Build The Day

Privacy Policy

Last updated: 14 March 2026

1. Who we are

Build The Day ("we", "our", "us") is the data controller responsible for your personal data. We operate the website buildtheday.com and the Build The Day web application at app.buildtheday.com.

Contact details:

If you have any concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

2. What data we collect

We collect and process the following categories of personal data:

Account and profile data

  • Name and email address (when you create an account)
  • Password (stored securely as a hash, never in plain text)
  • Account preferences and settings

Wedding website content

  • Guest names, email addresses, and contact details
  • RSVP responses and dietary requirements
  • Meal selections and seating arrangements
  • Photos, messages, and guestbook entries uploaded by you or your guests
  • Event details (dates, venues, descriptions)

Payment data

  • Billing name and address
  • Payment card details (processed and stored entirely by Stripe — we never see or store your full card number)
  • Transaction history and purchase records

Technical and usage data

  • IP address (anonymised for analytics)
  • Browser type and version, device type, operating system
  • Pages visited, time spent on pages, referring URLs
  • Approximate location (country/city level, derived from IP address)
  • Cookies and similar technologies (see Section 7)

Communication data

  • Emails exchanged with our support team
  • Transactional email records (send confirmations, delivery status)

3. How we collect your data

We collect data through:

  • Direct interactions — when you create an account, build your wedding website, add guests, make a purchase, or contact us
  • Guest interactions — when your guests RSVP, sign your guestbook, upload photos, or interact with your wedding website
  • Automated technologies — cookies and analytics tools that collect technical data when you browse our site (only with your consent for non-essential cookies)
  • Third-party services — payment confirmation data from Stripe

4. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

PurposeLawful basis
Providing our services (hosting your wedding website, processing RSVPs, managing guest lists)Contract — necessary to perform our contract with you
Processing paymentsContract — necessary to fulfil your purchase
Sending transactional emails (RSVP confirmations, reminders, milestones)Contract — necessary to deliver the service you requested
Analysing site usage via Google AnalyticsConsent — only with your explicit opt-in via our cookie banner
Detecting fraud and preventing abuseLegitimate interest — protecting our platform and users
Responding to support requestsLegitimate interest — providing customer support
Complying with legal obligations (tax records, law enforcement requests)Legal obligation — required by law

You can withdraw consent for analytics at any time by clearing your cookies or using your browser settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

5. How we use your data

We use your personal data to:

  • Create and maintain your account
  • Host and serve your wedding website
  • Process RSVPs and manage your guest list
  • Handle meal selections, seating arrangements, and dietary requirements
  • Store and serve photos, guestbook entries, and other wedding content
  • Process payments for addons and subscriptions
  • Send transactional emails on your behalf (save-the-dates, RSVP confirmations, reminders)
  • Analyse anonymous site usage to improve our product (with consent)
  • Respond to your support requests
  • Detect and prevent fraud or abuse
  • Comply with legal and regulatory obligations

We do not:

  • Sell your personal data to any third party
  • Use your data for advertising or marketing profiling
  • Share your guest lists, wedding content, or personal details with third parties for their marketing purposes
  • Make automated decisions or profile you in ways that produce legal effects

6. Data sharing and sub-processors

We share your data only with trusted service providers who process it on our behalf, under strict data processing agreements. We do not share your data with any third parties for their own purposes.

ProviderPurposeData sharedLocation
SupabaseAuthentication and databaseAccount data, wedding content, guest dataEU (Frankfurt)
Digital OceanWebsite and application hosting, CDN and file storageAll application dataUnited Kingdom
StripePayment processingBilling name, address, payment details, transaction recordsUnited States (with UK GDPR safeguards)
ResendTransactional email deliveryRecipient email addresses, email contentUnited States (with UK GDPR safeguards)
Google AnalyticsAnonymous site usage analyticsAnonymised IP, pages visited, device info (consent required)United States (with UK GDPR safeguards)

7. International data transfers

Some of our sub-processors are based outside the United Kingdom. Where your data is transferred outside the UK, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the ICO, incorporated into our agreements with US-based processors (Stripe, Resend, Google)
  • Adequacy decisions where applicable (EU transfers)
  • Supabase processes data within the EU (Frankfurt region), covered by the UK-EU adequacy arrangement
  • Digital Ocean processes data within the United Kingdom

You can request a copy of the relevant safeguards by contacting us at [email protected].

8. Cookies and tracking technologies

Essential cookies

These cookies are strictly necessary for the site to function. They cannot be disabled.

CookiePurposeDuration
btd_logged_inIdentifies whether you are signed inSession
sb-*Supabase authentication sessionSession

Analytics cookies (consent required)

These cookies are only set after you click "Accept" on our cookie banner.

CookiePurposeDurationProvider
_gaDistinguishes unique users2 yearsGoogle Analytics
_ga_*Maintains session state2 yearsGoogle Analytics

Consent cookie

CookiePurposeDuration
cookie_consentStores your cookie preference (granted/denied)1 year

Managing cookies

You can manage or delete cookies through your browser settings at any time. Disabling essential cookies may prevent parts of the site from functioning correctly. You can withdraw analytics consent by clearing your cookies — the cookie banner will reappear on your next visit.

Google Analytics privacy settings

We have configured Google Analytics with the following privacy protections:

  • Consent Mode v2 — analytics cookies are blocked until you provide consent
  • IP anonymisation is enabled
  • Advertising features are disabled (no remarketing, no demographics reporting)
  • Data sharing with Google for advertising purposes is turned off

9. Data retention

Data typeRetention period
Account and wedding dataAs long as your account is active, plus 30 days after deletion request
Guest data (names, RSVPs, dietary info)As long as the associated wedding website exists
Photos and mediaAs long as the associated wedding website exists
Payment records7 years (as required by UK tax law)
Transactional email logs90 days
Analytics data14 months (Google Analytics default with anonymised IP)
Support correspondence2 years after last contact

After your wedding, your website remains accessible as a keepsake for as long as your account is active. You can request deletion of your account and all associated data at any time.

10. Your rights under UK GDPR

Under UK data protection law, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of any inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data (subject to legal retention requirements)
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — request your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw consent for analytics cookies at any time
  • Rights related to automated decision-making — we do not carry out automated decision-making or profiling

To exercise any of these rights, email us at [email protected]. We will respond within one month, as required by law. If your request is complex, we may extend this by a further two months, but we will let you know within the first month.

There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

11. Data security

We take appropriate technical and organisational measures to protect your personal data, including:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Passwords are hashed using industry-standard algorithms and never stored in plain text
  • Database access is restricted and protected by role-based access controls
  • Our application is hosted on Digital Ocean infrastructure within the United Kingdom
  • Authentication is handled by Supabase with secure session management
  • Payment data is handled entirely by Stripe, a PCI DSS Level 1 certified provider — we never store card details on our servers
  • Regular security updates and dependency monitoring

12. Children's privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

13. Third-party links

Our website may contain links to third-party websites (e.g. venue websites, gift registries). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal data.

14. Guests and data subjects who are not account holders

If you are a wedding guest whose information has been added to Build The Day by a couple or wedding planner, the account holder is responsible for ensuring they have a lawful basis to share your data with us (typically legitimate interest or consent). You have the same rights as described in Section 10. To exercise these rights, you can contact the couple directly or email us at [email protected].

15. Wedding planners and business accounts

If you use Build The Day as a wedding planner managing weddings on behalf of your clients, you act as a data controller for the personal data of your clients and their guests. Build The Day acts as a data processor on your behalf. Our responsibilities are governed by a Data Processing Agreement, which is available on request.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify active account holders by email where appropriate

We encourage you to review this policy periodically.

17. California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know — what personal information we collect, use, and disclose
  • Right to delete — request deletion of your personal information
  • Right to opt out — of the sale of personal information (we do not sell your data)
  • Right to non-discrimination — we will not treat you differently for exercising your rights

To exercise these rights, contact us at [email protected].

18. Contact us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We use cookies to understand how you use our site and to improve your experience. By clicking "Accept", you consent to the use of analytics cookies. Read our Privacy Policy for more details.