Privacy Policy

Invy Ltd is the data controller for personal data processed through this website and app for our own business operations.

Controller details: Invy Ltd, 82a, Invy Ltd James Carter Road, Mildenhall, United Kingdom, IP28 7DE.

Privacy contact: admin@invy.co.uk.

Invy is an RSVP tracking and event invitation platform. Event hosts use Invy to upload event details and manage guest lists.

Invy may process personal data such as guest names, phone numbers, and email addresses where event hosts adds or requests those details.

Payment-related details are handled through Stripe. We do not store full payment card details on Invy systems.

When event hosts upload guest information, they are responsible for ensuring they have a lawful basis to use that personal data.

For platform operation, security, account management, and service delivery, Invy Ltd acts as a controller and may also act as a processor depending on the context of use.

We rely on one or more lawful bases, depending on the processing purpose: contract (to provide the service), legitimate interests (platform security and fraud prevention), and legal obligations (regulatory and accounting requirements).

Where consent is required by law for specific communications or processing activities, the relevant party is responsible for obtaining and recording it.

To provide RSVP and invitation management features.

To maintain service functionality, troubleshoot issues, and keep systems secure.

To process payments and maintain financial records.

To respond to support requests and enforce our terms.

We use the following processors and infrastructure providers:

Firebase: backend infrastructure, authentication, and data storage.

Stripe: payment processing.

Vercel: hosting, delivery, and operational logging.

These providers may process personal data on our behalf under contractual safeguards.

Where data is transferred outside the UK, we use appropriate safeguards required by UK GDPR, which may include adequacy regulations or standard contractual clauses (as applicable).

We keep personal data only for as long as needed for the purposes described in this policy, including legal, accounting, and security requirements.

Retention periods vary by data type and service context, after which data is deleted or anonymized where appropriate.

We use technical and organisational measures designed to protect personal data, including access controls, secure infrastructure, and monitoring.

No internet-based service is completely risk-free, but we work to reduce risk and respond quickly to security incidents.

Depending on your circumstances, you may have rights under UK GDPR including access, rectification, erasure, restriction, objection, data portability, and the right to withdraw consent where consent is used.

To exercise your rights, contact admin@invy.co.uk.

If you are not satisfied with how we handle your personal data, you can contact us first at admin@invy.co.uk.

You can also complain to the UK Information Commissioner's Office (ICO): https://ico.org.uk.

We may update this Privacy Policy from time to time. The latest version will always be published on this page with an updated effective date.