Privacy Policy

Enosera, Inc. ("Enosera," "we," "us," or "our") operates enosera.com and related services (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Platform. By creating an account or using the Platform, you agree to the practices described here.

Enosera is a three-sided platform connecting couples, wedding vendors, and venues. Because the Platform handles sensitive life-event data — including guest lists, payment information, and personal photos — we take data stewardship seriously.

2.1 Information you provide directly

• Account information: name, email address, password (stored as a cryptographic hash).
• Wedding details: partner names, wedding date, venue name, location, and any story or bio content you write.
• Guest list: guest names, mailing addresses, email addresses, dietary preferences, and RSVP responses.
• Photos and media: cover photos, wedding website photos, and guest-uploaded photos on the Photo Wall.
• Payment information: when you pay for a subscription or vendor service, your card details are collected by our payment processor (Stripe) and never stored on our servers. We retain transaction records (amount, date, last four digits, billing name) for accounting purposes.
• Vendor and venue profiles: business name, category, location, tagline, bio, starting price, website, Instagram handle, and phone number.
• Messages and communications: inquiries, lead messages, questionnaire responses, and notes you create on the Platform.

2.2 Information collected automatically

• Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
• Device data: device type, screen resolution, and operating system version.
• Cookies and local storage: session tokens, preference settings, and feature flags. You may disable cookies in your browser, but some Platform features will not function correctly.
• Usage analytics: aggregate data on which features are used and how often, to help us improve the product.

2.3 Information from third parties

We may receive information from third-party sign-in providers (such as Google) if you choose to authenticate through them, and from payment processors about the status of transactions.

We use the information we collect to:

• Create and maintain your account, and authenticate your identity.
• Provide the Platform's features: wedding websites, RSVP management, guest lists, seating charts, day-of timelines, photo walls, vendor coordination, and venue administration.
• Process payments and maintain accurate billing records.
• Send transactional communications: confirmation emails, RSVP notifications, timeline alerts, and contract updates.
• Send service-related announcements: feature releases, maintenance notices, and security alerts. You cannot opt out of these while your account is active.
• Send optional marketing communications about Enosera products and partner offers. You may unsubscribe at any time.
• Respond to your support requests and inquiries.
• Detect, prevent, and investigate fraud, abuse, and security incidents.
• Comply with applicable legal obligations and enforce our Terms of Service.
• Improve the Platform through aggregate, anonymized analytics.

4.1 Within the Platform

Enosera is designed around privacy controls. Couples control which vendors and guests see which information. Guest visibility on a couple's wedding website is scoped to events that guest is invited to attend. Vendors see only the couple data necessary to coordinate the wedding.

4.2 Third-party service providers

We share data with vendors acting as our data processors under confidentiality agreements:

• Supabase — database, authentication, file storage, and real-time messaging. Data is hosted on AWS infrastructure in the United States.
• Stripe — payment processing and, for vendors, Stripe Connect for payouts. Stripe is PCI-DSS Level 1 certified. Stripe's privacy policy is at stripe.com/privacy.
• Resend — transactional and marketing email delivery.
• Twilio — SMS notifications for day-of timeline alerts and RSVP confirmations.
• Google Maps — venue address autocomplete and map embeds on wedding websites. Google's privacy policy is at policies.google.com/privacy.
• Vercel — web hosting and edge network. Log data may pass through Vercel's infrastructure.

4.3 Legal requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a legal request.

4.4 Business transfers

If Enosera is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your personal information is subject to a different privacy policy.

4.5 What we do not do

We do not sell your personal information to third parties. We do not use your guest lists or wedding photos to train advertising models.

We retain your account data for as long as your account is active or as needed to provide you services. If you delete your account, we delete your personal data within 90 days, except where we are required to retain it for legal, accounting, or fraud prevention purposes (typically up to 7 years for financial records).

Photos uploaded to the Photo Wall are retained until you delete them or delete your account. Guest list data is retained until you delete your account. You may export your data at any time from your account settings.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, row-level security on the database, and regular security reviews. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security and encourage you to use a strong, unique password.

The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe we may have collected information from a child, please contact us at [email protected].

8.1 All users

Regardless of where you live, you have the right to: access the personal data we hold about you, correct inaccurate data, request deletion of your data (subject to legal retention obligations), and export your data in a portable format.

8.2 European users (GDPR)

If you are in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR): the right to restrict or object to processing, the right to data portability, and the right to lodge a complaint with your local supervisory authority. Our lawful basis for processing is primarily contract performance and legitimate interests. Where we rely on consent (e.g., marketing emails), you may withdraw it at any time.

8.3 California users (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, the right to delete personal information, the right to opt out of the sale or sharing of personal information (we do not sell or share your data for cross-context behavioral advertising), and the right to non-discrimination for exercising your rights.

8.4 How to exercise your rights

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

We use strictly necessary cookies for authentication and security. We use functional cookies to remember your preferences. We do not use third-party advertising or tracking cookies. You may manage cookies through your browser settings or our cookie preference center.

Wedding websites created on Enosera may link to vendor websites, registry retailers, and map services. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any site you visit.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date and, for significant changes, by email. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

For privacy questions, data requests, or concerns, contact us at: