Production Launch Notice
This page is a production draft. Replace all placeholder company fields and get Slovenian/EU legal review before selling to the public.
Controller
The data controller is REPLACE WITH LEGAL ENTITY NAME BEFORE LAUNCH, REPLACE WITH REGISTERED BUSINESS ADDRESS.
Contact: support@dateinvite.xyz. Replace these placeholders with the real trader before launch.
Data We Process
Buyer data: email address, optional name, order ID, checkout status, payment metadata, support messages, and delivery status.
Invite data: recipient name, optional recipient email, prompt, special notes, selected template behavior, generated copy, invitation URL, expiration date, and technical logs.
Media data: uploaded or linked images, short video clips, optional voice message, file metadata, and public storage URLs needed to render the invite.
Recipient response data: yes/no answer, selected date, time, food mood, location, date type, optional note, timestamps, and basic request metadata.
Why We Process It
Contract performance: to take and confirm the order, accept payment where required, generate the invitation, host it, deliver the link to the buyer and, when provided, the recipient, and notify the buyer when the recipient responds.
Legal obligations: accounting, tax, consumer-law, dispute, and security obligations.
Legitimate interests: abuse prevention, service security, debugging, fraud handling, customer support, and improving templates without exposing private invite content publicly.
Consent: optional marketing, optional non-essential cookies, and any processing where consent is legally required.
Processors And Tools
The service may use Vercel for hosting, Supabase for database and storage, Stripe for payments, Resend or another email provider for transactional email, and AI/code-generation tools operated by us to create the customized invitation.
Only the data needed for each purpose is shared with a provider. Provider names, regions, and data processing agreements must be finalized before production launch.
If data is transferred outside the EEA, we rely on an adequacy decision, Standard Contractual Clauses, or another valid transfer mechanism where required.
Retention
The public invitation is intended to stay live for 3 days during launch promo after confirmed order acceptance.
Invite assets and recipient responses should be deleted or anonymized after the invite expires unless a dispute, legal duty, security issue, or support request requires longer retention.
Accounting, payment, invoice, and tax records are retained for the period required by applicable Slovenian and EU law.
Your Rights
Depending on the situation, you may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
Send requests to support@dateinvite.xyz. We may need to verify your identity before acting on a request.
You may complain to the Slovenian Information Commissioner (Informacijski pooblascenec) or another competent data protection authority.
Recipient Privacy
Buyers should not submit sensitive or private recipient details unless they have a lawful and respectful reason to do so.
Buyer-submitted recipient email, when provided, is used to deliver the invite link and, if applicable, a confirmation copy of the recipient's submitted date plan.
Recipient responses are sent to the buyer because that is the purpose of the invite. The invite should make this reasonably clear before the recipient submits a plan.
Security
We use access controls, server-side secrets, payment-provider redirects, and limited retention to reduce risk.
No small custom website service can promise perfect security. Report suspected security or privacy issues to the legal contact.