to OpenAI. The AI is also instructed never to reveal, request, or reference guest contact details. In help mode, no wedding data is sent at all.
Nature of the decisions:
- All AI-generated outputs are advisory only. The AI provides suggestions and information; it does not take any action on your behalf, modify your data, make purchases, send communications, or produce any legally binding decisions.
- All decisions about whether to act on the AI's suggestions remain entirely with you.
- There is no profiling — the AI does not build profiles about you, score you, or make eligibility determinations.
12. Children's Privacy
WedBuild is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If your guest list includes minors, you as the account holder are responsible for their data.
If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@wedbuild.com.
13. Third-Party Links and Integrations
The Service may contain links to third-party websites or integrate with third-party services (e.g., Google Maps, Stripe, Spotify embeds on wedding websites). These third parties have their own privacy policies, and we are not responsible for their practices. We encourage you to review their privacy policies before providing them with your information.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you by email or by prominent notice within the Service
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@wedbuild.com Website: https://wedbuild.com
WedBuild Pty Ltd Australia
For privacy complaints, we will acknowledge receipt within 5 business days and aim to resolve your complaint within 30 days. If you are not satisfied with our response, you may escalate your complaint to the relevant authority:
- Australia: Office of the Australian Information Commissioner (OAIC) — 1300 363 992
- European Union: Your local Data Protection Authority
- United Kingdom: Information Commissioner's Office (ICO)
- California: California Attorney General