← Home

Privacy Policy

This is the privacy policy for Invitee (“the Service”). It explains what personal data we collect, why, how long we keep it, and how you control it. We aim for the data-minimization principle of GDPR and the European Data Protection Board: collect only what we need, keep it only as long as necessary.

1. Who is the data controller

The operator of Invitee acts as the data controller. For data requests (access, export, deletion, rectification) please use the contact form while signed in.

2. What we collect

• Email address: when you sign in. Used as your account identifier and to send sign-in links and account notifications.
• Invitation content: everything you put in the editor (names, dates, photos, RSVP email, schedule). Stored as JSON in your account.
• Published events: once you publish, the same content plus a public slug; rendered for any visitor with the link.
• RSVP data: for any guest who responds: their name, optional email, attendance status, optional dietary needs and message. Submitted by guests, visible to the host.
• Audit data: on publish, we hash and store the IP address and user-agent. The IP is hashed with SHA-256 (we never store the raw IP).
• Sign-in tokens: transient: the SHA-256 of magic-link tokens, used once and expired after 30 minutes.
• OAuth identifiers: if you sign in with Google or Facebook, we store the provider, your verified email, and the provider’s user ID for that account.

We do not collect: tracking cookies for advertising, browser fingerprints, location data, contact lists, payment information.

3. Cookies

We use strictly-necessary cookies only:

• PHPSESSID: identifies your sign-in session. Set after you click a magic link. Cleared on sign-out or after browser session ends.

No analytics cookies, no advertising cookies, no third-party trackers.

4. How long we keep your data (retention schedule)

Data	Retention	Why
Your account & drafts	While you actively use it	Product utility
Inactive accounts	Deleted after 24 months without sign-in	Data minimization
Published events	Kept until you unpublish or delete them, or delete your account	Hosts often want post-event reference
Unpublished drafts (server-side)	Deleted 12 months after last edit if still unpublished	Data minimization
RSVPs	Deleted with the event they belong to (when the host deletes the event or their account)	Guest privacy
Publish IP hash + user-agent	6 months	Abuse investigation
Magic-link token records	Deleted 30 days after creation	Already useless; debug aid
Rate-limit counters	2 hours	Auto-cleared
Abuse reports (the report itself)	5 years	Legal evidence; DSA moderation record
Server access logs (Hostinger)	Per Hostinger’s policy	Out of our direct control

You can request immediate deletion of any data using the “Delete my account” button in the studio (signed-in users) or the contact form. We honor erasure requests within 30 days.

5. Who we share data with

We share data with these processors strictly to operate the Service:

• Hostinger: web hosting and database. Server location: EU.
• Hostinger SMTP: sends sign-in links and account notifications.
• Google / Facebook (only if you sign in with them): verifies your email.

We do not sell, rent, or trade your data. We do not run third-party advertising or analytics that track you.

6. Where data is stored

All data is stored on Hostinger servers within the European Union. The only routine transfer outside the EU/EEA is the OAuth handshake when you sign in with Google or Facebook: your browser sends an authorization code to those providers and they return your email address. This transfer is covered by the EU-US Data Privacy Framework. If you don’t use social sign-in, no personal data leaves the EU/EEA.

7. Your rights under GDPR

If you’re in the EU/EEA you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: correct inaccurate data (you can edit most directly in the studio)
• Erasure (right to be forgotten): use the “Delete my account” button or contact us
• Portability: download a JSON file with all your invitations, events and RSVPs at /api/export-me.php (signed-in)
• Restriction: pause processing of your data
• Objection: object to specific processing
• Withdraw consent: for any processing based on your consent
• Lodge a complaint with your national data protection authority (Italy: Garante per la protezione dei dati personali)

To exercise any of these rights, sign in and use the contact form. Standard response time: 30 days.

8. Children

The Service is not intended for users under 16. If you become aware of a user under 16, please report it via the contact form. We will delete the account.

9. Security

• All connections forced HTTPS
• Sessions are httponly + SameSite=Lax cookies (Lax not Strict so OAuth sign-in callbacks from Google/Facebook keep your session; Lax still blocks cross-site form CSRF, and the JSON APIs additionally require an X-CSRF-Token header)
• IP addresses stored only as SHA-256 hashes
• Magic-link tokens: random 256-bit, single-use, 30-minute expiry, only the SHA-256 hash is stored
• Database access restricted to the application; admin rate-limited (8 attempts / 15 min)

10. Changes

We may update this policy. Material changes are reflected in the “last updated” date above. If you have an account, we’ll email you about substantive changes.

11. Contact

For data requests, questions, or concerns, sign in and use the contact form or see the Terms of Use.