Information we collect
Four categories: (1) account — your name, email and hashed password; (2) invitation & RSVP — event details, guest lists (names, emails, phone numbers added by you), RSVP answers and any custom RSVP fields; (3) payment — Stripe customer ID, plan, invoice history (card numbers stay with Stripe, never us); (4) technical — IP address, user-agent, strictly necessary cookies, and — only with your consent — usage analytics.
How we use your information
To deliver the service — host your invitations, send SMS, track RSVPs — and to improve the product. We do not sell your data, and we do not use it to train AI models without explicit opt-in.
Who we share with
Sub-processors required to run the service: Supabase (database + auth), Stripe (payments), Twilio (SMS), Cloudflare (image storage), fal.ai (AI image generation for templates only — not your event data). Each handles only the data they need.
Your rights
You can access, export, correct or delete your data at any time from account settings, or by emailing us. EU residents have the rights granted by GDPR. We respond to verified requests within 30 days.
How long we keep data
Account data: as long as your account is active. Invitations: live for 90 days after deletion so guests can still RSVP, then archived for 12 months. Anonymised analytics: indefinitely.
Who is responsible (data controller)
Venito is a brand of Vanta Group. The data controller for personal data processed via Venito is Vanta Group. Contact: privacy@venito.io. EU/EEA hosts have the rights granted by GDPR; non-EU hosts have equivalent rights under our internal policy.
Questions?
For any privacy or legal queries, write to our team at privacy@venito.io