WedVis

Privacy Policy

Effective Date: May 26, 2026 (previously February 1, 2026)

1. Information We Collect

Information You Provide:

  • Account information (email, name, password)
  • Wedding details (date, venue, aesthetic preferences)
  • Uploaded images (venue photos, inspiration images)
  • Generated content and prompts
  • Payment information (processed by Stripe)
  • Proposal and contract content you create
  • Electronic signatures (drawn signature images)
  • Client information you enter in proposals (names, emails, event details)

Information Collected Automatically:

  • Usage data (features used, generation history)
  • Device information (browser type, OS, IP address)
  • Cookies and similar tracking technologies
  • Analytics data (via Vercel Analytics)
  • Signature timestamps and signing session metadata

Information from Third Parties:

  • Clients who sign proposals (name, email, signature image)
  • Information from connected services (if you link external accounts)

2. How We Use Your Information

  • Provide and improve the Service
  • Process AI image generation requests
  • Facilitate proposal creation, sharing, and electronic signing
  • Store and display electronic signatures on contracts
  • Send transactional emails (proposal notifications, signature confirmations)
  • Communicate about your account and updates
  • Analyze usage to improve features
  • Prevent fraud and ensure security
  • Comply with legal obligations

3. Proposal and Signature Data

Electronic Signatures: When you or your clients sign a proposal, we collect and store:

  • The signature image (drawn or typed)
  • Name and email of the signer (as provided by the signer)
  • Timestamp of when the signature was applied
  • IP address at time of signing (for verification purposes)

Important Notice: We store signature data as provided to us but do not independently verify signer identity, legal authority, or the authenticity of signatures. The data we collect is intended to create an audit trail but does not constitute proof of identity or legal validity.

Proposal Sharing: When you share a proposal with a client, they can access the proposal content via a secure link. Client signers will have their signature data stored as described above.

Client Data: If you are a wedding professional, you may enter client information (names, emails, event details) into proposals. You are responsible for:

  • Having appropriate consent to share client information with WedVis
  • Complying with applicable privacy laws regarding client data
  • Informing clients that their signature and personal data will be stored by WedVis

4. Information Sharing

We DO NOT sell your personal information. We share information only:

  • With Service Providers: Supabase (database), Vercel (hosting), Stripe (payments), Google (AI processing), Resend (email delivery)
  • Between Contract Parties: Proposal content and signatures are shared between the vendor and client parties to a contract
  • For Legal Reasons: If required by law or to protect rights and safety
  • With Your Consent: When you explicitly agree to sharing
  • Business Transfers: In case of merger or acquisition

Marketing Partners (opt-in only)

If you are a wedding professional and you check the “Share my business info with WedVis’s marketing partners” box during signup (or enable the equivalent toggle later in account settings), we may share the following limited business information with select third-party marketing agencies we engage to perform B2B outreach on our behalf:

  • Business name
  • Professional role (e.g., wedding planner, florist, photographer)
  • City and state
  • Business website URL
  • Public Instagram handle
  • Subscription tier
  • Signup date and acquisition source (UTM)

What we do not share with marketing partners: your personal email address, full name, phone number, password, payment information, or any client/proposal/wedding data you store on WedVis.

Recipient category: third-party marketing agencies WedVis engages to perform B2B outreach to wedding professionals. We share data only with agencies that agree in writing to our outreach rules: outreach is limited to LinkedIn direct messages, email sent to the recipient’s public business email address, and Instagram direct messages on their public handle. Agencies agree not to resell, sub-license, retain beyond the engagement, or contact recipients by phone or SMS without further consent.

Retention: opted-in records remain on our marketing partners’ lists until you revoke consent or 24 months from your most recent opt-in, whichever is shorter. Revocation propagates within 24 hours via the next sync.

How to revoke: uncheck the marketing-partner toggle in Account Settings → Marketing Preferences, or fill in the form on our Do Not Sell or Share My Personal Information page (no login required).

EU/UK residents: we do not currently share data with marketing partners for residents of the European Union, European Economic Area, or United Kingdom while standard contractual clauses and a documented legitimate-interest assessment are being put in place. If you are an EU/UK resident, your opt-in election is recorded but not acted on until that infrastructure ships.

5. Data Accuracy and Verification

WedVis stores data as provided by users and signers. We do not independently verify:

  • The identity of persons creating accounts or signing documents
  • The accuracy of names, emails, or other information provided
  • The legal authority of signers to enter into contracts
  • The authenticity of drawn or typed signatures

Users are solely responsible for verifying the identity and authority of all parties involved in their transactions.

6. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (HTTPS) and at rest
  • Row-level security in database
  • Secure storage of signature images
  • Unique, non-guessable tokens for shared proposal links
  • Regular security audits
  • Limited employee access to data

7. Your Rights and Choices

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request account and data deletion
  • Portability: Export your data
  • Opt-out: Unsubscribe from marketing emails

Note on Contract Data: Executed contracts and signatures may be retained even after account deletion to fulfill legal record-keeping requirements and to preserve the integrity of signed agreements. This retention is necessary because: (a) other parties to the contract may need access to the signed document; (b) the signature record may be required as evidence in legal proceedings; (c) applicable laws may require retention of business records.

8. Data Retention

We retain your data while your account is active. After account deletion:

  • Account data: Deleted within 30 days
  • Generated images: Deleted within 90 days
  • Proposals and signatures: Retained for 7 years for legal compliance
  • Backups: Purged within 6 months
  • Legal records: Retained as required by law

9. California Privacy Rights (CCPA / CPRA)

California residents have the right to know what categories of personal information we collect, request deletion, correct inaccurate information, opt out of the “sale” or “sharing” of personal information, and limit the use of sensitive personal information.

We do not sell personal information for money. Under the CPRA’s broader definition of “sharing,” the opt-in marketing-partner program described in section 4 may qualify as “sharing personal information for cross-context purposes” for users who affirmatively opt in. We treat that opt-in flow as a “share” out of an abundance of caution and provide the following controls:

  • Do Not Sell or Share My Personal Information: use our opt-out form (no login required) or toggle off “Marketing Partners” in Account Settings. The opt-out takes effect on the next nightly sync (within 24 hours).
  • Right to know / access / delete / correct: email aj@wedvis.com with the subject line “CCPA Request” and we will respond within 45 days.
  • Authorized agents: we accept verifiable agent requests submitted to the same address.
  • No discrimination: we will not deny service, charge different prices, or provide a different quality of service because you exercised your CCPA rights.

10. GDPR Rights (European Users)

EU users have rights under GDPR including access, rectification, erasure, and data portability. For electronic signatures, we process data based on contractual necessity and legitimate interest in maintaining signed agreement records.

11. Children's Privacy

The Service is not intended for children under 13. We don't knowingly collect data from children.

12. Changes to Privacy Policy

We'll notify you of material changes via email or Service notification.

13. Contact Us

For privacy concerns: aj@wedvis.com