Privacy Policy

1. Introduction

Flashtie ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website and services at flashtie.com ("the Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you sign in with Google, we receive your name, email, and profile picture from Google.

2.2 Payment Information

Payments are processed by Lemon Squeezy. We do not store your credit card details. We receive your transaction ID, plan selection, and payment confirmation from Lemon Squeezy.

2.3 Event Information

When you create a wedding event, we collect the event title, date, venue, and description you provide. This information is used to display your event page to guests.

2.4 Guest Information

When guests access your event page, we assign a random session identifier (stored as a cookie) to track their uploads. Guests may optionally provide a display name. We do not require guests to create an account or provide an email address.

2.5 Uploaded Content

We store photos, videos, audio recordings, and text messages that you and your guests upload to the Service. This content is stored in secure cloud storage (Hetzner Object Storage) and is accessible only to the event organizer and authorized co-organizers.

2.6 Technical Information

We automatically collect standard technical information such as your IP address, browser type, device type, and pages visited. This information is used for security, analytics, and improving the Service.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process payments and manage your subscription
• Create and manage your wedding event pages
• Store and serve uploaded media content
• Send transactional emails (account verification, password reset, co-organizer invitations)
• Enforce our Terms of Service and protect against abuse
• Respond to your support requests

4. Data Storage and Security

Your data is stored on secure servers provided by Hetzner Online GmbH, located in the European Union. Uploaded media files are stored in Hetzner Object Storage with access-controlled presigned URLs.

We implement the following security measures:

• All connections are encrypted with TLS/SSL (HTTPS)
• Passwords are hashed using bcrypt with a cost factor of 12
• Database sessions are verified server-side on every request
• Database access is restricted by IP address
• Media files are accessible only via time-limited presigned URLs
• Webhook signatures are verified using HMAC-SHA256

5. Data Retention

Uploaded media content (photos, videos, audio, text wishes) is retained for 12 months from the date of your plan purchase. After this period, content is automatically deleted from our storage systems.

Account information is retained as long as your account is active. If you delete your account, your personal information will be removed within 30 days, except where we are required to retain it for legal or compliance purposes.

6. Data Sharing

We do not sell your personal information. We share your data only with:

• Lemon Squeezy — our payment processor, to process your purchases
• Resend — our email service provider, to send transactional emails
• Hetzner Online GmbH — our infrastructure provider, for data storage and hosting
• Google — if you choose to sign in with Google OAuth

We may also disclose your information if required by law, court order, or governmental authority.

7. Co-Organizer Access

When you invite a co-organizer to your event, they will have access to event details, uploaded media, and guest wishes based on their assigned role. You are responsible for informing co-organizers about data handling responsibilities.

8. Cookies

We use the following cookies:

• Session cookie — to authenticate logged-in users (essential, expires after 30 days)
• Guest fingerprint cookie — to identify returning guests on event pages (essential, session-based)

We do not use advertising cookies or third-party tracking cookies.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Export your data in a portable format
• Object to or restrict certain processing of your data
• Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@flashtie.com.

10. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. International Data Transfers

Your data is primarily stored in the European Union (Hetzner data centers). If you access the Service from outside the EU, your data may be transferred to and processed in the EU. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at: