Legal

Privacy Policy

1. Data Controller

Responsible for data processing on this website and the VJENY platform within the meaning of the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR):

VJENY

Kristian Kovac
Langenthalstrasse 13
4950 Huttwil
Canton of Bern, Switzerland

Email: datenschutz@vjeny.com
Website: vjeny.com

Brand: VJENY – operated by Kovac Technologies

2. Scope

This privacy policy applies to the website vjeny.com, its subdomains (app.vjeny.com, guest.vjeny.com), individual wedding websites created by users, and all related services and features of the VJENY platform.

It is directed at all users of the platform, in particular:

  • Couples who create an account and use the platform
  • Wedding guests who access the wedding website via QR code or link
  • Website visitors who browse vjeny.com without an account

3. Legal Basis

Swiss Law (FADP)

The processing of personal data is based on the Swiss Federal Act on Data Protection (FADP, revised version of 1 September 2023) and the Data Protection Ordinance (DPO). Where no legal basis exists, we obtain explicit consent.

EU Law (GDPR)

For users in the European Economic Area (EEA), we base the processing on the following legal grounds:

  • Art. 6(1)(a) GDPR – Consent (e.g. marketing, analytics)
  • Art. 6(1)(b) GDPR – Performance of a contract (e.g. account management, payment processing)
  • Art. 6(1)(c) GDPR – Legal obligation (e.g. accounting, taxes)
  • Art. 6(1)(f) GDPR – Legitimate interest (e.g. security, abuse prevention)

4. Data We Collect

4.1 When Visiting the Website (Without an Account)

  • IP address (stored anonymised)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)
  • Pages and subpages accessed

This data is automatically collected by our hosting provider and serves system security and error analysis purposes.

4.2 When Creating an Account (Couples)

  • First and last name
  • Email address
  • Password (stored encrypted, bcrypt/argon2)
  • Wedding date and location
  • Names of the partners
  • Language and timezone settings

4.3 When Using the Platform

  • Guest lists (names, email, RSVP status, dietary preferences)
  • Wedding content (texts, images, schedule, budget data)
  • Communication data (messages to guests)
  • Documents (uploaded files)
  • Usage data (activity log within the platform)

4.4 Wedding Guests

When guests access a wedding website via QR code or link, the following data may be collected:

  • Name (entered by the couple)
  • RSVP response and plus-ones
  • Dietary preferences / allergies
  • IP address (technically required, anonymised)

Note: The couple is responsible for obtaining the necessary consent from their guests for data processing. VJENY provides the technical infrastructure but does not act as an independent controller for guest data.

4.5 Payment Data

During payment processing, the following data is transmitted to our payment provider Stripe:

  • Cardholder name
  • Credit card number (processed by Stripe only, never stored on our servers)
  • Expiry date and CVC
  • Billing address

We do not store any credit card data ourselves. We only receive a transaction ID, payment status, and the last four digits of the card from Stripe.

5. Purpose of Data Processing

We process personal data exclusively for the following purposes:

  • Provision and operation of the VJENY platform
  • Creation and management of user accounts
  • Creation and hosting of wedding websites
  • Guest management and RSVP functionality
  • Payment processing
  • Communication with users (support, notifications)
  • Improvement and further development of the platform
  • Security and abuse prevention
  • Compliance with legal retention obligations

6. Third-Party Providers and Processors

For the operation of the platform, we use the following third-party providers with whom data processing agreements (DPA) have been concluded where required:

6.1 Vercel Inc. – Hosting & Deployment

Purpose: Website hosting, server-side rendering, edge network
Data: IP address, HTTP request data, server log files
Headquarters: San Francisco, CA, USA
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Privacy: vercel.com/legal/privacy-policy

6.2 PlanetScale Inc. – Database

Purpose: Storage of all user and platform data (MySQL-compatible)
Data: All data mentioned in section 4 (encrypted at rest and in transit)
Headquarters: San Francisco, CA, USA (Servers: AWS us-east / eu-west)
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Privacy: planetscale.com/legal/privacy

6.3 Cloudinary Ltd. – Image Processing & CDN

Purpose: Storage, optimisation and delivery of images (profile pictures, wedding photos, template images)
Data: Uploaded image files, metadata (filename, size, format)
Headquarters: Santa Clara, CA, USA
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Privacy: cloudinary.com/privacy

6.4 Stripe Inc. – Payment Processing

Purpose: Processing of credit card payments and subscriptions
Data: Payment data (see 4.5), email address, billing address
Headquarters: San Francisco, CA, USA (European office: Dublin, Ireland)
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Certification: PCI DSS Level 1 (highest security standard for payment data)
Privacy: stripe.com/privacy

6.5 Cloudflare Inc. – DNS & Security

Purpose: DNS management, DDoS protection
Data: IP address, HTTP headers
Headquarters: San Francisco, CA, USA
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Privacy: cloudflare.com/privacypolicy

6.6 Amazon Web Services (AWS) – File Storage & CDN

Purpose: Storage and delivery of user uploads (wedding photos, documents) via Amazon S3 and CloudFront CDN
Data: Uploaded files, file metadata (name, size, type)
Headquarters: Seattle, WA, USA (Servers: eu-central-1 Frankfurt, where available)
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Privacy: aws.amazon.com/privacy

6.7 Twilio Inc. – WhatsApp Messaging

Purpose: Sending WhatsApp messages to wedding guests on behalf of the couple
Data: Recipient phone numbers, message content, attached images if applicable
Headquarters: San Francisco, CA, USA
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Privacy: twilio.com/legal/privacy

6.8 Sentry (Functional Software Inc.) – Error Monitoring

Purpose: Error detection and performance monitoring
Data: IP address, error messages, stack traces, browser information
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – ensuring platform stability
Headquarters: San Francisco, CA, USA
Transfer basis: EU-US Data Privacy Framework, Standard Contractual Clauses (SCC)
Privacy: sentry.io/privacy
Retention: 90 days

7. Data Transfers to Third Countries

Some of our processors are based in the USA. The transfer of personal data to the USA is carried out on the basis of:

  • EU-US Data Privacy Framework (DPF) – for certified companies
  • Standard Contractual Clauses (SCC) – pursuant to Art. 46(2)(c) GDPR and Art. 16(2)(d) FADP
  • Adequacy decision – where available

We ensure that all processors provide an adequate level of data protection and implement appropriate technical and organisational measures to protect your data.

8. Cookies and Tracking

Our website uses cookies. Details about the cookie types used, their purpose and storage duration can be found in our Cookie Policy.

Essential Cookies

These cookies are strictly necessary for the operation of the website and cannot be disabled. They include session cookies, language settings and CSRF protection.

Functional Cookies

Store user preferences such as language and theme selection to improve the user experience.

Analytics Cookies

Only set with your explicit consent and serve for anonymised analysis of website usage. We currently do not use any third-party analytics cookies.

You can manage or delete cookies at any time in your browser settings. Disabling essential cookies may limit the functionality of the website.

9. SSL/TLS Encryption

This website uses SSL/TLS encryption (HTTPS) for all data transmissions between your browser and our servers. This ensures that your data cannot be viewed by third parties during transmission. You can recognise an encrypted connection by the lock icon in the browser bar.

10. Retention Period

We store personal data only as long as necessary for the respective purpose or as required by statutory retention periods:

  • Account data: Until deletion of the account by the user, at the latest 30 days after the wedding date (unless otherwise agreed)
  • Guest data: In line with the couple's account
  • Wedding content: In line with the account; export is available before deletion upon request
  • Payment data: 10 years as per Swiss accounting obligations (CO Art. 958f)
  • Server log files: Maximum 30 days
  • Communication data: 12 months after the last interaction

After the retention period expires, data is irrevocably deleted or fully anonymised.

11. Your Rights

You have the following rights regarding your personal data:

Under Swiss FADP

  • Right of access (Art. 25 FADP): You may request information about your stored data at any time
  • Right to rectification (Art. 32 FADP): You may request the correction of inaccurate data
  • Right to deletion (Art. 32 FADP): You may request the deletion of your data, provided no statutory retention obligations apply
  • Right to data portability (Art. 28 FADP): You may request the release of your data in a commonly used electronic format

Additionally under EU GDPR (for EEA residents)

  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR): Against processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3) GDPR): At any time, without giving reasons

To exercise your rights, please contact us at: datenschutz@vjeny.com

We generally respond to requests within 30 days. An identity document may be required for verification.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of all data transmissions (TLS 1.2+)
  • Database encryption at rest
  • Password hashing with modern algorithms (bcrypt/argon2)
  • Regular security updates and patches
  • Access control and principle of least privilege
  • Automatic backups

Administrative Access

The platform operator maintains an internal administration dashboard with technical access to user data, communication logs and uploaded files. This access is strictly purpose-bound and is only used for:

  • Technical troubleshooting and support requests
  • Ensuring platform stability and security
  • Detection and prevention of abuse
  • Compliance with legal obligations

All administrative access is recorded in an audit log. Access to the administration dashboard is protected by two-factor authentication (2FA) and restricted to authorised personnel. No access to content occurs without a specific reason or purpose.

13. Data of Minors

The VJENY platform is intended for adults. We do not knowingly collect personal data from children under 16 years of age (or under 13 years, depending on applicable law). If we discover that we have collected data from minors, it will be deleted immediately.

14. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects or similarly significantly affects you.

15. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the competent supervisory authority (FDPIC or EU data protection authority) within 72 hours, if the breach poses a risk to affected persons
  • Inform affected persons without delay if a high risk to their rights and freedoms exists
  • Document the data breach and take measures to remedy it

16. Right to Complain

If you believe that the processing of your data violates applicable data protection law, you have the right to lodge a complaint with a supervisory authority:

Switzerland

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern
www.edoeb.admin.ch

Germany

The competent state data protection authority of your federal state

Austria

Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
www.dsb.gv.at

Croatia

Agencija za zaštitu osobnih podataka (AZOP)
Fra Grge Martića 14, 10000 Zagreb
azop.hr

17. Contact for Data Protection Enquiries

For questions, information requests or complaints about data protection, please contact us at:

VJENY – Data Protection
Kristian Kovac
Langenthalstrasse 13
4950 Huttwil, Switzerland
Email: datenschutz@vjeny.com

18. Email Usage

Vjeny sends exclusively transactional emails triggered by explicit user actions. Examples include account registration confirmations, password resets, RSVP confirmations, and notifications that couples send to their invited guests.

We do not send marketing emails, advertising campaigns, or newsletters. Recipients only receive emails when they interact with the platform or are directly invited by a couple.

The typical sending volume is low and event-based. We actively monitor bounces and complaints and automatically suppress affected addresses.

For more information, please see our Email Policy.

19. Changes to This Privacy Policy

We reserve the right to amend this privacy policy at any time to adapt it to changed legal requirements, new features, or changed data processing practices. The current version is always available on this page. Registered users will be informed by email of any material changes.

Last updated: February 2026