Privacy Policy
Your privacy is important to us. This policy explains how Fancy RSVP collects, uses, and protects your personal information.
Last Updated: June 1, 2026
1. Information We Collect
We collect information you provide directly when you create an account, set up events, or communicate with us. This includes:
Personal Identification Information: Your name, email address, phone number, and billing address when you register for an account or subscribe to a paid plan.
Event Data: Event details you create, including event names, dates, venues, guest lists, RSVP responses, seating arrangements, and any custom fields you configure.
Guest Information: Names, email addresses, phone numbers, dietary preferences, and RSVP responses of guests you add to your events. You are responsible for obtaining appropriate consent from your guests before adding their information.
Payment Information: When you subscribe to a paid plan, our payment processor (Stripe) collects and processes your payment card details. We do not store full credit card numbers on our servers.
Usage Data: We automatically collect information about how you interact with our platform, including pages visited, features used, click patterns, session duration, and referring URLs.
Device Information: Browser type and version, operating system, device identifiers, IP address, and screen resolution to ensure optimal performance and security.
2. How We Use Your Information
We use the information we collect to provide, maintain, and improve our services. Specifically, we use your data for the following purposes:
Service Delivery: To create and manage your account, process your events, send RSVPs and reminders to your guests, and provide the features you've subscribed to.
Communication: To send you service-related notices, including account verification, billing reminders, security alerts, and support responses. With your consent, we may also send marketing communications about new features and promotions.
Analytics & Improvement: To understand how users interact with our platform, identify trends, diagnose technical issues, and develop new features that better serve our community.
Personalization: To customize your experience, recommend templates, and tailor content to your event planning needs and preferences.
Security & Fraud Prevention: To protect against unauthorized access, detect suspicious activity, and ensure the integrity of our platform and your data.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
3. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:
Service Providers: We work with trusted third-party companies that perform services on our behalf, including cloud hosting (AWS), email delivery (SendGrid), payment processing (Stripe), and analytics (Mixpanel). These providers are contractually bound to protect your data and use it only as directed.
With Your Consent: We may share your information when you explicitly authorize us to do so, such as when you choose to integrate with third-party applications or share event details publicly.
Event Guests: When guests RSVP to your event, they can see the event details you've published. Hosts can see guest responses and contact information as part of their event management.
Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.
4. Data Security
We take the security of your data seriously and implement industry-standard measures to protect it:
Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Sensitive fields such as payment tokens receive additional encryption layers.
Access Controls: We enforce strict role-based access controls, multi-factor authentication for administrative access, and regular access reviews to ensure only authorized personnel can access your data.
Infrastructure: Our application is hosted on secure, SOC 2 Type II compliant infrastructure with redundant backups, automated failover, and continuous monitoring for threats.
Vulnerability Management: We conduct regular penetration testing, automated vulnerability scanning, and participate in responsible disclosure programs. Security patches are applied promptly.
Incident Response: We maintain a comprehensive incident response plan. In the event of a data breach that affects your personal information, we will notify you and relevant authorities within the timeframes required by applicable law.
While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication on your account.
6. Your Rights (GDPR / CCPA)
Depending on your location, you may have the following rights regarding your personal data:
Right to Access: You can request a copy of the personal data we hold about you. We will provide this in a commonly used, machine-readable format within 30 days.
Right to Rectification: You can update or correct inaccurate personal data directly through your account settings, or by contacting our support team.
Right to Deletion: You can request the deletion of your personal data. We will comply unless we are required to retain it for legal or legitimate business purposes.
Right to Data Portability: You can export your event data, guest lists, and account information in standard formats (CSV, JSON) at any time from your dashboard.
Right to Object: You can object to the processing of your data for direct marketing purposes. You can also object to processing based on legitimate interests, subject to our evaluation.
Right to Restrict Processing: You can request that we limit how we use your data while we address a concern you've raised about its accuracy or our processing activities.
CCPA Specific Rights (California Residents): You have the right to know what personal information is collected, disclosed, or sold; the right to delete personal information; the right to opt-out of the sale of personal information (we do not sell your data); and the right to non-discrimination for exercising your rights.
To exercise any of these rights, email us at privacy@fancyrsvp.com or use the privacy controls in your account settings. We will respond within the legally required timeframe.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
Active Accounts: Your account data and event information are retained for the duration of your account's active status, plus a 30-day grace period after account closure.
Closed Accounts: Upon account deletion, we permanently erase your personal data within 90 days, except where retention is required by law (e.g., financial records for tax compliance, which are retained for 7 years).
Guest Data: Guest information associated with your events is deleted when you delete the event or close your account. Guests can also request their data be removed independently.
Backup Systems: Data may persist in encrypted backup systems for up to 30 additional days after deletion from primary systems, after which it is permanently purged.
Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytics and platform improvement purposes. This data cannot be used to identify any individual.
8. Children's Privacy
Fancy RSVP is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16 years of age.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@fancyrsvp.com. We will take prompt steps to delete such information from our systems.
In cases where a minor's information is included as a guest in an event (e.g., children attending a wedding), the event organizer is responsible for obtaining appropriate parental consent before adding that information to our platform.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
Notification: We will notify you of material changes via email and/or a prominent notice on our platform at least 14 days before the changes take effect.
Review Period: You will have the opportunity to review the updated policy before it becomes effective. If you disagree with the changes, you may close your account before the effective date.
Version History: We maintain a version history of this policy. Previous versions are available upon request by contacting our privacy team.
Your continued use of our platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
10. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us through any of the following channels:
Email: privacy@fancyrsvp.com
Mail: Fancy RSVP, Attn: Privacy Team, 350 Fifth Avenue, Suite 4800, New York, NY 10118, United States
Data Protection Officer: For GDPR-related inquiries, contact our DPO at dpo@fancyrsvp.com
We are committed to resolving any complaints about your privacy. If you feel we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
Related Documents
Please also review our Terms of Service which govern your use of the Fancy RSVP platform.