Legal

Privacy Policy

Effective Date: April 3, 2026

Aisle (“we,” “us,” or “our”) operates the website and services available at aisle.wedding (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you create an account through Clerk, our authentication provider, we collect your email address, phone number, and name. If you use social authentication, we receive your name and email from the provider.
  • Wedding Details: Information about your wedding, including couple names, wedding date, destination, venue details, event schedules, dress codes, accommodation arrangements, and travel logistics.
  • Guest Information: Names, phone numbers, email addresses, dietary restrictions, allergies, RSVP responses, meal selections, accommodation assignments, and any other guest-specific details you provide.
  • AI Assistant Interactions: Messages, prompts, and commands you submit to our AI-powered planning assistant.
  • Venue Submissions: If you submit or claim a venue listing, we collect venue details including name, location, description, photos, contact information, and website URL.
  • Communications: Any messages or correspondence you send to us, including support requests and feedback.

1.2 Information Collected Automatically

  • Usage Data: We use Vercel Analytics to collect anonymized usage data, including page views, feature usage, and performance metrics. Vercel Analytics does not use cookies for tracking and is privacy-focused by design.
  • Device and Browser Information: Browser type, operating system, device type, screen resolution, and language preferences, collected through standard HTTP headers.
  • Log Data: IP addresses, access timestamps, referring URLs, and pages viewed, collected automatically by our hosting infrastructure.

1.3 Information from Third Parties

  • Authentication Providers: When you sign in through Clerk using social login (e.g., Google), we receive basic profile information as authorized by you during the authentication flow.
  • Venue Directory Data: We source publicly available venue information from the Google Places API, including venue names, addresses, ratings, review counts, photos, and business details. This data is used to populate our venue directory and is supplemented with AI-generated descriptions and travel information.
  • Map Services: When you interact with maps on our site, Mapbox GL may collect usage data including your approximate location, device information, and map interaction patterns in accordance with Mapbox’s Privacy Policy.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Create and host your wedding website, manage guest lists, process RSVPs, coordinate event details, and facilitate the AI planning assistant.
  • Authenticate Users: Verify your identity and your guests’ identities through phone number verification and account authentication.
  • Personalize Experiences: Deliver personalized guest portals showing each guest their specific RSVP status, accommodation details, and event schedule.
  • Improve the Service: Analyze usage patterns to improve features, fix bugs, optimize performance, and develop new functionality.
  • Train and Improve AI: Use anonymized and aggregated interaction data to improve the accuracy and usefulness of our AI planning assistant. We do not use personally identifiable guest data to train AI models.
  • Communicate with You: Send service-related notifications, respond to support inquiries, and provide updates about your account or the Service.
  • Ensure Security: Detect, prevent, and address fraud, abuse, unauthorized access, and other harmful activity.

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

  • With Your Guests: When you create a wedding website, the information you choose to include (event details, venue locations, travel information, accommodation details) is visible to guests who verify their identity through phone number authentication. Each guest sees only the information relevant to them, such as their personal RSVP status, room assignment, and meal selection.
  • Service Providers: We share information with third-party service providers who assist us in operating the Service, including:
    • Clerk — Authentication and identity verification
    • Vercel — Hosting, deployment, file storage (Vercel Blob), and analytics
    • Anthropic (Claude) — AI assistant and AI-generated venue content. Data is transmitted securely and processed per Anthropic’s data usage policies. We do not send personally identifiable guest data to AI providers.
    • Stripe — Payment processing. We do not store credit card numbers; all payment data is handled directly by Stripe in accordance with PCI DSS standards.
    • Twilio — SMS delivery for phone number verification and guest notifications
    • Resend — Transactional email delivery
    • Google (Places API) — Venue data, photos, and location information for our venue directory
    • Mapbox — Interactive maps and globe visualization
    • PostHog — Product analytics and feature usage tracking
    These providers are contractually obligated to protect your information and may only use it to provide services to us.
  • Legal Compliance: We may disclose information when required by law, court order, subpoena, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
  • AI Assistants via MCP: Aisle offers a Model Context Protocol (MCP) server that allows third-party AI assistants (such as Claude, ChatGPT, Cursor, and others) to access your wedding data on your behalf. When you connect your Aisle account to an AI assistant through OAuth authentication, you authorize that assistant to read and modify your wedding data, including wedding details, guest lists, events, accommodations, and registry items. Aisle does not control how third-party AI assistants process, store, or display your data once it is transmitted. Public venue and vendor listing data is accessible through the MCP without authentication. No payment information, passwords, or Clerk authentication credentials are ever shared through the MCP.

4. Guest Privacy

We recognize that wedding guests have not directly created accounts with Aisle. Guests access the Service through phone number verification, initiated by the couple who created the wedding website. We treat guest data with particular care:

  • Guest phone numbers are used solely for identity verification and are not used for marketing or shared with third parties.
  • Guest personal information (dietary restrictions, allergies, meal selections) is visible only to the couple who created the wedding website and to the individual guest.
  • We do not create marketing profiles for guests or contact guests for any purpose other than Service functionality.
  • Guests may request deletion of their information by contacting us at privacy@aisle.wedding.

5. Venue Directory

Our venue directory contains publicly available information about wedding venues worldwide, sourced from the Google Places API and supplemented with AI-generated descriptions, travel logistics, and cost estimates. Venue photos are sourced from Google Places and stored on our servers.

  • Venue listings are created from publicly available business data and do not contain personal information about venue owners or staff unless voluntarily provided through our venue claim process.
  • Venue owners may claim their listing to update information, manage availability, and respond to inquiries. Claiming a listing requires identity verification.
  • AI-generated venue descriptions, cost estimates, and travel information are approximate and provided for general guidance only.
  • If you are a venue owner and wish to have your listing removed or corrected, contact us at support@aisle.wedding.

6. Data Retention

We retain your account information and User Content for the duration of your active account. Wedding website data, including guest lists and event details, is retained for up to twelve (12) months after the wedding date to allow couples to access their information post-event.

Upon account deletion:

  • Your wedding website is immediately unpublished and inaccessible.
  • Personal data and User Content are permanently deleted within thirty (30) days.
  • Anonymized, aggregated analytics data may be retained indefinitely for Service improvement purposes.
  • Certain data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes).

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • HTTPS encryption for all data transmission (TLS/SSL)
  • Encryption of sensitive data at rest
  • Content Security Policy (CSP) headers to prevent cross-site scripting attacks
  • HTTP security headers including Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options
  • Phone-based identity verification for guest access
  • Regular security assessments and monitoring
  • Access controls limiting employee access to personal data on a need-to-know basis

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 All Users

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information and account.
  • Data Export: Request a portable copy of your data in a structured, machine-readable format.
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.

8.2 European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation, including the right to restrict processing, the right to object to processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing personal data includes performance of a contract (providing the Service), legitimate interest (improving the Service and ensuring security), and consent (where specifically obtained).

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, the right to delete your information, the right to opt out of the sale of your information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@aisle.wedding. We will respond to verified requests within thirty (30) days.

9. Cookies and Tracking Technologies

The Service uses minimal cookies and tracking technologies:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled without affecting Service functionality.
  • Analytics: Vercel Analytics and PostHog collect usage data including page views, feature interactions, and performance metrics. PostHog may use cookies for session tracking. Analytics data is used to improve the Service and is not sold to third parties.

We do not use third-party advertising cookies or cross-site tracking technologies.

10. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. We take appropriate safeguards to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it, including standard contractual clauses where required.

11. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@aisle.wedding.

12. Third-Party Links

The Service may contain links to third-party websites, including travel booking platforms, venue websites, and vendor pages. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service and update the “Effective Date” at the top of this page. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

For data protection inquiries from the EEA, you may also contact our data protection point of contact at dpo@aisle.wedding.