Privacy Policy

Effective from: 13 July 2026

1. Basic information

1.1. This Privacy Policy describes how MUDr. Marek Filippi (the "Controller" or "we") processes personal data of users of the me&you platform (the "Platform").

1.2. Protecting your personal data is our priority. We process it in accordance with:

  • Regulation (EU) 2016/679 (GDPR)
  • Act No. 110/2019 Sb., on personal data processing (Czech Republic)
  • Other applicable legislation of the Czech Republic

2. Controller identification

Data controller:

Contact for data protection enquiries:

3. What data we process

3.1. Registration data

When you create an account we process:

  • First and last name
  • Email address
  • Password (stored in encrypted form), or your Google account identity if you sign in with Google
  • Registration date
  • IP address at registration

Legal basis: Performance of contract (Art. 6(1)(b) GDPR)

3.2. Profile data

You may voluntarily provide:

  • Profile photo
  • Phone number
  • Wedding/event date
  • Event location (including addresses looked up via Google Maps, see section 6.1)

Legal basis: Consent (Art. 6(1)(a) GDPR) or performance of contract

3.3. Payment data

When your trial ends or you purchase a plan (Basic, Plus, Premium) or additional guest media storage, we process:

  • First and last name
  • Email address
  • Billing details (if you provide them)
  • A saved payment method reference, if you provide one during onboarding, used to automatically charge your selected plan when your free trial ends unless you have already purchased or cancelled
  • Order and payment history
  • Transaction date and time

Note: Payment card data is processed solely by the Stripe payment gateway; we do not store or see it.

Legal basis: Performance of contract (Art. 6(1)(b) GDPR) and legal obligations (accounting records – Art. 6(1)(c) GDPR)

3.4. User content

As part of using the Platform we process data you upload:

  • Task lists and reminders
  • Budget and expenses
  • Wedding calculator (budget items, units, calculation methods)
  • Guest information (names, contacts, RSVP responses, dietary restrictions, plus-ones)
  • Seating plan and guest layout
  • Event schedule
  • Photos and videos (uploaded by you or your guests)
  • Files and documents (contracts, invoices, etc.)
  • Messages in guest communication
  • Survey responses
  • Wedding website content you create for guests

Legal basis: Performance of contract (Art. 6(1)(b) GDPR)

3.5. Technical and operational data

We automatically record:

  • IP address
  • Browser type and version
  • Operating system
  • Access time
  • Pages visited
  • Referring URL
  • Approximate location (country), derived from your IP address, used to show localised pricing and currency
  • Cookies and similar technologies (see section 8)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – security of operation, prevention of misuse, improvement of services

3.6. Communication

We process content of:

  • Email communication with customer support
  • Enquiries and complaints
  • Feedback and ratings

Legal basis: Performance of contract and legitimate interest

4. Purpose of processing

We process your personal data for these purposes:

4.1. Provision of services (Art. 6(1)(b) GDPR)

  • Creating and managing your account
  • Enabling access to Platform features
  • Storing and managing your data (tasks, guests, budget, etc.)
  • Communicating with guests (if you use premium features)
  • Sharing access with other users (partner or coordinator)
  • Creating your wedding website

4.2. Payment processing (Art. 6(1)(b) and (c) GDPR)

  • Activating your plan (Basic, Plus, Premium) on purchase or automatically at the end of your free trial if a payment method is on file
  • Processing additional purchases (guest media storage)
  • Issuing tax documents
  • Keeping accounting records (obligation 5 years from end of accounting period)

4.3. Technical operation and security (Art. 6(1)(f) GDPR)

  • Ensuring Platform functionality and security
  • Protection against misuse, fraud and cyber attacks
  • Resolving technical issues
  • Data backups
  • Error monitoring (see section 6.1)

4.4. Improving services (Art. 6(1)(f) GDPR)

  • Analysing use of the Platform (pseudonymised statistics)
  • Developing new features
  • Optimising the user interface

4.5. Customer support (Art. 6(1)(b) and (f) GDPR)

  • Responding to enquiries
  • Handling complaints
  • Technical support

4.6. Marketing communication (Art. 6(1)(a) GDPR – consent)

  • Sending news about the Platform (only with consent)
  • Information about new features
  • Tips and inspiration for wedding planning

You may withdraw consent at any time via the link in the email footer or in account settings.

4.7. Legal obligations (Art. 6(1)(c) GDPR)

  • Accounting and tax records
  • Compliance with tax authorities
  • Protection of rights before courts

5. Retention period

We keep personal data only for as long as necessary:

Type of dataRetention period
Registration and profile dataUntil account deletion or 3 years from last activity
User content (tasks, guests, photos, etc.)Until account deletion or 3 years from last activity
Guest media (photos and videos uploaded by guests)6 months from the wedding/event date
Payment data and invoices10 years from end of accounting period (legal obligation)
Technical logsMaximum 12 months
Marketing consentsUntil consent is withdrawn
Customer support communication3 years from resolution

Active deletion: You may at any time request deletion of your account and all data. You can do this in Account settings (Privacy section) or by email to info@meandyou.wedding. Data will be deleted within 30 days, except where we are legally required to retain it (e.g. invoices).

6. Who we share data with

We may share your personal data with these categories of recipients:

6.1. IT service providers (processors)

  • Supabase Inc. (USA) – database and file storage hosting
  • Vercel Inc. (USA) – web application hosting; also provides an approximate country from your IP address for localised pricing
  • Resend – transactional email delivery
  • Sentry – error monitoring and diagnostic session replay, to detect and fix technical issues
  • Google LLC – Google sign-in (if you choose to use it) and the Google Maps Platform for address and venue lookups

These companies are processors under the GDPR and process data only on our instructions under a written agreement (Google acts as an independent controller for account authentication and for queries you make directly to Google Maps).

International transfer: Data may be stored on servers in the USA. We ensure appropriate safeguards (EU standard contractual clauses).

6.2. Payment services

  • Stripe, Inc. (USA) – card payment processing and saved payment methods for trial-end billing

Stripe processes payment data as an independent controller. More information: https://stripe.com/privacy

6.3. Analytics tools

We use analytics tools that process pseudonymised data to improve the Platform and understand user behaviour.

  • PostHog Inc. (USA) – analytics platform for app usage, user behaviour and feature testing

PostHog processes pseudonymised data (anonymous user ID, session information, pages viewed, interactions). More information: https://posthog.com/privacy

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – improving services, optimising the interface, fixing errors.

You have the right to object to analytics cookies – contact us at info@meandyou.wedding to request exclusion from tracking. The privacy preferences in your account settings record your choice, and we act on it manually until in-product enforcement is available.

6.4. Public authorities

Where required by law we may disclose data to:

  • Tax authorities (tax documents)
  • Courts and law enforcement (where legally required)
  • Office for Personal Data Protection of the Czech Republic

6.5. Third parties with consent

With your explicit consent, or as part of using collaboration features, we may share data with other parties you invite, such as:

  • A partner or coordinator you invite to co-plan your event

We do not sell your personal data to third parties for their marketing purposes.

7. Your rights

Under the GDPR you have the following rights:

7.1. Right of access (Art. 15 GDPR)

You have the right to know what personal data we process and to receive a copy.

How to exercise: In account settings or by email to info@meandyou.wedding

7.2. Right to rectification (Art. 16 GDPR)

You may request correction of inaccurate or incomplete data.

How to exercise: Directly in account settings or by email

7.3. Right to erasure – "right to be forgotten" (Art. 17 GDPR)

You may request erasure of your personal data where:

  • The data is no longer necessary for the purpose of processing
  • You withdraw consent and there is no other legal basis
  • You object to the processing
  • The data was processed unlawfully

Exceptions: We cannot delete data we are legally required to retain (e.g. invoices for 10 years).

How to exercise: In account settings ("Delete account" button) or by email

7.4. Right to restriction of processing (Art. 18 GDPR)

You may request temporary restriction of processing of your data in certain cases.

7.5. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transfer it to another controller.

How to exercise: In account settings ("Export data") or by email

7.6. Right to object (Art. 21 GDPR)

You may object to processing based on legitimate interest or for direct marketing purposes.

7.7. Right to withdraw consent (Art. 7(3) GDPR)

Where we process data on the basis of consent, you may withdraw it at any time.

Note: Withdrawal does not affect the lawfulness of processing before withdrawal.

7.8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority:

Office for Personal Data Protection of the Czech Republic (ÚOOÚ)

Handling requests: We will respond to your requests without undue delay, at latest within 1 month of receipt. In justified cases we may extend the period by a further 2 months (you will be informed).

8. Cookies

8.1. What are cookies

Cookies are small text files stored on your device when you visit websites.

8.2. What cookies we use

a) Essential cookies (always active)

These cookies are necessary for the Platform to function:

  • Authentication cookies – keeping you logged in
  • Security cookies – protection against attacks

Legal basis: Performance of contract, technical necessity

b) Analytics cookies

We use analytics cookies to improve the Platform and understand user behaviour:

  • PostHog cookies (ph_*_posthog) – anonymous user ID, session information, pages viewed, interactions
  • Type: First-party cookies
  • Duration: Up to 365 days
  • Purpose: Analysing use of the Platform, optimising the interface, fixing errors, testing new features

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – improving services and user experience

You may object to analytics cookies – contact us at info@meandyou.wedding to request exclusion from tracking.

c) Marketing cookies

We currently do not use third-party marketing cookies.

8.3. Managing cookies

You can control cookies:

  • In your browser – cookie settings, block, delete

Note: Disabling essential cookies will prevent login and limit Platform functionality.

8.4. Cookie duration

  • Session cookies – deleted when you close the browser
  • Persistent cookies – maximum 12 months

9. Security

We implement technical and organisational measures to protect your personal data:

9.1. Technical measures

  • Data encryption in transit (SSL/TLS – HTTPS)
  • Encrypted password storage (hashing algorithms)
  • Regular backups
  • Firewall and DDoS protection
  • Regular security updates
  • Error monitoring to detect and fix issues quickly (see section 6.1)
  • Authentication and authorisation – access only for authorised persons

9.2. Organisational measures

  • Access limitation to personal data (need-to-know principle)
  • Data protection training
  • Contractual safeguards with processors
  • Procedures for reporting security incidents

9.3. Security incident

In the event of a personal data breach:

  • We will notify the Office for Personal Data Protection of the Czech Republic within 72 hours
  • We will inform affected users if the incident poses a high risk to their rights

Your responsibility: Keep your login details secure. If you suspect unauthorised access, contact us immediately.

10. Children's personal data

10.1. The Platform is not primarily intended for persons under 18.

10.2. We do not knowingly collect personal data of children under 16 without parental consent.

10.3. If we find that we have inadvertently collected personal data of a child under 16, we will delete it.

10.4. Parents or guardians may contact info@meandyou.wedding with enquiries about their children's personal data.

11. Guests' and clients' personal data

11.1. If as a user you enter personal data of your guests (names, contacts, RSVP responses, dietary requirements), you act as independent controller of that data.

11.2. Your obligations:

  • Inform guests about the processing of their personal data
  • Obtain their consent where required
  • Respect their rights under the GDPR

11.3. Our role: In this case we act as processor and process guest data only on your instructions (storage, display, sending invitations, etc.).

11.4. Recommendation: Inform your guests that their data will be processed via the me&you Platform.

12. Links

12.1. The Platform may contain links to third-party websites.

12.2. We are not responsible for the privacy practices of these third parties.

12.3. We recommend reading the privacy policy of each website you visit.

13. Automated decision-making

13.1. We do not use automated decision-making or profiling that has legal effects or similarly significantly affects you.

13.2. We may use basic analytics to personalise content (e.g. showing prices in your local currency), but this never leads to discriminatory decisions.

14. Changes to this policy

14.1. We may update this policy from time to time due to:

  • Changes in law
  • Changes in the scope of processing
  • Technological development

14.2. We will inform you of material changes by:

  • Email to the address in your account
  • Notice on the Platform
  • Publishing the new version at www.meandyou.wedding

14.3. The date of the last update is shown at the start of this document.

14.4. If you do not agree with the changes, you may stop using the Platform and delete your account.

15. Contact

For any questions about the processing of personal data or to exercise your rights, contact us:

Email: info@meandyou.wedding

Postal address: MUDr. Marek Filippi, Pobočná 1056/20, Michle, 140 00 Praha 4, Czech Republic

We will respond within: 30 days of receiving your request

16. Summary

  • What we collect: Name, email, password or Google identity, event data, photos, documents, payment data, technical logs
  • Why: To provide you with a functional platform for planning your wedding
  • How long: Until account deletion or 3 years from last activity (invoices 10 years by law)
  • Who we share with: IT providers (Supabase, Vercel, Sentry), payment gateway (Stripe), Google (sign-in, Maps); we never sell data to marketers
  • Your rights: Access, rectification, erasure, data export – anytime in settings or at info@meandyou.wedding
  • Security: Encryption, regular backups, modern security measures

MUDr. Marek Filippi
Company ID: 19579446
Pobočná 1056/20, Michle, 140 00 Praha 4
Last updated: 13 July 2026