Privacy Policy

1. Data We Collect

Altara collects information in two ways: data you provide directly, and data we collect automatically.

Information You Provide

• Account & Wedding Information: Partner names, wedding date, estimated guest count, and budget range when you create a wedding plan.
• Guest Information: Guest names, email addresses, phone numbers, mailing addresses, RSVP status, dietary restrictions, plus-one details, and gift/thank-you tracking data that you add to your guest list.
• Addresses Collected via Share Links: When you send a collect-address link to guests, the guests voluntarily submit their own name, mailing address, email, phone, plus-one name, and dietary restrictions.
• Gift Registry Information: Gift descriptions, estimated values, received dates, and thank-you card status.
• AI Interactions: Venue preferences, budget questions, and other inputs you enter into AI-powered features.

Information Collected Automatically

• Analytics Beacon: An anonymous visitor ID stored in your browser's localStorage is sent to Polsia (our infrastructure provider) when you visit the landing page. No personally identifiable information is transmitted.
• Server Logs: Standard web server logs including IP addresses, browser type, and pages visited. Retained for up to 30 days for security purposes.

2. How We Use Your Data

We use the data we collect to:

• Generate and display your personalized wedding planning timeline and milestones.
• Store and display your guest list, RSVP statuses, and gift tracking.
• Power AI features including venue recommendations and budget breakdowns.
• Enable shareable address-collection links for your guests.
• Send reminder emails (if you opt in to notifications).
• Improve and maintain the Altara service.
• Comply with our legal obligations.

We do not sell your data, rent it, or share it with advertisers.

3. AI Processing Disclosure

Anthropic processes this data to generate responses. Anthropic's data handling is governed by their Privacy Policy. Anthropic does not use API inputs to train their models by default (as of the effective date of this policy).

We recommend not entering highly sensitive information (e.g., full social security numbers, financial account details) into AI-powered fields. Wedding planning information such as venue names, cities, and budget ranges is the intended use.

4. Guest Data & GDPR Article 14

Under GDPR Article 14 (data collected not directly from the data subject), guests who submit their information via a collect-address link are entitled to the following information:

• Data Controller: The couple whose names appear on the form.
• Data Processor: Altara (operated by Polsia Inc.) processes the data on behalf of the couple.
• Purpose: Wedding event planning — sending physical invitations, managing RSVPs, dietary planning for catering.
• Legal Basis: Legitimate interest (event planning) and, for dietary data, explicit consent.
• Data Categories: Name, mailing address, email, phone, dietary restrictions, plus-one name.
• Retention: Guest data is automatically deleted 12 months after the wedding date stored in the couple's account, or upon deletion of the couple's account, whichever comes first.
• Your Rights: You may request access to, correction of, or deletion of your data by contacting altara@polsia.app.

5. Special Category Data (Dietary Restrictions)

Dietary data is:

• Collected only with your explicit consent via checkbox on the submission form.
• Accessible only to the couple and, for catering purposes, to vendors they designate.
• Never used for marketing or profiling.
• Deleted in accordance with the data retention schedule described in Section 6.

You may withdraw your consent at any time by emailing altara@polsia.app with a request to update or delete your dietary information.

6. Data Retention

We retain data for as long as necessary to provide the service:

• Wedding plan data (timelines, milestones): Retained for the life of your account. You may delete your plan at any time.
• Guest data (names, addresses, dietary info, RSVPs, gift details): Automatically anonymized 12 months after the wedding date stored in your account, or upon account deletion, whichever comes first. Personal identifiers (name, email, phone, address, dietary restrictions) are deleted; aggregate records (guest count, gift totals) are retained.
• Server logs: Retained for up to 30 days for security purposes.
• Analytics beacon data: Aggregated, anonymized visit counts — no retention limit.

Automated Deletion Process

Altara runs an automated daily data retention job. The process is as follows:

1. 30-day warning: If you provided your email address when creating your plan, Altara will send you a warning email 30 days before your guest data is scheduled for deletion. The email includes direct download links for your Guest CSV and Gift CSV backups.
2. Deletion day: On the 12-month anniversary of your wedding date, guest personal data is anonymized (names replaced with "[Guest Removed]", contact details cleared). Gift values and dates are preserved as aggregate records only.
3. Confirmation email: A confirmation is sent to your email (if provided) once deletion is complete, including a summary of aggregate data retained.

Data Export

You can export your data at any time before deletion using the export buttons on the Guest List and Gift Tracker pages. Exports are available in CSV format, compatible with Excel, Google Sheets, and other spreadsheet applications.

You are responsible for exporting or backing up your data before the deletion date. Altara is not liable for data lost due to account deletion, service discontinuation, or the automated retention schedule. See our Terms of Service for details.

7. Third-Party Services

Altara uses the following third-party services to operate:

• Anthropic (Claude API) — AI-powered features. See Anthropic Privacy Policy.
• Polsia Inc. — Infrastructure provider (hosting, database, analytics beacon). Polsia processes data on our behalf under a data processing agreement.
• Neon (PostgreSQL database) — Database hosting. Data is stored in encrypted databases in the US.
• Render — Application hosting. See Render Privacy Policy.
• Google Fonts — Font delivery. Google may log font requests. See Google Privacy Policy.

We do not use advertising networks, social tracking pixels, or third-party analytics platforms beyond those listed above.

8. Your GDPR Rights (EU/UK Residents)

If you are located in the European Union or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing (Article 18): Request that we limit how we use your data.
• Right to Data Portability (Article 20): Request your data in a portable, machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent (Article 7): Withdraw consent for special category data (dietary restrictions) at any time.

To exercise any of these rights, email altara@polsia.app. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

9. Your CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect about you, the sources of collection, the business purpose, and any third parties with whom it is shared.
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. No opt-out is required, but you may submit a request to confirm this at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email altara@polsia.app with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

10. Children's Privacy (COPPA)

Altara is designed for adults planning their weddings. We do not knowingly collect personal information directly from children under the age of 13.

Guest lists may include the names of minors as attendees. However, we do not collect personal data directly from minors — any guest information for children under 13 must be entered by a parent or guardian. We do not use children's data for marketing, profiling, or any purpose beyond event planning.

If you believe we have inadvertently collected personal information from a child under 13 without verifiable parental consent, please contact us immediately at altara@polsia.app and we will delete the data promptly.

11. Security

We implement reasonable technical and organizational measures to protect your data, including:

• HTTPS encryption for all data in transit.
• Encrypted database storage.
• Access controls limiting who can view production data.
• Shareable links protected by unique, unguessable tokens.

No system is 100% secure. In the event of a data breach that affects your personal data, we will notify affected users as required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Effective" date at the top of this page. For significant changes, we will make reasonable efforts to notify users (such as via a banner on the application).

Your continued use of Altara after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

For privacy requests, questions, or concerns: