Privacy Policy

This policy explains what personal information AisleReply collects, how we use it, and what your rights are. We've written it in plain English. If anything's unclear, email hello@aislereply.com.

Who we are

AisleReply is a service operated by Validus Media Ltd, a company registered in England (company number 08013355). Our registered address is 152 Osmondthorpe Lane, Leeds, LS9 9EG, United Kingdom. For privacy matters, we are the "data controller" of the information you give us directly.

What we collect

Information you give us when you sign up

• Your name, email, and phone number
• Your wedding date and venue (rough or exact)
• Your guest list - guest names, phone numbers, languages, and any notes you choose to share with us (such as which events each guest is invited to)
• Any messages you send us
• Payment details (processed by Stripe - we don't store card numbers on our servers)

Information collected automatically when you visit our site

• Your IP address, browser type, and pages visited
• A session cookie if you log in (so we know it's still you on each page)
• A referral cookie if you arrived through a referral link

Information collected from your guests

When your guests reply to the WhatsApp messages we send on your behalf, we receive and process their replies (including any free-text comments). This is processed so you can see the responses in your dashboard.

How we use it

We use the information you give us to:

• Set up and run your guest list service (sending invitations, gathering replies, organising your dashboard)
• Process your payment and provide our service
• Contact you about your wedding setup (only with your consent)
• Improve our service (using anonymised, aggregated data only)

Who we share data with

We use a small number of trusted third parties to deliver our service. Each has its own privacy policy and processes data on our behalf:

• Twilio - sends and receives the WhatsApp messages
• Anthropic - powers the AI assistant that understands guest replies (no guest data is used to train AI models)
• Stripe - processes payments (we never see or store your card details)
• BitHoarders - hosts our website and databases (UK-based hosting)

We do not sell your personal data. We do not share your data with advertisers. We do not use your guest list for marketing purposes.

Where data is stored

Your data is stored on UK servers. Some of our third parties (Twilio, Anthropic, Stripe) process data in the EU, UK, or US under appropriate transfer safeguards (UK GDPR Standard Contractual Clauses).

How long we keep your data

• Active accounts: for as long as you have a wedding being managed by us
• After your wedding: we keep your data for 12 months by default, in case you need to access it again, then delete it
• Billing records: we keep payment-related data for 7 years to meet UK accounting requirements
• Marketing leads (you contacted us but didn't sign up): 24 months, then deleted

You can ask us to delete your data at any time (see "Your rights" below).

WhatsApp messages and your guests' data

When you upload your guest list, you confirm that you have a "legitimate interest" basis under UK GDPR to contact those guests on behalf of your wedding (typically because they were invited and gave you their contact details). We are processing your guests' data on your behalf, so technically you are the "controller" of that data and we are the "processor". We don't use guest data for any purpose other than managing your RSVPs.

Every WhatsApp message we send to a guest includes an opt-out option ("Reply STOP to opt out") and we honour any opt-out immediately.

Cookies

We use the minimum cookies needed to run the site:

• Session cookies (when you log in) - so we know it's still you. These are deleted when you log out or after 14 days.
• Referral cookies (if you arrived via a referral link) - so we can credit the right referrer. These last 90 days.

We do not use third-party advertising or tracking cookies.

Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct any inaccurate data
• Delete your data (with some exceptions for billing records we have to keep by law)
• Object to processing or restrict it
• Receive your data in a portable format
• Withdraw consent at any time (where consent is the legal basis)
• Complain to the Information Commissioner's Office (ICO) - ico.org.uk

To exercise any of these rights, email hello@aislereply.com. We'll respond within 30 days.

Security

We use HTTPS encryption on every page, store passwords using strong one-way hashing, and limit access to our systems. We can't promise the internet is ever 100% secure, but we take reasonable steps to protect your data and would notify you (and the ICO) within 72 hours if a serious breach occurred.

Changes to this policy

We may update this policy occasionally. We'll change the "Last updated" date at the top, and for material changes we'll email anyone with an active account.

Contact

For any privacy questions or to exercise your rights, contact us at hello@aislereply.com.