Privacy Policy

Last updated: October 13, 2025

Your Wedding Atlas (“YWA”, “we”, “us”, “our”) is a platform that helps couples discover and contact wedding vendors, and helps vendors market their services. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use our websites and services, including yourweddingatlas.com and any tools, APIs, or integrations we provide (collectively, the “Platform”).

If you do not agree with this Policy, please do not use the Platform.

1) Who controls your information

Controller. The controller of your personal information is Your Wedding Atlas. Contact: support@yourweddingatlas.ca [Add your legal entity name and mailing address here once finalized.]
Payments. We use Stripe to process payments. Stripe is an independent controller (or, in some regions, an independent processor) of certain personal data it receives in order to provide payment services. Refer to Stripe’s privacy documentation for details.
CMS. We use a content management system (WordPress) to manage help-center and blog content. The CMS processes data needed to publish content and power our public APIs; it does not manage your YWA account.

2) Scope

This Policy applies to:

Couples (or other consumers) browsing vendors, saving favorites, sending inquiries, or creating accounts.
Vendors creating and managing listings, messaging leads, and purchasing subscriptions.
Visitors reading our blog or help center.

This Policy does not cover third-party websites you visit via outbound links (including affiliate retailers or vendors’ own sites).

3) Information we collect

3.1 Information you provide to us

Account & profile. Name, email, phone (optional), password (hashed), country, preferred currency, avatar, wedding date/preferences (if you choose to provide them), saved vendors, search alerts.
Vendor listing data. Business name, location/service areas, contact info, category, pricing ranges, descriptions, photos/videos, social links, availability, and any other content you upload.
Communications. Messages you send via our forms or on-Platform messaging (e.g., couples ↔ vendors), customer support requests, and feedback.
Payments & billing (via Stripe). Subscription plan, billing name/address, tax info (where required), last 4 digits/brand/expiry of card tokenized by Stripe, transaction IDs, and payment status. We don’t store full card numbers.
Help Center authoring. If you collaborate with us (e.g., as a vendor partner) on content, we may store your byline, profile, and related metadata.

3.2 Information we collect automatically

Usage & device data. IP address, device type, OS, browser, language, referral URLs, pages viewed, time on page, clicks, approximate location from IP, campaign attribution, error/crash logs.
Search & discovery signals. Queries, filters, facets, and interactions with search results and vendor profiles (used to improve relevance and ranking).
Cookies & similar tech. See Section 10.

3.3 Information from third parties

Vendors & partners. If a vendor provides a referral contact or team member, or connects third-party calendars/software, we may receive associated information.
Analytics/anti-abuse providers. We may receive signals to help detect fraud, spam, or platform abuse.
Affiliate networks. If you click an affiliate link, we may receive limited, pseudonymous reporting confirming clicks or conversions (no full order details or card data).
Google Sign-In & Google API Services. We offer sign-in with Google. If you choose this option, we receive your basic Google account information (such as name, email address, and profile photo) from Google to create or log in to your Your Wedding Atlas account. We do not receive your Google password. If we ever store a Google refresh token, we store it securely and use it only to maintain your login session. You can revoke our access at any time via your [Google Account → Security → Third-party access]. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4) How we use information (and legal bases where applicable)

We use your information to:

Provide the Platform (contract necessity / legitimate interests): Create/manage your account, display listings, enable search and favorites, process messages/leads, process payments and subscriptions, issue invoices/receipts, manage renewals and plan downgrades (e.g., automatic downgrade from Pro to Free if Stripe cannot collect payment), and provide support.
Personalize and improve (legitimate interests): Tailor content and ranking based on your location, language, and interactions; run A/B tests; improve search relevance; fix bugs; and analyze performance.
Communicate with you (contract necessity / legitimate interests / consent where required): Transactional emails (receipts, billing, policy updates), lead notifications, vendor inquiries, support responses, and—if you opt in—product updates or marketing.
Safety, security, and integrity (legitimate interests / legal obligation): Detect and mitigate spam, fraud, abuse, scraping, or unlawful activity; enforce our Terms; protect our users and our Platform.
Compliance and taxes (legal obligation / legitimate interests): Maintain transaction records, honor tax and accounting requirements, respond to lawful requests.
Consent-based processing (consent): Where required (e.g., certain cookies/marketing), we will ask for your consent. You can withdraw consent at any time.

5) Payments

All payments are processed by Stripe. When you pay or get billed, Stripe receives and processes your payment information directly. We receive limited payment metadata (e.g., card brand/last 4, status) so we can recognize your plan, renewals, downgrades, refunds, and invoices. Stripe may process your data outside your country—see their privacy documentation.

6) Sharing & disclosure

We share information only as needed:

With other users.
- Vendors → public: Your listing details (text, images, pricing ranges, service area) are public.
- Couples ↔ Vendors: When you send an inquiry, we share the message and your provided contact info with the vendor.
Service providers (processors). Hosting, storage, CDN, email/SMS delivery, analytics, error logging, image optimization, anti-abuse/fraud, customer support, and CMS/search services. They are bound by contracts and may only process data on our instructions.
Analytics & measurement. We use analytics to understand usage and improve the experience. Where required, we obtain consent.
Affiliate networks/retailers. If you click an affiliate link, we may share pseudonymous click identifiers with the network for attribution.
Legal, safety, and compliance. We may disclose information to law enforcement, regulators, tax authorities, or other parties if required by law or necessary to protect rights, safety, and our Platform, or to enforce our Terms.
Business transfers. If we undergo a merger, acquisition, or asset sale, your data may be transferred as part of that transaction.

We do not sell personal information in the common sense of the term. Where a jurisdiction defines “sale” or “sharing” broadly for cross-context behavioral advertising, we honor local opt-out rights.

7) International transfers

We operate globally and may process data in countries other than your own. Where required, we use recognized safeguards (e.g., Standard Contractual Clauses) or rely on adequacy decisions. By using the Platform, you understand your data may be transferred to jurisdictions with different data-protection laws.

8) Retention

We keep personal data only as long as necessary:

Account, listings, and messages: for the life of the account and a reasonable period thereafter for record-keeping, dispute resolution, fraud prevention, and legal obligations.
Billing/transaction records: typically 7 years (or as required by tax/accounting law).
Logs/analytics: typically 12–24 months (aggregated or anonymized thereafter).
Marketing preferences: until you opt out or your account is deleted.

We will delete or anonymize data when it is no longer needed, subject to legal holds.

9) Your rights

Depending on where you live, you may have rights to:

Access your data and obtain a copy.
Correct inaccurate or incomplete data.
Delete your data (subject to legal/contractual limits).
Portability (receive data in a portable format).
Object or restrict processing (especially for direct marketing or our legitimate interests).
Withdraw consent where processing is based on consent.
Opt out of certain profiling/targeted advertising where applicable.

To exercise rights, email us. We may need to verify your identity. You can also manage some preferences in your account (e.g., marketing emails).

Region-specific notes (summary):

EEA/UK (GDPR). You have the rights above and the right to lodge a complaint with your local supervisory authority.
Brazil (LGPD). You have similar rights; you can contact us as your data controller.
California (CPRA). You have rights to know, delete, correct, and opt out of “selling”/“sharing” (as defined by CPRA). We honor Do Not Sell or Share requests for cross-context advertising.
Canada (PIPEDA). You have rights to access and correct personal information and to withdraw consent, subject to legal exceptions.

10) Cookies and similar technologies

What we use. Essential cookies (authentication, security), functional cookies (preferences like currency/locale), analytics/measurement, and—where applicable—advertising/attribution (e.g., affiliate click IDs).
Consent. In regions where required, we show a consent banner. You can change preferences and you can also adjust browser settings to block or delete cookies (site functionality may be affected).
Do Not Track. We respond to applicable regional signals (e.g., GPC) where required by law.

11) Safety, fraud, and integrity

We use automated systems and limited manual review to:

detect and prevent spam, fraud, scraping, or harmful content,
protect users and vendors,
maintain fair search and ranking, and
enforce our Terms and policies.

If an automated decision significantly affects you, you can contact us to contest or request a review.

12) Child Access

The Platform is not directed to children. We do not knowingly collect data from:

children under 13 globally, and
children under 16 in the EEA/UK or where local law sets a higher age of digital consent.

If you believe a child provided data, contact us and we’ll take appropriate steps to delete it.

13) Third-party sites and integrations

Our Platform links to third-party sites and services (e.g., vendor websites, affiliate retailers). Their privacy practices are not governed by this Policy. Please review their policies before providing information.

14) Changes to this Policy

We may update this Policy to reflect changes in laws or our services. We’ll post the updated Policy with a new “Last updated” date and, where required, provide advance notice. Your continued use of the Platform after the effective date constitutes acceptance.

15) Contact us

Questions, requests, or complaints about privacy?

Email: privacy@yourweddingatlas.com