Privacy Policy

Last updated: 3 April 2026

WedClic ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

We collect the following categories of personal data:

• Account data: email address provided when you sign in via magic link.
• Event data: wedding date, couple names, event slug, and theme selection.
• Guest uploads: photos and videos uploaded by your guests, stored securely on Cloudflare R2.
• RSVP data: guest names and RSVP responses you choose to collect.
• Payment data: processed by Stripe. We store only your Stripe customer ID — we never see or store your card details.
• Usage data: page views and feature usage via PostHog analytics (anonymised where possible).

2. How We Use Your Data

• To provide the WedClic service — galleries, QR codes, slideshows, and downloads.
• To process one-time payments via Stripe and activate your plan.
• To send transactional emails (e.g. magic links, payment confirmation) via Resend.
• To improve the product using aggregated, anonymised analytics.
• To detect and prevent fraud or abuse.

3. Automated Processing & Consent

Premium plan users may use automated processing features (e.g. photo tagging and content moderation). Processing of your photos is performed using Anthropic's Claude API. We will only process your photos if you have explicitly enabled consent for your event. You can withdraw consent at any time from your event settings, which will prevent future processing.

Photos processed are handled asynchronously and are not used to train language models. A maximum of 300 photos per job and 3 jobs per day apply.

4. Data Storage & Retention

Photos and videos are stored on Cloudflare R2 (EU/US infrastructure). Retention periods depend on your plan:

• Standard: 15 GB for 12 months
• Premium: 30 GB for 24 months
• Free tier: galleries are active for 7 days from creation. After 7 days, the gallery is archived — guests can no longer upload. The event owner can still view and download photos during the archive window. Photos are permanently deleted 90 days after archiving (approximately 97 days from creation). Users receive email warnings before both archiving and deletion.

After your storage period expires, media files are deleted from R2. Account data is retained until you request deletion.

5. Data Sharing

We share data only with the following sub-processors:

• Supabase — database and authentication (EU region)
• Cloudflare R2 — media storage
• Stripe — payment processing
• Resend — transactional email
• Anthropic — automated processing (Premium, consent required)
• PostHog — anonymised analytics
• Sentry — error tracking (no personal data in error reports)

We never sell your data to third parties.

6. Your Rights (GDPR)

If you are in the European Economic Area (EEA) or UK, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate data.
• Erasure: request deletion of your account and all associated data.
• Portability: receive your data in a machine-readable format.
• Objection: object to processing based on legitimate interests.
• Restriction: request we limit how we process your data.

To exercise any of these rights, email us at privacy@wedclic.com. We will respond within 30 days.

7. Cookies

We use session cookies for authentication (via Supabase Auth) and anonymised analytics cookies via PostHog. We do not use advertising cookies or tracking pixels.

8. Security

All data is transmitted over HTTPS. Row-Level Security (RLS) is enforced on every database table — your data is never accessible to other users. Media files are served from Cloudflare with access controls.

9. Changes to This Policy

We may update this policy. Material changes will be communicated by email to registered users. Continued use of WedClic after changes constitutes acceptance.

10. Contact

For privacy enquiries: privacy@wedclic.com