Skip to main content

Privacy Policy

Last updated: May 27, 2026

1. Who We Are

Invicardo operates invicardo.com, a platform that lets you create and publish event websites for weddings, proposals, and other celebrations. Contact us at: [email protected]

2. Information We Collect

When you use Invicardo, we may collect:

  • Account data: name, email address, profile picture.
  • Content you create: the text, images, and settings of your event websites.
  • Usage data: pages visited, actions taken in the editor, browser type, and country-level location.
  • Device data: IP address, device type, and operating system.

3. How We Use Your Information

  • To create and manage your account.
  • To save, render, and publish your event websites.
  • To send transactional emails (account verification, password reset).
  • To improve our service through anonymised analytics.
  • We never sell your personal data.

4. Facebook Login & Data

If you choose to sign in with Facebook, we receive your public profile (name, email, profile picture) from Facebook. We use this only to create and identify your Invicardo account.

You can disconnect your Facebook account at any time in your Invicardo account settings.

5. Data Sharing

We share data only with:

  • Infrastructure providers: AWS (file storage), Cloudflare (CDN).
  • Email provider: Resend (transactional emails only).
  • Authentication providers: Google, Facebook (only when you use their login).

All providers are bound by data processing agreements.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required by law to retain it longer.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Withdraw consent at any time.

To exercise these rights, email us at [email protected] or visit invicardo.com/deletion.

8. Cookies

We use a single authentication cookie (rt) to keep you logged in. This cookie is essential for the service. We do not use advertising or tracking cookies.

9. Security

Passwords are hashed using bcrypt. Authentication tokens use RS256 signed JWTs. All data is transmitted over HTTPS.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of any material changes.

11. Contact

Questions about this policy? [email protected]