Privacy Policy

Learn how we collect, use, and protect personal data when you create events, invite guests, and manage RSVPs.

SnapInvite Privacy Policy

Last updated: February 4, 2026

Valley Tech LLC ("Valley Tech," "we," "us," or "our") operates the SnapInvite website, web application, and related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you interact with the Services. It also describes your rights and choices.

If you do not agree with this policy, please do not use the Services.

1. Information We Collect

We collect the following categories of information:

1.1 Information You Provide Directly

  • Account and profile details: name, email address, authentication tokens (e.g., magic links), and preferences you add to your account.
  • Event and RSVP information: event titles, descriptions, dates/times, locations, custom questions, and settings you configure.
  • Guest list information: guest names, email addresses, phone numbers, SMS opt-in preferences, plus-one counts, RSVP responses, custom question responses, and notes.
  • Invitation inputs (including AI tools): event prompts, theme/style selections, custom text, uploaded photos or assets, and any other content you submit to generate invitations.
  • Face uploads (optional): face photos you upload to generate a personalized invitation (see Section 11).
  • Payment details: billing name, email, and limited payment method information submitted through Stripe. Stripe stores and processes full payment credentials on our behalf.
  • Support and communications: information you provide when you contact support or submit feedback.

1.2 Information Collected Automatically

  • Usage and device data: log files, IP address, browser type, operating system, language, referring/exit pages, and timestamps.
  • Analytics and advertising data: events captured via Google Analytics 4, Meta Pixel, Reddit Pixel (including server-side Conversions API where configured), and similar tools.
  • Session replay diagnostics (FullStory): interaction data such as pages visited, clicks, scrolling, and limited input context to help us diagnose issues and improve the Services. Sensitive fields (such as payment fields) are intended to be masked.
  • Attribution data: UTM parameters, referral URLs, campaign identifiers, and marketing source data stored in cookies and/or local storage.
  • App performance data: diagnostic information about errors, latency, AI generation metadata, and queue performance captured for troubleshooting.

1.3 Information From Third Parties

  • AI service providers: OpenAI, Replicate, and similar vendors may process your inputs (including optional images) to generate invitation designs.
  • Payment processors: Stripe shares payment status, billing details, and transaction metadata so we can manage orders, subscriptions, and customer support.
  • Analytics and advertising partners: Google, Meta, Reddit, and FullStory may provide aggregated insights about campaign performance.

2. How We Use Information

We use personal information to:

  1. Provide and improve the Services, including hosting event pages, collecting RSVPs, managing guest lists, generating invitations, and enhancing product features.
  2. Communicate with you and your guests, including sending invitations, confirmations, reminders, receipts, and service notices.
  3. Process payments and manage subscriptions, refunds, and fraud prevention.
  4. Personalize experiences, including recommending templates and remembering preferences.
  5. Analyze usage and measure performance, including understanding feature adoption and optimizing marketing campaigns.
  6. Protect the Services, including detecting fraud, enforcing our Terms of Service, and securing accounts.
  7. Comply with legal obligations and respond to lawful requests.

3. Legal Bases for Processing

SnapInvite primarily serves users in the United States. Where required by law, we rely on:

  • Contract: processing necessary to provide the Services.
  • Legitimate interests: improving and securing the Services and preventing abuse.
  • Consent / opt-out rights: honoring cookie choices, opt-out requests, and Global Privacy Control (GPC) signals.
  • Legal obligations: compliance with tax, accounting, and regulatory requirements.

4. How We Share Information

We share personal information with:

  • Service providers (processors): companies that host infrastructure (AWS, Cloudflare), provide AI generation (OpenAI, Replicate), process payments (Stripe), deliver emails (Postmark), deliver SMS (Twilio), and provide analytics/session replay (Google, Meta, Reddit, FullStory). These providers process data under our instructions and contractual restrictions.
  • Professional advisors: lawyers, accountants, auditors, or insurers when necessary.
  • Authorities or parties in legal matters: if required by law, subpoena, or to protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, provided the recipient agrees to honor this policy.

We do not sell personal information for money. However, use of advertising pixels and similar technologies may involve "sharing" for cross-context behavioral advertising as defined by some privacy laws. You can opt out using the controls described in Section 5.

5. Cookies, Local Storage, and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you signed in and secure the application.
  • Remember preferences and onboarding progress.
  • Measure website traffic and campaign performance.
  • Enable advertising and retargeting via Meta or other partners.
  • Store attribution parameters (e.g., UTM tags) to measure which campaigns lead to signups or purchases.

In the United States, some analytics and marketing technologies may be enabled by default unless you opt out through the controls below or your browser sends a Global Privacy Control (GPC) signal.

5.1 Managing Your Choices

  • Cookie preferences: You can manage analytics/marketing choices using the cookie preference controls in the footer (including "Privacy choices" and "Do Not Sell or Share My Personal Information").
  • Global Privacy Control (GPC): If your browser sends a GPC signal, we treat it as an opt-out preference signal and attempt to honor it by disabling analytics/marketing tracking where feasible.

Note: Some vendors (such as Google) may still receive limited, non-identifying signals (for example, consent mode pings) to communicate your preferences and measure aggregated performance.

6. Data Retention

We retain personal information based on the following criteria:

  • Account data: for the duration of your account plus up to 3 years after deletion for compliance.
  • Event and RSVP data: for the life of the event plus up to 3 years, unless you delete it earlier.
  • Guest list data: retained with the associated event until deletion, subject to legal retention.
  • Invitation assets and AI metadata: retained until you delete them or request deletion, subject to legal retention.
  • Transaction records: 7 years for accounting and tax purposes.
  • Analytics logs: typically up to 26 months (Google Analytics default), unless deleted earlier.
  • Support communications: 3 years from the last interaction.

We delete or anonymize personal information when it is no longer needed, unless we are required to retain it by law.

7. Data Security

We employ technical and organizational safeguards appropriate to the sensitivity of the data, including encrypted connections (HTTPS/TLS), access controls, monitoring, and vendor security reviews.

However, no system is completely secure. Please notify us immediately at [email protected] if you believe your account has been compromised.

8. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access your personal information and receive a copy.
  • Correct inaccurate or incomplete information.
  • Delete your personal information (subject to legal retention).
  • Opt out of certain processing (including targeted advertising where applicable).
  • Withdraw consent where we rely on consent.
  • Data portability: receive your data in a structured, machine-readable format.

SMS choices: If you receive SMS messages from us, you can opt out at any time by replying STOP.

To exercise these rights, contact us at [email protected]. We may ask you to verify your identity before fulfilling requests. We respond within 30 days (or as required by applicable law).

9. International Data Transfers

We are based in the United States and may use service providers located in the United States and other countries. When we transfer personal information internationally, we rely on appropriate safeguards where required.

10. Children's Privacy

SnapInvite is designed for adults planning events and is not directed to children under 13. We do not knowingly collect personal information directly from children under 13 without verifiable parental consent.

Hosts may include children’s names or photos in invitations or RSVP questions. Hosts are responsible for obtaining any required parental/guardian consent before submitting children’s personal information to the Services.

11. Biometric Data (Face Uploads)

If you use the optional face-upload feature (including for children’s photos), you agree that:

  • We process the image solely to generate an invitation and then delete temporary copies after generation (temporary storage is short-lived and designed to expire automatically).
  • We do not create or store biometric templates or embeddings.
  • In some locations (including Illinois and Texas), explicit consent is required before we process face images due to biometric privacy laws.
  • We may transmit the uploaded image to contracted AI vendors for generation, limited to the data necessary to perform the service.
  • You are responsible for having the legal right/permission to upload the photo and for complying with applicable biometric, privacy, and child-protection laws.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of personal information.

  • Opt-out: You can opt out of certain sharing for targeted advertising via the cookie preference controls in the footer and by using GPC.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

To exercise California rights, contact [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date above and may notify you of material changes through the Services or by email.

14. Contact Us

Valley Tech LLC
Physical Address: 550 CALIFORNIA STREET, SUITE 1040, SAN FRANCISCO, CA 94104
Email: [email protected]