Bridebase ("Bridebase", "we", "us") is a service operated by Hannah Morrison, a sole trader trading as Bridebase. This Privacy Notice explains what personal data we collect, why, and how you can control it.

Controller

Hannah Morrison, trading as Bridebase, is the data controller responsible for your personal data when you use Bridebase. You can contact us at privacy@bridebase.app.

What we collect

• Account info: email, name, password hash.
• Wedding profile: partner names, wedding date, budget, vibe, help areas.
• Planning data: checklist items, guest list, budget entries, chat history.
• Usage data: pages visited, features used, errors (for product improvement).
• Payment data: handled by our payment processor and Merchant of Record, Paddle.com Market Limited ("Paddle"). Paddle collects billing details, payment method information, and tax/location data directly from you at checkout. We never see or store card numbers.

How we use it and our legal basis

• To provide the service (account creation, planning tools, AI chat) — legal basis: performance of a contract with you.
• To process payments and manage subscriptions via Paddle — legal basis: performance of a contract and compliance with legal obligations (tax, accounting).
• To send transactional email (account, billing, password reset) — legal basis: performance of a contract.
• To improve and secure the product (analytics, error monitoring, fraud prevention) — legal basis: legitimate interests in running a safe, reliable service.
• To send marketing communications, where applicable — legal basis: consent, which you can withdraw at any time.

Sharing

We share personal data only with the following categories of recipients:

• Merchant of Record: Paddle.com Market Limited, which sells our products as reseller and handles payments, billing, subscription management, tax compliance, invoicing, refunds, and chargebacks.
• Service providers / subprocessors: hosting and database, AI provider (for chat responses), transactional email provider, error monitoring and analytics.
• Professional advisers: legal and accounting professionals where necessary.
• Authorities: where required by law or to protect our rights.

We do not sell your personal data.

International transfers

Some of our processors are located outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Your rights

Depending on your location, you have rights to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent. EU/UK users have additional rights under GDPR; California users under CCPA. You can exercise these rights, or lodge a complaint with your local supervisory authority, by emailing privacy@bridebase.app. We aim to respond within one month.

Security

We apply appropriate technical and organisational measures including encryption in transit and at rest, role-based access controls, and row-level security.

Retention

We retain account data while your account is active. Deleted accounts are purged within 30 days, except where retention is required for legal, tax, or accounting reasons (billing records held by Paddle as Merchant of Record are retained per their policies).

Cookies

We use strictly necessary cookies to keep you signed in and limited analytics cookies to understand product usage. You can manage cookies through your browser settings.

Contact

Privacy questions: privacy@bridebase.app.