Privacy policy
1. Who we are
SIA ProductLab, with registered contact details at Latvia (commercial register No. 40203629468), is the data controller responsible for personal data processed in connection with https://ourreception.com and the services offered there (collectively, "the Service").
This policy describes our processing under the EU and UK General Data Protection Regulation ("GDPR") and applicable local privacy laws. It applies to wedding hosts who register an account, guests who join an event via a host-provided link or code, and visitors who browse our public pages.
If you participate as a guest, the host organising the event may also decide how certain information appears (for example trivia prompts or display rules). If you have questions about what a specific host publishes, contact them directly.
2. Personal data we process
We only process the data needed to run the Service, secure accounts, analyse reliability, and process payments where you purchase a paid option.
- Hosts and presenters: email address and authentication data from our identity provider; account identifiers; event and session configuration (such as event codes, titles, round settings); trivia content and related media you upload; billing-related identifiers when you pay (handled by our payment processor).
- Guests: display name or nickname you choose when joining; gameplay data such as answers, scores, timing, and leaderboard positions; guestbook messages, gallery uploads, or similar content where those features are enabled for an event.
- Technical data: IP address, device and browser type, coarse location derived from IP, timestamps, and diagnostic logs; limited cookie or local-storage identifiers needed for sessions or preferences.
- Support and compliance: messages you send us and records we need to resolve incidents, prevent abuse, or meet legal obligations.
3. Purposes and legal bases
We rely on GDPR Article 6 bases that match how the Service works.
- Performance of a contract (Art. 6(1)(b)): operating accounts, delivering live trivia and related event features, processing purchases you initiate, and providing customer support tied to the Service.
- Legitimate interests (Art. 6(1)(f)): securing the platform, detecting fraud or abuse, improving stability and diagnostics, analysing product usage in aggregate where permitted, and enforcing our terms—balanced against your rights.
- Consent (Art. 6(1)(a)): where we explicitly ask for consent (for example optional marketing communications if offered, or certain analytics cookies if we request them separately). You may withdraw consent at any time without affecting processing based on other grounds.
- Legal obligation (Art. 6(1)(c)): retaining records where the law requires.
4. Service providers (processors)
We use vetted infrastructure partners who process data on documented instructions and provide appropriate safeguards.
- Supabase — database, authentication, file storage, and hosting infrastructure
- Stripe — payment processing and billing where you purchase paid tiers
- PostHog — product analytics and error reporting when enabled for our deployment
A current list of sub-processors may be updated as our suppliers change; materially similar categories will remain in place.
5. Retention
We keep personal data only as long as necessary for the purposes above, plus any statutory limitation or audit period.
Host account data remains while your account is active; you may request deletion subject to legitimate retention needs (such as unresolved payments or legal claims). Event-side guest participation data is kept for the life of the session configuration unless the host deletes the event or we delete it under our data retention schedule.
Backups may persist for a limited technical window before automatic overwrite.
6. International transfers
Some providers may process data outside the European Economic Area. Where required, we rely on approved mechanisms such as the European Commission Standard Contractual Clauses, UK International Data Transfer Addendum, or equivalent safeguards offered by the supplier.
7. Your GDPR rights
Depending on your location, you may have the following rights in relation to your personal data:
- Access and portability
- Rectification of inaccurate data
- Erasure ("right to be forgotten") where applicable
- Restriction of processing
- Objection to processing based on legitimate interests
- Withdraw consent where processing was consent-based
- Lodge a complaint with a supervisory authority
You may exercise these rights as described in section 8. Lodging a complaint is without prejudice to other remedies.
8. How to exercise your rights
You may contact us at privacy@ourreception.com to submit your request. We may need to verify your identity before disclosing or deleting data. We will respond within one month unless applicable law allows a justified extension.
If you joined an event as a guest, we may need to coordinate with the relevant host to confirm which session your data belongs to.
9. Security
We implement technical and organisational measures appropriate to the risk, including encryption in transit, access controls, monitoring, and least-privilege engineering practices. No method of transmission over the internet is completely secure; please protect your host credentials and share guest links responsibly.
10. Children
The Service is intended for adults organising events and their invited guests. We do not knowingly collect personal data from children under 16 without parental authority. If you believe we have processed a child's data improperly, contact us and we will investigate.
11. Changes to this policy
We will publish an updated version on https://ourreception.com with a revised "Last updated" date when we make material changes. Continued use of the Service after changes become effective constitutes notice where permitted by law.