Legal
Privacy Policy
Effective date: 2 July 2026 · Last updated: 2 July 2026
1. Introduction
This Privacy Policy (the "Policy") describes how Veepys ("Veepys", "we", "us", or "our"), operator of the website veepys.com and related services (collectively, the "Service"), collects, uses, discloses, transfers, stores, retains, and otherwise processes information about identified or identifiable natural persons ("personal information" or "personal data") in connection with the Service.
This Policy applies to hosts and account holders ("Hosts"), invited recipients and attendees ("Guests"), visitors to our marketing site, and any other individuals who interact with the Service (each, a "User"). By accessing or using the Service, you acknowledge that you have read and understood this Policy.
2. Data Controller and Contact
For personal data processed in connection with a Host's event, the Host is the independent data controller (or business, as applicable) and Veepys acts as the data processor (or service provider). For personal data collected about Hosts, visitors, and other Users of the Service itself, Veepys is the controller.
You may contact us regarding this Policy or any privacy request at hello@veepys.com.
3. Information We Collect
We collect the following categories of personal information:
- Account data: name, email, password hash, authentication identifiers, plan and billing status.
- Event content: event names, dates, venues, media (photos, video, audio), text, guest lists, and other content that Hosts or Guests upload.
- Guest response data: RSVP status, meal preference, dietary restrictions, message/wishes, uploaded media, and contact details voluntarily provided.
- Payment data: billing name, address, and transaction identifiers. Card details are processed directly by our PCI-DSS compliant payment processors and are never stored by Veepys.
- Device and usage data: IP address, browser type, device identifiers, referring URLs, pages viewed, timestamps, crash reports, and interaction events.
- Cookies and similar technologies: as described in Section 9.
4. How We Use Personal Information
We process personal information for the following purposes:
- To provide, operate, maintain, secure, and improve the Service.
- To create and manage accounts, authenticate Users, and process transactions.
- To enable Hosts to design, publish, and manage invitations, and to enable Guests to respond, communicate, and interact.
- To provide customer support and respond to requests.
- To send transactional communications (e.g. RSVP confirmations, reminders, security alerts, invoices).
- To send service updates and, where permitted by law, marketing communications, which you may opt out of at any time.
- To monitor, prevent, detect, and investigate fraud, abuse, and violations of our Terms of Service.
- To comply with legal, regulatory, tax, and contractual obligations.
- To defend, establish, or exercise legal claims.
5. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)
Where applicable law (including the EU/UK GDPR) requires a legal basis, we rely on:
- Contract: to provide the Service you request.
- Legitimate interests: to secure, improve, and market the Service, provided such interests are not overridden by your rights.
- Consent: where required, for example for certain cookies or marketing.
- Legal obligation: to comply with applicable laws.
You may withdraw consent at any time without affecting the lawfulness of prior processing.
6. Disclosure of Personal Information
We do not sell personal information. We may disclose personal information to:
- Hosts and Guests as necessary to fulfil the purpose of an invitation (e.g. sharing RSVP data with the Host).
- Service providers and sub-processors including hosting, storage, database, email delivery, analytics, and payment providers, bound by written data protection terms.
- Professional advisors such as auditors, lawyers, and insurers.
- Authorities where required by law, legal process, or to protect the rights, property, or safety of Veepys, our Users, or the public.
- Successors in interest in connection with a merger, acquisition, financing, or sale of assets.
7. International Data Transfers
Veepys operates internationally. Personal information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and the European Economic Area. Where required, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or reliance on an adequacy decision.
8. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer required, we delete or anonymise it. Hosts may delete an event at any time, which removes associated event content within a reasonable period, subject to backup and legal retention windows.
9. Cookies and Tracking Technologies
We use strictly necessary cookies to operate the Service (for example, authentication) and, subject to your consent where required, functional and analytics cookies to understand usage and improve the Service. You can control cookies through your browser settings and, where offered, through our in-product cookie controls.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, update, or delete personal information about you.
- Object to or restrict certain processing, or request portability.
- Withdraw consent where processing is based on consent.
- Opt out of the "sale" or "sharing" of personal information (as defined under applicable U.S. state laws) — Veepys does not sell personal information.
- Lodge a complaint with a competent supervisory authority.
To exercise these rights, contact us at hello@veepys.com. For data submitted to a Host's event, please contact the Host directly; we will assist them as their processor.
11. Security
We implement administrative, technical, and organisational measures designed to protect personal information, including encryption in transit, access controls, and least-privilege policies. No method of transmission or storage is fully secure; we cannot guarantee absolute security.
12. Children's Privacy
The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from such children. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
13. Third-Party Services
The Service may link to or embed third-party services (e.g. maps, payment providers, video). Their privacy practices are governed by their own policies, which we encourage you to review.
14. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified through the Service or by email. Continued use of the Service after changes take effect constitutes acceptance.
15. Contact
Questions or complaints regarding this Policy should be addressed to hello@veepys.com.