Privacy Policy

Contact

Questions about this policy or our privacy practices: hello@mintinvite.com.

Who this applies to

This policy applies to visitors to our website, hosts who create accounts and events, and guests who interact with invite pages (for example, submitting an RSVP or viewing public event content). Some information on invite pages is intentionally public to the people who receive the link; we explain that below.

Information we collect

Account and authentication

When you sign in, we receive and store identifiers and profile details from our authentication provider (for example, a user ID and email address used for sign-in or notifications). We associate your account with event content you create and billing status if you purchase paid features.

Event and invite content you provide

We collect the information you add to an invite, such as titles, descriptions, date and time, location, images or files you upload, styling choices, optional guest-book messages, optional photo gallery uploads, and RSVP questions or options you configure. Invite pages you publish are available to anyone with the link unless you restrict access by how you share it.

RSVP and guest interactions

When a guest submits an RSVP, we collect the fields required by the host's setup (commonly name and email, response choice, party size, and optional notes). Hosts can view RSVP responses for their events in the Service.

Content you submit for AI-assisted setup

If you use features that extract event details from text, images, PDFs, or URLs, we process that content to generate suggested fields for your invite. That processing may use third-party AI services and may involve transferring the submitted content to those providers for the duration of the request.

Payments

Purchases are processed by our payment processor. We receive limited billing and subscription-related records (for example, customer identifiers and what was purchased), not your full card number.

Marketing attribution and device data

We may store first-touch marketing parameters (such as campaign tags in links, referring page information, and the landing path on our site) in the browser and associate a snapshot with your account when you sign in, to understand how people discover the Service.

Technical and usage data

Like most web services, our servers and infrastructure providers receive technical data when you use the Service, such as IP address, approximate location derived from IP, browser type, device type, date and time of access, and pages or API endpoints requested. We may also rely on essential cookies or similar technologies so sessions and security features work.

Product analytics (Microsoft Clarity)

When enabled for our deployment, we use Microsoft Clarity to understand how visitors use the site (for example, heatmaps and session replays). Clarity is operated by Microsoft; its processing is described in Microsoft's privacy documentation. You can use browser controls or opt-out tools Microsoft provides for Clarity where available.

Communications

If you contact us by email or through the Service, we keep correspondence and related metadata as needed to respond and improve support.

How we use information

We use personal information to:

• Provide, operate, and improve the Service and its features
• Create and host invite pages, including RSVP collection hosts rely on
• Authenticate accounts, prevent abuse, and protect security
• Send service-related messages (for example, sign-in links, confirmations, and notifications hosts enable for their events) using email providers
• Process payments and fulfill purchases
• Run product analytics and measure marketing effectiveness in aggregate or pseudonymous form where possible
• Comply with law, enforce our terms, and defend legal claims

Legal bases (EEA, UK, and Switzerland)

Where the GDPR, UK GDPR, or similar laws apply, we process personal information on these bases:

• Contract: processing necessary to provide the Service you request (accounts, invites, RSVPs, payments you initiate).
• Legitimate interests: securing the Service, improving features, understanding aggregate usage and acquisition, and communicating about the Service, balanced against your rights.
• Consent: where we rely on consent (for example, certain cookies or marketing communications where required), you may withdraw consent without affecting processing that does not require it.
• Legal obligation: where we must retain or disclose information to comply with applicable law.

How we share information

We share personal information with service providers that help us run the Service, such as hosting and database providers, authentication, email delivery, payment processing, cloud storage for media you upload, AI processing for extraction features, and product analytics tools (for example Microsoft Clarity when we enable it). They may process data on our behalf under contractual obligations and only as needed for their services.

Invite pages and optional public features (for example, guest books or galleries the host enables) display information to visitors who have access to the link. Hosts control much of what is shown and should avoid collecting sensitive guest data they do not need.

We may disclose information if required by law, to respond to lawful requests, or to protect rights, safety, and security. If we are involved in a merger, acquisition, or asset sale, personal information may transfer as a business asset; we will require the successor to honor commitments consistent with this policy or notify you of changes.

We do not sell your personal information as that term is commonly defined in U.S. state privacy laws, and we do not share personal information with third parties for their independent cross-context behavioral advertising.

International transfers

We are based in the United States and use providers that may process data in the United States or other countries that may not provide the same level of data protection as your home country. Where required, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK authorities, or rely on adequacy decisions or other lawful transfer mechanisms. You may contact us for more information on those safeguards.

Retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary: for example, account and event data are kept while your account is active and for a reasonable period afterward for recovery or legal needs; some server logs rotate on shorter cycles. You may request deletion as described below, subject to exceptions (for example, information we must keep for tax or fraud-prevention reasons).

Security

We use administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we encourage strong passwords and careful sharing of invite links.

Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal information; to restrict or object to certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. Residents of the EEA, UK, and Switzerland may contact us to exercise GDPR-related rights. California residents may have additional rights under the CCPA/CPRA, including to know categories of information collected, to request deletion, and to not be discriminated against for exercising privacy rights.

To submit a request, email hello@mintinvite.com from the email address associated with your account when possible, and describe your request. We may need to verify your identity before responding. Authorized agents may submit requests where permitted by law, with documentation we reasonably require.

Children

The Service is not directed to children under 13 (or the higher age required in your jurisdiction for valid consent without parental permission). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

Third-party links and embedded content

Invite pages may link to external sites (for example, registries or maps) or process URLs you provide during AI-assisted setup. Those third parties have their own privacy practices; this policy does not apply to them.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date. If changes are material, we will provide additional notice as appropriate under applicable law.

Note on legal review

This policy is provided as a practical draft aligned with how the Service works. It is not legal advice. You should have qualified counsel review it for your entity, jurisdictions, and subprocessors before relying on it for compliance.