Privacy Policy

Last updated: April 16, 2026

RSVP Made Simple ("we", "our", or "us") operates https://rsvpmadesimple.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using our service you agree to the practices described here.

1. Information We Collect

Account information. When you create an account we collect your name, email address, and a hashed password. We never store your password in plain text.

Event and guest data. You provide event details (date, venue, description) and guest information (names, email addresses, postal addresses, dietary notes) as part of using the service. This data belongs to you. We process it only to operate the features you use.

RSVP responses. When a guest RSVPs we record their responses, the IP address of the request, and the timestamp. This data is associated with the event and is visible to the event organiser in their dashboard.

Registry and gift data. We store the product URLs, titles, images, and prices you add to your registry, as well as gift claim records submitted by guests.

Payment information. Payments are processed by Stripe. We never see or store your full card number. We receive and store the Stripe payment intent ID, amount, and status for our records.

Usage data. We log standard web server data: IP addresses, browser type, pages visited, and timestamps. We use this for security, debugging, and understanding aggregate usage patterns.

2. How We Use Your Information

  • To create and manage your account and events.
  • To send invitation emails and RSVP confirmation emails on your behalf.
  • To send 48-hour purchase follow-up emails to guests who clicked registry links (only if the guest was invited with an email address you provided).
  • To process payments through Stripe.
  • To generate printable PDF materials you request.
  • To operate, improve, and secure the service.
  • To respond to your support requests.

We do not sell your data or your guests' data. We do not use it for advertising.

3. Guest Data and Your Responsibilities

When you import or enter your guests' contact information, you are responsible for having the right to share that data with us and to contact those guests on behalf of your event. We process guest data only to provide the features you direct us to use — sending invitation emails, delivering RSVP flows, and sending purchase follow-ups.

Guests can contact us at hello@rsvpmadesimple.com to request removal of their information from our systems.

4. Third-Party Services

We use the following third-party services to operate RSVP Made Simple:

  • Stripe — payment processing. Stripe's privacy policy applies to data you provide during checkout: stripe.com/privacy.
  • Mailgun — transactional email delivery. Emails sent through our service (invitations, RSVP confirmations, follow-ups) are routed through Mailgun's infrastructure.
  • Cloudflare R2 — file storage for cover images you upload. Files are stored in Cloudflare's infrastructure.
  • Anthropic / OpenAI — AI-assisted product data extraction when you add items to your registry using the bookmarklet. We send product page data (URL, open graph tags, a text snippet) to the AI provider to extract structured product information. We do not send personal guest data to AI providers.

5. Cookies and Session Data

We use a single session cookie (PHPSESSID) to keep you logged in to your account. This cookie is essential for the service to function and is removed when you log out or close your browser. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Data Retention

We retain your account and event data for as long as your account is active. If you delete your account, we delete your personal data and all associated event, guest, and registry data within 30 days. Payment records are retained for 7 years to comply with financial record-keeping requirements.

Event data for free accounts is retained indefinitely. Paid event pages remain active for 12 months from the date of purchase, after which they are archived. You may request export or deletion at any time.

7. Security

We take reasonable technical and organisational measures to protect your data:

  • All data is transmitted over HTTPS.
  • Passwords are hashed with bcrypt — we cannot recover them.
  • Invitation tokens are generated with a cryptographically secure random source.
  • Database access is restricted to application servers.
  • Stripe handles all payment card data; we never touch raw card numbers.

No system is perfectly secure. If you discover a security issue, please email hello@rsvpmadesimple.com and we will respond promptly.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data via your account settings or by contacting us.
  • Delete your account and all associated data by contacting us.
  • Export your guest list and RSVP data at any time from your dashboard.
  • Object to or restrict certain processing by contacting us.

To exercise any of these rights, email hello@rsvpmadesimple.com from the address associated with your account.

9. Children

RSVP Made Simple is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify account holders by email. Continued use of the service after changes are posted constitutes your acceptance of the revised policy.

11. Contact

Questions about this policy? Email us at hello@rsvpmadesimple.com. We aim to respond within 5 business days.