InviteWise
Sign In

Privacy Policy

Effective May 2026 · Last updated May 2026

US-Only Service. InviteWise is hosted in the United States and intended solely for US residents. Personal information is processed strictly under US privacy standards (including California's CCPA/CPRA). We explicitly do not operate under, or consent to the jurisdiction of, foreign frameworks such as the EU GDPR, UK GDPR, Swiss FADP, Canada's PIPEDA/CASL, or Australia's Privacy Act.

1. Scope, Guests, & Jurisdictional Disclaimer

This Privacy Policy explains how InviteWise ("we", "us") collects, uses, and discloses personal information from individuals who interact with our Service.

Our Service applies to:

  • Hosts: Registered users who create events and send invitations.
  • Guests: Individuals who receive invitations or RSVP, whether they are registered users or unregistered interaction partners. This includes contact information (emails, phone numbers) uploaded to our platform by Hosts.

The Service is strictly not offered to, and is not directed at, residents of the European Union, the United Kingdom, Switzerland, Canada, Australia, or any other jurisdiction outside the United States ("Blocked Regions"). If you are located outside the United States, you are prohibited from using the Service. Any personal information inadvertently received from a person located in a Blocked Region will be deleted immediately upon notice.

Unlike traditional platforms, InviteWise operates under a strict Data Minimization principle: we do not sell your personal information or share your data with third-party networks for cross-context behavioral advertising.

2. Information We Collect and Receive

We collect information directly from you, as well as automatically through your use of the Service, and from other users (such as when a Host provides your contact details).

A. Information You Provide to Us

  • Account Information: Email address, display name, password hash, optional avatar, and social network login credentials (e.g., if you log in via Google or Apple).
  • Event Content & Location Data: Event titles, dates, descriptions, physical addresses/locations of events, registry items, potluck items, messages, chat/comment entries, and photographs uploaded to the platform.
  • Contribution Metadata: Transaction histories, amounts contributed to cash funds/registries, recipient host names, and accompanying messages. (Note: Complete credit card and bank account details are securely transmitted directly to our third-party processor, Stripe, and never touch or store on our servers).

B. Information We Receive About Others (Guests)

  • Guest & Invitee Data: If you use our Service as a Host, we collect and store personal information about others that you provide to us, including guest names, email addresses, and phone numbers.
  • Visibility Note: By providing this information, Hosts acknowledge that guest names, RSVPs, and associated contributions/potluck items may be visible to other invited guests of the same event to facilitate event coordination.

C. Information Collected Automatically

  • Device & Usage Data: IP address (read momentarily at the edge to enforce the US-only geo-block, and then discarded/hashed), browser type, device type, operating system, referrer URL, pages viewed, and approximate geographic location (city/state) derived from IP.
  • Cookies & Tracking: We use cookies and similar technologies to maintain your session and operate the core functions of the Service. Optional privacy-respecting analytics (PostHog) and affiliate link wrapping (Skimlinks) are only loaded if you explicitly opt-in. We do not use tracking technologies to serve cross-context behavioral or targeted advertisements. See our Cookie Policy.

3. How We Use and Disclose Information

We use and disclose your personal information strictly to operate our platform, deliver our core features, and maintain a secure service, subject to the strict limitations in Section 4 (Data-Minimization Safety Net).

A. Purposes for Using Your Information

  • Core Service Delivery: To facilitate event creation, process RSVPs, manage potluck contributions, coordinate registries, and process cash fund payouts.
  • Transactional Communications: To send critical platform emails, including host invitations, event reminders, payment receipts, and automated account notices.
  • Security & Enforcement: To detect and prevent fraud, platform abuse, and violations of our Terms of Service (including enforcing our US-only geo-block).
  • Legal Compliance: To maintain necessary financial and tax records (such as 1099-K data processed via Stripe) and to respond to lawful government requests.
  • Analytics & Monetization (With Consent): To analyze app performance (via PostHog) and wrap outbound merchant links (via Skimlinks) only if you have explicitly opted in.

B. When and With Whom We Disclose Your Information

  • Other Event Participants: To enable event coordination, your display name, RSVP status, messages posted on the event page, and registry/potluck selections are visible to the Host and other invited Guests of that specific event.
  • Third-Party Service Providers: We share data with trusted vendors who perform essential infrastructure operations on our behalf. This includes hosting and database providers (Lovable Cloud / Supabase), payment infrastructure (Stripe Connect), and transactional email delivery tools. These providers are strictly contractually prohibited from using your data for any secondary purpose.
  • Legal & Safety Disclosures: We may disclose information if required to do so by law (such as a valid subpoena or court order) or when we believe in good faith that disclosure is necessary to protect the rights, property, or physical safety of InviteWise, our users, or the public.
  • Corporate Transfers: In the event of a merger, acquisition, asset sale, or bankruptcy, user data may be transferred to the acquiring US entity, subject to the protections outlined in this policy.

C. Third-Party Links & Features

Our Service may contain links to third-party web properties (such as registry gift sites). InviteWise does not control and is not responsible for the privacy practices of external websites. We encourage you to review their policies independently.

4. Global Data-Minimization Safety Net

Regardless of where a visitor is located and regardless of which framework applies, InviteWise operates under the following self-imposed commitments:

  • We do not sell personal information for monetary or other valuable consideration.
  • We do not share personal information for cross-context behavioral advertising.
  • We collect the minimum information needed to run the Service.
  • We do not rent, license, or syndicate user lists for third-party marketing.

5. Your Rights Under CCPA / CPRA (California Residents)

If you are a California resident, you have the statutory right to:

  • Know what personal information we collect, use, and disclose;
  • Request access to and a portable copy of your personal information;
  • Request deletion of your personal information;
  • Request correction of inaccurate personal information;
  • Opt out of the "sale" or "sharing" of personal information (as noted in Section 4, we do not engage in either);
  • Limit the use of sensitive personal information (we do not collect sensitive data);
  • Not be discriminated against for exercising any of these rights.

To exercise these rights, you can submit a request at /privacy-requests or download your data directly via your profile settings page ("Download my data"). We honor Global Privacy Control (GPC) browser signals as a valid opt-out request.

5a. Rights of Residents of Other US States

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Delaware (DPDPA), Iowa (ICDPA), New Hampshire (NHDPA), New Jersey (NJDPA), Tennessee (TIPA), or Indiana (INCDPA), you possess substantially similar rights to those outlined above, including the right to access, correct, delete, and obtain a portable copy of your data, and to appeal any denial of a privacy request.

How to exercise: Submit your request via /privacy-requests or email support@invitewise.app. We will respond within 45 days. Appeals: If we deny your request, you may appeal within 45 days by replying to our decision email. We will issue a final response within 60 days. If your appeal is denied, you may escalate the matter to your State Attorney General.

5b. Communications, Guest Removal, & Browser Choices

  • Marketing & Promotional Emails: You can opt out of commercial marketing communications at any time by clicking the "Unsubscribe" or "Opt-Out" link at the bottom of our emails.
  • Guest Invitation Opt-Out: If you are an unregistered Guest and no longer wish to receive event invitations or event reminders sent by Hosts via our platform, you can click the unsubscribe link in the invitation email or request removal from the specific guest list.
  • Transactional Communications Exemptions: Please note that even if you opt out of promotional or guest marketing emails, InviteWise will continue to send you essential transactional and relationship messages (such as security alerts, account verification, financial receipts, and critical administrative notices).
  • Do Not Track (DNT): Some web browsers offer a "Do Not Track" option. InviteWise currently does not respond to automated DNT signals, as they differ from legally recognized universal opt-out signals like GPC, which we do honor.

6. Children's Privacy

InviteWise is intended for a general audience and is strictly not directed to, marketed to, or intended for children under the age of 16.

  • No Knowing Collection: In accordance with the US Children's Online Privacy Protection Act (COPPA) and applicable state privacy laws (including the California Privacy Rights Act), we do not knowingly collect, solicit, or maintain personal information from children under the age of 16.
  • Age Restrictions for Accounts: As outlined in our Terms of Service, registration and account creation are strictly limited to individuals who are eighteen (18) years of age or older.
  • Removal and Deletion Protocol: If we discover or become aware that we have inadvertently collected personal information from a child under the age of 16 without verifiable parental consent, we will implement immediate security measures to purge and permanently delete that data from our active servers and database layers.

If you are a parent or legal guardian and believe that a child under the age of 16 has provided personal information to our platform (for example, by being included as an event guest), please contact us immediately at support@invitewise.app so that we can promptly remove the information.

7. Service Providers (Sub-Processors)

  • Stripe, Inc. — payment processing, payouts, 1099-K reporting.
  • Lovable Cloud / Supabase — application hosting, database, authentication, file storage (US regions).
  • Email delivery provider — transactional email (invitations, receipts, reminders).
  • PostHog — product analytics (loaded only with opt-in consent).
  • Skimlinks — affiliate link wrapping (loaded only with opt-in consent).
  • Cloudflare — edge network, DDoS protection, IP-country lookup for geo-blocking.
  • Third-Party Reward & Voucher Partners — External coupon syndicators and promotional merchants utilized strictly to generate, validate, and fulfill discount rewards earned through the InviteWise XP platform.

8. Security & User Discretion

A. Our Security Practices

We implement industry-standard administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, loss, or disclosure. This includes utilizing Transport Layer Security (TLS) encryption for data in transit, Row-Level Security (RLS) protections on our database layer, cryptographic hashing for user passwords, and restricting operational access based on the principle of least-privilege. Furthermore, InviteWise never collects, processes, or stores full payment card numbers or bank account routing data; all financial transactions are securely handled directly by our third-party infrastructure partner, Stripe.

B. User Discretion and Shared Event Data

Please be advised that InviteWise is a collaborative event coordination platform. Whenever you voluntarily disclose personal information within event descriptions, potluck contribution lists, comments, or group chats, that information is visible to other authorized participants of that event. We cannot control how other users or guests interact with, copy, or disclose the information you choose to share in these shared spaces. We urge you to exercise caution and discretion regarding the personal details you post.

C. No Guarantee of Absolute Security

While we take commercially reasonable and legally required steps to secure your data, no internet transmission or electronic storage system can be guaranteed to be 100% secure. Therefore, we do not promise—and you should not expect—that your personal information, communications, or event data will always remain completely immune to unauthorized interception or cyber incidents. You acknowledge that you use our Service at your own risk.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, provide our Services, resolve disputes, and protect our legal rights, or as otherwise permitted or required by applicable US law.

Specifically, our retention standards operate under the following parameters:

  • Account & Event Data: We generally retain your account profile and event-related metadata until you explicitly request deletion of your account via your profile settings or through /privacy-requests.
  • Financial, Transactional, and Tax Records: Notwithstanding any deletion requests, information associated with financial contributions, registries, cash fund payouts, and refunds will be securely retained for a period of seven (7) years. This retention is mandatory to ensure strict compliance with US federal and state tax laws, Internal Revenue Service (IRS) regulations, and financial record-keeping audits required by our payment infrastructure partner, Stripe.
  • Backup & Business Continuity Exception: When data is deleted upon user request, you acknowledge that residual copies of such information may temporarily remain within our encrypted system backups, server logs, or business continuity archives until those archives are systematically overwritten in the ordinary course of business.
  • De-Identified Data: Aggregated, fully non-identifying analytics and usage behavior data may be retained indefinitely for platform optimization and research purposes.

Event Media & Photo Retention

To protect user privacy and minimize data storage overhead, all photographs, images, and media uploaded to an event gallery by either the Host or Guests will be automatically and permanently deleted from our active servers seven (7) calendar days after the scheduled end date of the respective event. InviteWise does not guarantee permanent storage or archival backups of event media. It is the sole responsibility of the Host and individual Guests to download and preserve any photographs prior to this 7-day deletion threshold.

Community Reporting & Content Moderation

InviteWise utilizes user-driven reporting mechanisms ("Report" flags) to preserve platform safety. We reserve the absolute right to review, restrict, hide, or permanently delete any photograph, image, or text asset, and to suspend or terminate the associated user account, based on community reports, flags, or safety notices submitted by other users or third parties. All moderation actions are executed at the sole and absolute discretion of InviteWise to enforce our platform safety guidelines.

10. Data Subject Requests & Statutory Disclosures (CCPA/CPRA)

A. How to Submit a Request

You may submit data access, deletion, correction, or portability requests through our dedicated privacy portal at /privacy-requests or by emailing support@invitewise.app. Authenticated users can also instantly export a full JSON snapshot of their account data directly from their profile settings page ("Download my data"). We will verify your identity (typically via email confirmation) and respond within 45 days as required by law.

B. Statutory Disclosures: Categories of Personal Information Collected

To comply with the California Consumer Privacy Act (CCPA/CPRA), the chart below outlines the categories of personal information InviteWise has collected over the past twelve (12) months, the business purposes for collection, and the entities with whom this data is shared:

  1. Identifiers (Name, email address, password hash, IP address): Collected to manage accounts, deliver core services, ensure security, and enforce our US geo-block. Shared with: Hosting providers (Supabase), email services, and Stripe.
  2. Commercial & Financial Information (Transaction metadata, payment confirmations): Collected to manage registries, potlucks, and coordinate host payouts. Shared with: Stripe Connect (Note: Full card details go directly to Stripe).
  3. Geolocation Data (Approximate country/city derived from IP): Processed momentarily at the network edge to enforce the US-only block, then discarded. Shared with: Cloudflare.
  4. Sensory/Visual Data (Photos uploaded to events): Processed solely to display within the specific event interface as directed by the user. Shared with: Hosting storage providers.

C. Sales, Sharing, and Sensitive Data Disclosures

As explicitly stated in Section 4, InviteWise has NOT "sold" or "shared" (for cross-context behavioral advertising) any personal information to third parties or advertising networks in the preceding twelve (12) months. However, outbound links to third-party merchant partners may contain affiliate tracking data (via Skimlinks) as disclosed below. InviteWise does not collect or process "Sensitive Personal Information" triggering opt-out rights.

D. Notice of Financial Incentives (XP & Reward Program)

InviteWise offers an event-gamification program where users earn Experience Points (XP) for engaging with platform features (such as creating potlucks, setting up registries, or successfully referring new users). Upon reaching 2,500 XP, users may receive promotional discount codes or coupons.

  • Data Collected for Rewards: To administer this program, we track feature usage, event configurations, and referral metrics linked to your account identifier and email address.
  • Third-Party Reward Partners: The discount codes are generated and fulfilled by third-party merchant and promotional partners. When you click on a reward link or redeem a coupon, these third parties may place cookies or receive basic referral/affiliate identifier data to validate your discount.
  • Right to Opt-Out: Participation in the XP program is entirely voluntary. You can opt-out of the reward program or request that we stop tracking your metrics for this purpose at any time by contacting support@invitewise.app.

11. International Users

As explained in Section 1, the Service is not offered outside the United States. Users who circumvent our geo-block (for example, via VPN or proxy) do so in violation of our Terms of Service. Such users are not afforded the rights of GDPR, UK GDPR, Swiss FADP, PIPEDA, the Privacy Act 1988, the LGPD, or any other non-US framework, and any data processing that incidentally occurs is governed exclusively by US law.

12. Changes to this Privacy Policy & Contact Information

A. Amendments and Modifications

InviteWise reserves the right to amend, update, or modify this Privacy Policy at our sole discretion at any time. Any changes or clarifications will become legally effective immediately upon the posting of the revised policy on our Service, denoted by the "Last Updated" legend at the top of this page.

B. Implied Consent and Notification Protocol

For minor updates, posting the revised policy shall serve as sufficient notice. For material changes (as determined in good faith by InviteWise), we will make reasonable efforts to provide additional notification, such as displaying a prominent notice within the application interface or transmitting an automated alert to the email address associated with your registered account. Your continued use of or interaction with the Service following the publication of any modifications constitutes your explicit and binding acceptance of the updated Privacy Policy. If you do not agree with the revised terms, you must immediately cease all use of the Service and terminate your account.

C. Contact Us and Privacy Requests

If you have any questions, concerns, or technical inquiries regarding our privacy standards, our data-minimization safeguards, or how your event data is processed, please contact us at:

Please note that for your security, we may require identity verification (such as confirming access to your registered email address) before responding to formal data access or deletion requests.