Privacy Policy

1. What we collect

When you create an account we collect your name and email address via Google Sign-In. When you set up your wedding invitation we store the content you provide (couple names, event details, family details, bank details for gifting, photos you upload). When your guests RSVP, we store the guest's name, phone number, attendance status, and any wish they leave.

2. How we use your data

We do not sell your data or your guests' data to third parties.

3. Site lifetime & data retention

Each B2C invitation site is live for 12 months from the date you activate it. When that period ends:

4. Third parties

We use Google Sign-In for authentication and Cloudflare (Workers, Pages, D1, R2) to host and run the service. These providers process data on our behalf under their own privacy terms.

5. Security

Passwords for whitelabel/B2B admin accounts are hashed (not stored in plaintext). Access to your dashboard requires authentication (Google Sign-In or email/password with a session token). We do not currently hold any formal third-party security certification (e.g. ISO 27001) — any such claim will only appear here once actually obtained and verifiable.

6. Guest data

Guests who RSVP submit their name, phone number, and optional wish directly to the couple's invitation page. This data is visible only to the invitation owner in their private dashboard, never made public, and never linked back to a guest's own account (guests do not need an account to RSVP).

7. Your rights

You can request a copy of your data, correction of inaccurate data, or deletion of your account and associated data by contacting us. Placeholder contact: support@rsvp.afwan.my.

8. Changes to this policy

We may update this policy as the service evolves. Material changes will be highlighted on this page.