United Vows

Privacy Policy

Last updated: May 23, 2026

This Privacy Policy describes how United Vows LLC (β€œUnited Vows,” β€œwe,” β€œus”) collects, uses, and protects information about you when you use our wedding-planning platform and vendor marketplace. United Vows LLC is an Ohio limited liability company that is a wholly-owned subsidiary of Vanguard Legacy Ventures LLC, a Wyoming limited liability company.

We've tried to write this in plain English. If anything is unclear, email privacy@unitedvows.com.

1. The short version

  • We collect what we need to run the platform: account info, what you do on the site, and payment-processing details that flow through Stripe.
  • We share information with vendors when you book them, with payment processors so you can pay, with AI providers when you use AI features, and with no one else without your consent or a legal obligation.
  • We don't sell your personal information. We don't share it for cross-context behavioral advertising.
  • You have rights β€” to access, correct, delete, or export your data. See section 8.

2. What we collect

Information you provide

  • Account info β€” name, email, password (hashed), phone (optional; see section 4 for AI-feature-specific consent), role (couple, vendor, guest, admin).
  • Profile content β€” for couples: partner names, wedding date, venue, guest count, budget, style preferences, color palette, photos. For vendors: business name, bio, portfolio photos, services offered, pricing, service area, team members.
  • Communications β€” messages between couples and vendors, comments on vendor profiles, day-of group chat messages, support tickets.
  • Booking + payment info β€” contracts, payment milestones, refund history, dispute filings. Payment card details are processed by Stripe; we don't store full card numbers on our servers.
  • AI conversation content β€” what you type into the Vows Assistant or other AI features.
  • Voice content (AI Receptionist only) β€” when a vendor enables the AI Receptionist feature and you call the vendor, the call is recorded and transcribed. The recording disclosure is played at the start of the call. See our separate disclosure at unitedvows.com/ai-receptionist-disclosure.

Information collected automatically

  • Device and browser information (user agent, screen size, locale).
  • IP address and approximate location derived from it.
  • Cookies and similar technologies (see our Cookies Policy).
  • Usage events: pages viewed, features used, search queries, click paths.

Information from third parties

  • For vendors: when we import publicly available business info (Google Business Profile, etc.) to seed unclaimed listings, we attribute the source and offer a clear claim flow.
  • For OAuth signins: we receive the basic profile (name, email, profile photo) from the provider you used.

3. How we use it

  • To run the platform β€” show you relevant vendors, process payments, route messages, hold escrow funds.
  • To make AI features work β€” process your inputs through AI providers and return results.
  • To improve the platform β€” measure feature usage, debug issues. We do not train internal models on identifiable user content. Aggregate, non-identifying analytics may be derived from usage events.
  • To communicate with you β€” transactional emails (booking confirmations, payment receipts), service announcements, and (with your consent) marketing.
  • To prevent fraud and enforce our Terms.
  • To comply with legal obligations (including tax records retention).

4. AI features and your data

United Vows uses AI from OpenAI, Anthropic, and Google to power the Vows Assistant, the AI Profile Builder, AI-assisted vendor matching, AI-generated proposals, the AI Receptionist (vendor feature), AI Coach, AI Insights, and other features. When you use one of these features:

  • Your inputs (messages, profile fields you ask AI to rewrite, transcripts of AI Receptionist calls) are sent to the AI provider for processing.
  • We have configured these integrations to use enterprise / no-train endpoints where the AI provider offers them β€” meaning the AI provider does not use your inputs to train its public models.
  • We retain a copy of AI conversations for up to 90 days for service quality, debugging, and abuse-detection. After 90 days the identifiable conversation data is deleted. Aggregated, non-identifying analytics derived from earlier conversations may be retained indefinitely.
  • AI outputs are suggestions, not advice. Don't rely on them for legal, medical, financial, tax, insurance, employment, immigration, or any other professional decision without independent verification.

Phone number and AI Receptionist consent. If you provide your phone number to United Vows (couple settings or vendor profile), you consent to its use for: account verification (one-time), inbound caller-matching by the AI Receptionist when you call a vendor that has enabled the feature, and outbound callbacks only when you affirmatively request one. We do not place outbound marketing calls or SMS without explicit affirmative consent under the federal TCPA and applicable state laws. See section 6 (sub-processors) for the AI Receptionist sub-processor.

5. Cross-vendor features and shared data

Some features intentionally share information between vendors and couples on the same wedding. Specifically:

  • Vendor recommendations: when a vendor recommends another vendor, that endorsement is publicly visible on both vendor profiles.
  • Shared wedding-day timelines: all confirmed vendors on a wedding can view the couple's timeline. Each vendor's notes on the timeline are visible to the couple and the other confirmed vendors.
  • Day-of group chat: when 2+ vendors are confirmed on a wedding, an automatic shared chat thread is created with the couple and every confirmed vendor. Messages in this thread are visible to all participants.

Don't share sensitive information (passwords, financial account numbers, government IDs, health data) in these shared surfaces.

6. Sub-processors and recipients

We use the following sub-processors to operate the platform. Each is bound by data-protection terms in their service agreements with us:

  • Stripe β€” payments, Stripe Connect escrow, Stripe Identity for verification.
  • Vapi β€” voice / AI Receptionist runtime.
  • MessageBird β€” SMS sending (only when enabled; default off).
  • OpenAI, Anthropic, Google β€” AI inference for assistant, matching, and analysis features.
  • Resend β€” transactional email delivery.
  • Neon β€” database hosting.
  • Vercel β€” application hosting.
  • Upstash β€” cache / rate-limit storage.
  • Sentry β€” error monitoring (stack traces and request metadata; configured to redact PII).
  • PostHog β€” product analytics (aggregated, anonymous-where-possible).

We share information with the following non-sub-processor recipients:

  • Vendors you contact or book. Your contact info, wedding details, and messages reach the vendor when you inquire.
  • Other confirmed vendors on your wedding. See section 5 (cross-vendor features).
  • Legal & safety: we'll disclose information when required by law, to enforce our Terms, to investigate fraud, or to protect rights, property, or safety.
  • In a sale of the company: if United Vows is acquired or merged, personal information may transfer to the new entity. We'll notify you in advance.

We don't sell or rent personal information to third parties for their own marketing. We don't share personal information for cross-context behavioral advertising as those terms are defined under California law.

7. Data retention

  • Active accounts: as long as you have an account.
  • Closed accounts: we retain core records (account, contracts, payment history) for up to 7 years for tax (IRS retention requirements), dispute-resolution, and legal-obligation purposes; the rest is deleted within 90 days of account closure. The 7-year retention is necessary for compliance with federal tax law and the platform's defense in any subsequent claim under state contract or consumer-protection statutes.
  • AI conversation logs: 90 days, then identifiable content is deleted.
  • Wedding-site content: kept until you delete the wedding site or close your account.
  • AI Receptionist call recordings: 13 months. Call transcripts: 7 years. Opt-out records: indefinite (retained to honor your opt-out).

8. Your rights

Depending on your location you may have the following rights, which you can exercise by emailing privacy@unitedvows.com:

  • Access: request a copy of the personal information we hold.
  • Correction: have inaccurate data corrected.
  • Deletion: request deletion of your personal information (with legal-retention exceptions described in Section 7).
  • Portability: receive your data in a machine-readable format.
  • Opt-out of marketing: unsubscribe from any marketing email; transactional emails will continue while your account is active.
  • Object to processing: object to certain processing, including automated decision-making.
  • Opt-out of sharing for cross-context behavioral advertising: we do not share personal information for cross-context behavioral advertising, so there is nothing to opt out of. To confirm in writing, see the California section below.

We honor browser-level Do Not Track (DNT) and Global Privacy Control (GPC) signals as requests to opt out of any non-necessary tracking. Our cookie banner reflects these signals when set.

If you're in the EU/EEA/UK (GDPR): you also have the right to lodge a complaint with your local supervisory authority. We process data on lawful bases including contract performance, legitimate interests (platform operations, fraud prevention), consent (marketing, optional features), and legal obligation.

If you're in California (CCPA/CPRA): see your rights to know, delete, correct, and opt-out. To request opt-out of sharing (note: we do not currently share for cross-context behavioral advertising), email privacy@unitedvows.com or use the in-app privacy preferences page.

9. Children

United Vows is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18. In particular, we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe a minor has created an account, email privacy@unitedvows.com and we'll delete the account and associated personal information promptly.

10. International transfers

Our servers are in the United States. If you're using United Vows from outside the US, your information will be transferred to and processed in the US. For users in the EU/EEA/UK, we are in the process of implementing Standard Contractual Clauses and supplementary measures to safeguard cross-border transfers. If you have specific questions about international transfer mechanisms, email privacy@unitedvows.com.

11. Security

We use TLS 1.3 in transit, encrypted storage at rest, role-based access controls, rate limiting on public endpoints, audit logs on sensitive actions, and structured incident-response procedures. No system is perfectly secure β€” if you suspect a security issue, email security@unitedvows.com.

12. Changes to this policy

We may update this Privacy Policy occasionally. Material changes will be communicated by email and an in-app notice at least 30 days before they take effect.

13. Contact

Privacy questions: privacy@unitedvows.com.

Security disclosures: security@unitedvows.com.

General inquiries: support@unitedvows.com.