1. The short version
- We collect what we need to run the platform: account info, what you do on the site, and payment-processing details that flow through Stripe.
- We share information with vendors when you book them, with payment processors so you can pay, with AI providers when you use AI features, and with no one else without your consent or a legal obligation.
- We don't sell your personal information. We don't share it for cross-context behavioral advertising.
- You have rights, to access, correct, delete, or export your data. See section 8.
2. What we collect
Information you provide
- Account info: name, email, password (hashed), phone (optional; see section 4 for AI-feature-specific consent), role (couple, vendor, guest, admin).
- Profile content: for couples: partner names, wedding date, venue, guest count, budget, style preferences, color palette, photos. For vendors: business name, bio, portfolio photos, services offered, pricing, service area, team members.
- Communications: messages between couples and vendors, comments on vendor profiles, day-of group chat messages, support tickets.
- Booking + payment info: contracts, payment milestones, refund history, dispute filings, Vendor Wallet ledger entries. Payment card details are processed by Stripe; we do not store full card numbers on our servers.
- Bank-account information (for ACH payments and ACH Vendor Wallet funding): when you choose to pay or fund by ACH bank debit, we use Stripe Financial Connections (or an equivalent service) to verify ownership of and obtain the necessary debit authorization for your bank account. We retain the account-verification status, the masked account identifier, the NACHA WEB-debit authorization text and timestamp, and (for couple-to-vendor escrow payments) the link between the authorization and the signed contract. We do not retain full bank-account numbers on our servers.
- Electronic-signature audit-trail information: for each contract or document you sign on the Platform, we capture the authenticated identity of the signer (account identifier, name, and email of record), the timestamp of acceptance in coordinated universal time (UTC), the IP address and user-agent of the accepting session, the exact text and version of the consent shown, the SHA-256 hash of the signed document, and the authentication method used. This audit trail is retained for the longer of seven (7) years or the duration of any applicable statute of limitations.
- AI conversation content: what you type into the Vows Assistant or other AI features.
- Voice content (AI Receptionist only): when a vendor enables the AI Receptionist feature and you call the vendor, the call is recorded and transcribed. The recording disclosure is played at the start of the call. See our separate disclosure at unitedvows.com/ai-receptionist-disclosure (forthcoming).
Information collected automatically
- Device and browser information (user agent, screen size, locale).
- IP address and approximate location derived from it.
- Cookies and similar technologies (see our Cookies Policy at unitedvows.com/cookies).
- Usage events: pages viewed, features used, search queries, click paths.
Information from third parties
- For vendors: when we import publicly available business info (Google Business Profile, etc.) to seed unclaimed listings, we attribute the source and offer a clear claim flow.
- For OAuth signins: we receive the basic profile (name, email, profile photo) from the provider you used.
3. How we use it
- To run the platform, show you relevant vendors, process payments, route messages, hold escrow funds.
- To make AI features work, process your inputs through AI providers and return results.
- To improve the platform, measure feature usage, debug issues. We do not train internal models on identifiable user content. Aggregate, non-identifying analytics may be derived from usage events.
- To communicate with you, transactional emails (booking confirmations, payment receipts), service announcements, and (with your consent) marketing.
- To prevent fraud and enforce our Terms.
- To comply with legal obligations (including tax records retention).
4. AI features and your data
United Vows uses AI from OpenAI, Anthropic, and Google to power the Vows Assistant, the AI Profile Builder, AI-assisted vendor matching, AI-generated proposals, the AI Receptionist (vendor feature), AI Coach, AI Insights, and other features. When you use one of these features:
- Your inputs (messages, profile fields you ask AI to rewrite, transcripts of AI Receptionist calls) are sent to the AI provider for processing.
- We have configured these integrations to use enterprise / no-train endpoints where the AI provider offers them, meaning the AI provider does not use your inputs to train its public models.
- We retain a copy of AI conversations for up to 90 days for service quality, debugging, and abuse-detection. After 90 days the identifiable conversation data is deleted. Aggregated, non-identifying analytics derived from earlier conversations may be retained indefinitely.
- AI outputs are suggestions, not advice. Don't rely on them for legal, medical, financial, tax, insurance, employment, immigration, or any other professional decision without independent verification.
Phone number and AI Receptionist consent. If you provide your phone number to United Vows (couple settings or vendor profile), you consent to its use for: account verification (one-time), inbound caller-matching by the AI Receptionist when you call a vendor that has enabled the feature, and outbound callbacks only when you affirmatively request one. The AI Receptionist is voice-only at launch. We do not send outbound SMS at launch, and we do not place outbound marketing calls. If we enable any outbound SMS feature in the future, we will obtain the prior express written consent required by the federal TCPA and applicable state laws before sending any SMS. See section 6 (sub-processors) for the AI Receptionist sub-processor.
5. Cross-vendor features and shared data
Some features intentionally share information between vendors and couples on the same wedding. Specifically:
- Vendor recommendations: when a vendor recommends another vendor, that endorsement is publicly visible on both vendor profiles.
- Shared wedding-day timelines: all confirmed vendors on a wedding can view the couple's timeline. Each vendor's notes on the timeline are visible to the couple and the other confirmed vendors.
- Day-of group chat: when 2+ vendors are confirmed on a wedding, an automatic shared chat thread is created with the couple and every confirmed vendor. Messages in this thread are visible to all participants.
Don't share sensitive information (passwords, financial account numbers, government IDs, health data) in these shared surfaces.
6. Sub-processors and recipients
We use the following sub-processors to operate the platform. Each is bound by data-protection terms in their service agreements with us:
- Stripe: payments, Stripe Connect escrow, Stripe Identity for verification, Stripe Financial Connections for ACH bank-account verification, Stripe Tax for sales/use-tax calculation at consumption.
- Electronic-signature service provider: the Platform uses one or more electronic-signature services to administer signing of contracts and the Platform Addendum. We are provider-agnostic and may change the underlying service at any time. The current service is identified in our sub-processor list maintained at unitedvows.com/sub-processors. The provider receives the document, the signer's name and email, and the audit-trail data necessary to produce the signed record.
- Vapi: voice / AI Receptionist runtime (voice only at launch; no SMS sending in production).
- OpenAI, Anthropic, Google: AI inference for assistant, matching, and analysis features.
- Resend: transactional email delivery.
- Neon: database hosting.
- Vercel: application hosting.
- Upstash: cache / rate-limit storage.
- Sentry: error monitoring (stack traces and request metadata; configured to redact PII).
- PostHog: product analytics (aggregated, anonymous-where-possible).
We share information with the following non-sub-processor recipients:
- Vendors you contact or book. Your contact info, wedding details, and messages reach the vendor when you inquire.
- Other confirmed vendors on your wedding. See section 5 (cross-vendor features).
- Legal & safety: we'll disclose information when required by law, to enforce our Terms, to investigate fraud, or to protect rights, property, or safety.
- In a sale of the company: if United Vows is acquired or merged, personal information may transfer to the new entity. We'll notify you in advance.
We don't sell or rent personal information to third parties for their own marketing. We don't share personal information for cross-context behavioral advertising as those terms are defined under California law.
7. Data retention
- Active accounts: as long as you have an account.
- Closed accounts: we retain core records (account, contracts, payment history) for up to 7 years for tax (IRS retention requirements), dispute-resolution, and legal-obligation purposes; the rest is deleted within 90 days of account closure. The 7-year retention is necessary for compliance with federal tax law and the platform's defense in any subsequent claim under state contract or consumer-protection statutes.
- AI conversation logs: 90 days, then identifiable content is deleted.
- Wedding-site content: kept until you delete the wedding site or close your account.
- AI Receptionist call recordings: 13 months. Call transcripts: 7 years. Opt-out records: indefinite (retained to honor your opt-out). See `06-tcpa-ai-receptionist-packet.md` for the full retention schedule.
8. Your rights
Depending on your location you may have the following rights, which you can exercise by emailing privacy@unitedvows.com:
- Access: request a copy of the personal information we hold.
- Correction: have inaccurate data corrected.
- Deletion: request deletion of your personal information (with legal-retention exceptions described in Section 7).
- Portability: receive your data in a machine-readable format.
- Opt-out of marketing: unsubscribe from any marketing email; transactional emails will continue while your account is active.
- Object to processing: object to certain processing, including automated decision-making.
- Opt-out of sharing for cross-context behavioral advertising: we do not share personal information for cross-context behavioral advertising, so there is nothing to opt out of. To confirm in writing, see Section 8 (California).
We honor browser-level Do Not Track (DNT) and Global Privacy Control (GPC) signals as requests to opt out of any non-necessary tracking. Our cookie banner reflects these signals when set.
If you're in the EU/EEA/UK (GDPR): you also have the right to lodge a complaint with your local supervisory authority. We process data on lawful bases including contract performance, legitimate interests (platform operations, fraud prevention), consent (marketing, optional features), and legal obligation.
If you're in California (CCPA/CPRA): see your rights to know, delete, correct, and opt-out. To request opt-out of sharing (note: we do not currently share for cross-context behavioral advertising), email privacy@unitedvows.com or use the in-app privacy preferences page (forthcoming at unitedvows.com/privacy-preferences).
9. Children
United Vows is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18. In particular, we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe a minor has created an account, email privacy@unitedvows.com and we'll delete the account and associated personal information promptly.
10. International transfers
Our servers are in the United States. If you're using United Vows from outside the US, your information will be transferred to and processed in the US. For users in the EU/EEA/UK, we are in the process of implementing Standard Contractual Clauses and supplementary measures to safeguard cross-border transfers. If you have specific questions about international transfer mechanisms, email privacy@unitedvows.com.
11. Security
We use TLS 1.3 in transit, encrypted storage at rest, role-based access controls, rate limiting on public endpoints, audit logs on sensitive actions, and structured incident-response procedures. No system is perfectly secure, if you suspect a security issue, email security@unitedvows.com.
12. Changes to this policy
We may update this Privacy Policy occasionally. Material changes will be communicated by email and an in-app notice at least 30 days before they take effect.
13. Contact
Privacy questions: privacy@unitedvows.com. Security disclosures: security@unitedvows.com. General inquiries: support@unitedvows.com.