Privacy policy

The short version

We collect the minimum we need to run the product. We don't sell your information. We don't advertise on it. The wedding-to-be and the wedding vendors can only see what we explicitly show each other.

Who we are

to.be is operated by Fleurish Grounds, LLC, 2546 Buttermilk Pike, Villa Hills, KY 41017. For privacy questions, data-subject requests, or anything described in this policy, write hello@tobeweddingapp.com. That address is also the contact for purposes of GDPR Article 4(7) (data controller) and the comparable role under the CCPA.

What we collect

From everyone:

• Email address (for sign-in and the one launch email)
• Whatever Google or other OAuth providers share when you sign in, typically name and profile photo
• Basic device data so the site works on your screen, browser type, screen size, country-level IP location
• If you opt into push notifications, the endpoint and crypto keys your browser issues for your device. These let our server send you a push without us learning anything about the device beyond what your browser shares.

From the wedding-to-be specifically:

• Wedding date (optional)
• City you're getting married in
• Which categories you're browsing
• Which vendors you like or pass on (we use this to tune your recommendations)
• The text of messages you send to a wedding vendor

From the wedding vendors specifically:

• Vendor name, category, location, pricing, photos
• The Stripe customer record for billing, we never see your card details
• The text of messages you send to a wedding-to-be

If you connect Pinterest:

• The OAuth access token and refresh token Pinterest issues when you grant access, plus the token expiry and the scopes you granted. We use these only to create Pins on the board you pick and to display your Pinterest username on your account page.
• Your Pinterest username and the ID + name of the board you select as the default destination for cross-posts.
• Pinterest requires us to request several scopes (including read-access to your pins and write-access to your boards) before they’ll let us create a pin on your behalf, even though we only ever do the create. We don’t read your existing pins, followers, or boards (beyond the one-time board list we show in the picker), and we never create or edit boards. Disconnecting deletes our copy of the tokens and the board selection immediately. To fully revoke the app on Pinterest’s side (so the authorization stops appearing in your Pinterest settings), also remove “to.be” from your Pinterest account at Settings → Apps. Pinterest’s v5 API doesn’t expose a token-revoke endpoint, so that step is manual on their side.

Why we collect it

Under GDPR Article 6, each category of data has a stated lawful basis:

• Account email + auth data: performance of a contract (Art. 6(1)(b)), the contract is your account agreement.
• Wedding date, city, category preferences, swipe history: performance of a contract, these are what let us show you relevant vendors.
• Messages between the two sides: performance of a contract.
• Push subscription: consent (Art. 6(1)(a)), only stored after you accept the browser prompt.
• Stripe billing data (wedding vendors): legal obligation (Art. 6(1)(c)) and contract.
• Analytics cookies: consent, only loaded after you accept the cookie banner.
• Pinterest OAuth tokens + default board: consent (Art. 6(1)(a)), only stored after you complete the Pinterest connect flow, and only used for the mood-board cross-post feature.
• Device data and IP location: legitimate interest (Art. 6(1)(f)) in making the site work on your screen and stopping abuse.

How long we keep it

• Account data:until you delete the account, then within seven days unless we're legally required to keep specific records (see below).
• Messages: for the life of the account. Deleted with the account.
• Billing records (wedding vendors): kept seven years to meet US tax recordkeeping rules.
• Analytics events: 14 months in Google Analytics, then auto-deleted.
• Server access logs: 30 days for security/debugging, then auto-deleted.
• Database backups: up to 30 days. Deletion requests are propagated to backups on rotation.

Who sees what

The two sides only see each other's information when someone sends a message:

• A wedding vendor sees the wedding-to-be's display name, wedding date, city, and the message, but only after the wedding-to-be writes them first.
• The wedding-to-be sees public information for any vendor in their feed, what was written, photos, links.
• In-thread replies stay on to.be. Both sides also receive an email notification with the message body so they don't need to be in the app to see it.

Who we share with

A short list of subprocessors we use to run the platform:

• Supabase - auth, database, file storage
• Vercel - hosting
• Stripe - subscriptions (wedding vendors only)
• Resend - transactional email (when either side messages the other)
• Google Places - public vendor information (rating, reviews) for vendors with a Google listing
• Hotjar and Google Analytics - only when you've accepted the analytics cookie banner
• Pinterest - only if you connect Pinterest from your mood board. We send Pin metadata (image URL, title, description, link back to to.be) and your OAuth token via the Pinterest API. We never send your wedding date, location, or other planning data.

Each of these is bound by their own data processing agreement. For users in the EU/UK, transfers to these US-based providers rely on Standard Contractual Clauses (SCCs) under GDPR Article 46.

We do not sell your data to advertisers, brokers, or anyone else. We do not run third-party advertising on the site.

Where your data lives

Our databases and file storage run in the United States. Email sending, push delivery, and analytics may also process data in the US. If you're writing from the EU/UK, your data crosses the Atlantic to reach us, see the subprocessor list above for the legal basis for that transfer.

What you can do

Edit your profile (the wedding-to-be: from your profile page; the wedding vendors: from the dashboard). Delete your account from there too, or by emailing hello@tobeweddingapp.com, we'll remove your data within seven days unless we're legally required to keep specific records (billing receipts, fraud cases). You can also ask for a copy of what we have.

California residents (CCPA / CPRA)

If you're a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the CPRA:

• Right to know what personal information we collect, where it came from, and what we do with it (this policy covers most of that; ask for specifics if you want them).
• Right to delete your personal information.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. We don't sell or share your personal information. There's nothing to opt out of, but you have the right.
• Right to limit use of sensitive personal information. We don't use sensitive PI for inference or profiling beyond what runs the product.
• Right to non-discrimination for exercising any of the above.

To exercise any of these, email hello@tobeweddingapp.com from the account address. Authorized agents may submit requests on your behalf with written authorization.

European and UK residents (GDPR / UK GDPR)

If you're in the EU, the UK, or another GDPR-aligned jurisdiction, you have the following rights:

• Access - ask for a copy of the data we hold on you.
• Rectification - ask us to fix anything wrong.
• Erasure - ask us to delete it (subject to legal retention rules).
• Restriction - ask us to limit how we use it while we resolve a question.
• Portability - ask for it in a structured, machine-readable form.
• Objection - object to processing based on legitimate interest.
• Withdraw consent - for anything we process on consent (analytics, push), you can change your mind anytime.
• Lodge a complaintwith your local data protection authority. We'd rather you tell us first so we can fix it.

Same email as above to exercise any of these. We respond within 30 days.

Cookies

Two kinds:

Essential cookies keep you signed in and remember your role (planning a wedding vs. running a wedding business). Specifically: the Supabase auth session cookies (sb-*-auth-token) and the cookie-consent record (tb_consent). The site doesn't work without these and they aren't optional.

Analyticscookies (Hotjar and Google Analytics) help us see what's working and what isn't, which pages get used, where people get stuck. We ask before loading these the first time you visit. If you decline, they never load. You can clear the choice by deleting the tb_consentcookie in your browser and you'll be asked again. We also honor the Global Privacy Control (GPC) signal if your browser sends one.

No third-party advertising cookies. We don't sell or share data with ad networks, and we don't track you across other sites.

Children

to.be is for people 18 or older planning weddings. We don't knowingly collect data from children under 13 (per COPPA), and our terms restrict accounts to 18+. If you think we have data from a minor, write us and we'll delete it.

Security and breach response

We take reasonable measures to protect your information: encryption in transit, encryption at rest for the database, row-level security on every table, principle-of-least-privilege access for our team. No system is perfect, and we don't promise one is.

If there's a personal data breach affecting you, we'll notify you without undue delay and within 72 hours of becoming aware where the breach is likely to result in a risk to your rights and freedoms, in line with GDPR Article 33. We'll tell you what happened, what data was affected, and what we're doing about it.

Updates to this policy

If we make a meaningful change, we'll email people with an account before it takes effect and bump the version number at the top. Smaller wording fixes just get a new date.

Questions

hello@tobeweddingapp.com. A person reads these.