Skip to content

Privacy policy

Last updated: May 2026

1. Who we are

Luvbug (“we,” “us,” or “our”) operates the wedding planning platform at luvbug.io and associated applications (collectively, the “Service”). This Privacy policy explains how we collect, use, share, and protect personal information when you use the Service.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the Service.

This policy is incorporated into and subject to our Terms of service.

2. Information we collect

Information you provide directly

  • Account information — when you register, we collect your name, email address, and password (managed via our authentication provider, Auth0).
  • Profile information — profile photo, display name, bio, and contact preferences you add to your account.
  • Phone number — if you enable SMS-based multi-factor authentication (MFA), we collect your phone number for the purpose of sending verification codes.
  • Wedding information — details you enter about your wedding event, including event name, date, and associated planning data within a Wedding Workspace.
  • Guest information — names, contact details, and RSVP responses you add when managing a guest list. You are responsible for obtaining any necessary consent from guests before entering their information.
  • Communications — messages you send through the Service to other users, planning team members, or vendors.
  • Waitlist and referral data — email address, role (couple or vendor), referral code, and consent timestamp if you join our waitlist.
  • Support and feedback — information you provide when contacting us for support or submitting feedback.

Information collected automatically

  • Log data — our servers automatically record information including IP address, browser type and version, operating system, referring URL, pages viewed, and timestamps.
  • Device information — device type, operating system version, and unique device identifiers when you use our mobile application.
  • Usage data — features accessed, actions taken, and interaction patterns within the Service, used to operate and improve it.
  • Security audit events — we log certain account security events (such as login, password change, and MFA enrollment) for security monitoring and incident response. These logs contain account identifiers and event metadata, not message content.
  • Cookies and similar technologies — see Section 5 for details.

Information from third parties

  • Authentication providers — if you sign in using a social login (such as Google), we receive basic profile information (name and email) from that provider, subject to your privacy settings with them.
  • Other users — other users may add your contact information to a guest list or invite you to a Wedding Workspace. We handle information provided about you by others with the same care as information you provide directly.

Sensitive information

Wedding planning can involve sensitive personal information, including religious or philosophical beliefs (ceremony type), dietary requirements (which may indicate health conditions), and sexual orientation (implied by same-sex couples using the platform). We collect sensitive information only where it is necessary to provide the Service and process it only for that purpose. You may choose not to provide sensitive information, but doing so may limit certain features.

3. How we use your information

We use the information we collect to:

  • Create and manage your account and Wedding Workspaces.
  • Provide, operate, and improve the Service and its features.
  • Send transactional communications — account confirmations, security alerts, one-time passcodes, and service notifications.
  • Send marketing and promotional communications where you have consented to receive them. You may opt out at any time.
  • Enable collaboration within Wedding Workspaces by sharing your profile with team members you invite or who invite you.
  • Process payments and manage subscriptions where applicable.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Monitor application performance and diagnose technical issues using our observability stack.
  • Comply with legal obligations and enforce our Terms of service.
  • Maintain the waitlist and attribute referrals.

We do not use your personal information to train AI or machine learning models without your explicit consent. Anonymized and aggregated data that cannot reasonably identify you may be used to improve our AI-powered features.

4. How we share your information

We do not sell your personal information. We share information only in the following circumstances:

Service providers and processors

We share information with third-party vendors who process data on our behalf to operate the Service. These providers are contractually required to use your data only as directed by us and to implement appropriate security measures. Current processors include:

  • Auth0 (Okta) — identity and authentication management.
  • Twilio — SMS delivery for MFA verification codes.
  • Fly.io — application hosting and database infrastructure.
  • Datadog — application performance monitoring and log management. Logs contain only technical identifiers; we do not log email addresses or message content.

Within Wedding Workspaces

Your profile information (name, photo, role) is visible to other members of Wedding Workspaces you belong to. You control which Workspaces you join and may leave at any time.

Legal requirements

We may disclose your information if required to do so by law, court order, or valid legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of Luvbug, our users, or others.

Business transfers

If Luvbug is involved in a merger, acquisition, financing, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information becomes subject to a different privacy policy.

Aggregated and de-identified data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, and product improvement purposes.

With your consent

We may share your information for other purposes with your explicit consent.

5. Cookies and tracking technologies

We use cookies and similar technologies to operate and secure the Service.

Strictly necessary cookies

These cookies are required for the Service to function. They maintain your authenticated session, protect against cross-site request forgery, and enable core security features. They cannot be disabled without breaking the Service.

What we do not do

We do not use advertising cookies, tracking pixels, cross-site behavioral tracking, or third-party analytics scripts (such as Google Analytics or Meta Pixel) on the marketing site. We do not sell data derived from cookies to advertisers.

Managing cookies

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in or using authenticated features.

Global Privacy Control

We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we treat it as a request to opt out of any sale or sharing of your personal information for targeted advertising.

6. Data security

We implement technical, administrative, and organizational measures to protect your personal information, including:

  • Encryption of all data in transit using TLS 1.2 or higher.
  • Encryption of sensitive data at rest.
  • Access controls limiting database and infrastructure access to authorized personnel only.
  • Security audit logging of significant account events for incident detection and response.
  • Multi-factor authentication support for all accounts.

No method of electronic transmission or storage is 100% secure. If we become aware of a security breach that affects your personal information, we will notify you as required by applicable law.

You are responsible for maintaining the security of your account credentials. Contact us immediately at hello@luvbug.io if you suspect unauthorized access to your account.

7. Data retention

We retain personal information for as long as necessary to provide the Service, fulfill legal obligations, resolve disputes, and enforce our agreements. Specific retention periods by category:

  • Account data — retained for the life of your account and deleted within 30 days of a verified deletion request, subject to legal retention obligations.
  • Wedding Workspace data — retained while any member of the Workspace has an active account. When all members delete their accounts, Workspace data is deleted within 90 days.
  • Security audit logs — retained for up to 12 months for security monitoring and incident response, then deleted.
  • Server and application logs — retained for a maximum of 90 days, then deleted.
  • Waitlist data — retained until you request deletion or until 90 days after the Service is discontinued, if applicable.
  • Marketing consent records — retained for the duration required to demonstrate compliance with applicable law, even after you unsubscribe.

When we delete your data, we remove it from our production systems. Residual copies in backups are overwritten on the next scheduled backup rotation cycle.

8. Your rights and choices

All users

Regardless of where you live, you may:

  • Update or correct your account information at any time through your account settings.
  • Unsubscribe from marketing emails using the unsubscribe link in any email, or by contacting us.
  • Opt out of promotional SMS by replying STOP to any message.
  • Request deletion of your account by emailing hello@luvbug.io.

California residents (CCPA / CPRA)

California residents have the right to:

  • Know — request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months.
  • Delete — request deletion of your personal information, subject to certain exceptions.
  • Correct — request correction of inaccurate personal information.
  • Opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising. You may still submit a request via hello@luvbug.io.
  • Limit sensitive information — request that we limit use of sensitive personal information to what is necessary to provide the Service.
  • Non-discrimination — we will not deny you the Service, charge you different prices, or provide a different quality of service because you exercised your privacy rights.

California residents may also designate an authorized agent to submit requests on their behalf. We will verify the agent’s authority before processing the request.

We respond to verified California rights requests within 45 days. We may extend this period by a further 45 days with notice.

Other U.S. state residents

Residents of Colorado, Connecticut, Virginia, Texas, and other states with comprehensive privacy laws have rights substantially similar to those described above, including rights to access, delete, correct, and opt out of certain processing. Contact us at hello@luvbug.io to exercise your rights. If we deny your request, you may appeal by emailing us with the subject line PRIVACY REQUEST APPEAL.

EEA and UK residents (GDPR / UK GDPR)

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases for processing:

  • Contract (Art. 6(1)(b)) — processing necessary to provide the Service under our Terms of service (account management, Wedding Workspace features, transactional communications).
  • Consent (Art. 6(1)(a)) — marketing communications and optional data processing where you have given explicit consent.
  • Legitimate interests (Art. 6(1)(f)) — fraud prevention, security monitoring, and service improvement, where our interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c)) — processing required to comply with applicable law.

EEA and UK residents have the right to access, rectify, erase, restrict, or port their personal data, and to object to processing based on legitimate interests. You may withdraw consent at any time without affecting the lawfulness of prior processing. To exercise these rights, email hello@luvbug.io. We respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority. In the EU, you may contact your national supervisory authority. In the UK, you may contact the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Children’s privacy

The Service is not directed at children under the age of 18 and we do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided us with personal information, please contact us at hello@luvbug.io and we will delete the information promptly.

10. International data transfers

Luvbug operates in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For transfers of personal data from the European Economic Area (EEA) or the United Kingdom to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms under applicable law, to ensure your data receives an adequate level of protection.

11. Third-party links and services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices or content of those sites or services. We encourage you to review the privacy policies of any third party before providing them with your information.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. If a change is material — for example, a new use of your personal information or a new sharing practice — we will notify you by email or in-app notification at least 14 days before the change takes effect.

Your continued use of the Service after a change constitutes acceptance of the revised policy. If you do not agree to a revised policy, you must stop using the Service and may request deletion of your account.

13. Contact us

For questions about this policy, to exercise your privacy rights, or to report a privacy concern, contact us at:

Email: hello@luvbug.io
Subject line: Privacy request

We aim to respond within five business days. For formal data subject rights requests, we respond within the timeframes required by applicable law (30 days for GDPR; 45 days for CCPA).