Privacy Policy

Effective date: 28 April 2026

1. Who We Are

Forevite (https://forevite.com) is operated by Flipovr Ltd, registered in England and Wales, with registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

Flipovr Ltd is the data controller responsible for personal data collected through the Forevite platform. If you have any questions or requests regarding your personal data, contact our privacy team at [email protected].

2. What Data We Collect

We collect the following categories of personal data:

2.1 Account Data

  • Name and email address (required for account creation)
  • Password (stored encrypted using bcrypt; we never store plaintext passwords)
  • Profile image (optional, if provided via Google OAuth)
  • Account creation date and login timestamps

2.2 Invitation and Event Data

  • Event name, couple names, date, time, and venue
  • Photos and media uploads for invitation design
  • Invitation customisation settings (theme, colours, text)

2.3 Guest Data

  • Guest names, email addresses, and phone numbers (as entered by the account holder)
  • RSVP responses and meal preferences
  • Plus-one and child information
  • Seating plan assignments

2.4 Billing and Payment Data

  • Transaction reference IDs provided by Stripe
  • Plan type purchased and purchase date
  • We do not store credit or debit card details. All payment data is handled exclusively by Stripe.

2.5 Technical and Usage Data

  • IP address and approximate geolocation
  • Browser type, device type, and operating system
  • Pages visited, time on page, and referral source
  • Cookies and session data (see Section 8)

3. How We Use Your Data

We use your personal data for the following purposes and legal bases:

PurposeLegal Basis (UK GDPR / EU GDPR)
Provide and operate the ServiceContract performance (Art. 6(1)(b))
Process payments and send receiptsContract performance (Art. 6(1)(b))
Verify your identity and prevent fraudLegitimate interests (Art. 6(1)(f))
Respond to support requestsContract performance / Legitimate interests
Defend against chargebacks and payment disputesLegitimate interests (Art. 6(1)(f))
Send transactional emails (RSVP notifications, receipts)Contract performance (Art. 6(1)(b))
Send product updates and marketing emails (opt-out available)Legitimate interests / Consent (Art. 6(1)(a))
Analyse usage and improve the ServiceLegitimate interests (Art. 6(1)(f))
Comply with legal obligationsLegal obligation (Art. 6(1)(c))

Dispute and chargeback defence: We retain records of account activity, plan purchase events, feature usage logs, digital delivery timestamps, session data, and IP addresses specifically to defend against fraudulent payment disputes. This is a legitimate interest that outweighs your privacy interest because it protects both the business and honest customers from fraud.

4. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

4.1 Service Providers (Processors)

  • Stripe, Inc. — payment processing (USA; covered by Standard Contractual Clauses)
  • Google LLC — OAuth authentication (USA; covered by Standard Contractual Clauses)
  • Cloud/hosting infrastructure — server hosting and file storage
  • Email delivery provider — transactional email sending

All processors are bound by data processing agreements and may only use your data to provide services to us.

4.2 Legal Disclosure

We may disclose your data if required to do so by law, court order, or at the request of a regulator, or to protect the rights, property, or safety of Flipovr Ltd, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity. We will notify you of any such transfer and your continued use of the Service constitutes acceptance.

5. Retention of Data

Data TypeRetention Period
Account and profile dataDuration of account + 2 years after deletion request
Invitation and event content12 months after the wedding date
Guest RSVP data12 months after the wedding date
Payment and transaction records7 years (UK tax and financial law requirement)
Session logs and IP addresses12 months (for fraud and dispute defence)
Support communications3 years from last interaction
Affiliate tracking data3 years

Payment transaction records are retained for 7 years to comply with UK HMRC requirements and to enable us to defend against payment disputes, which may be raised up to 6 months or longer after a transaction.

6. Your Rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of access — Request a copy of the data we hold about you.
  • Right to rectification — Request correction of inaccurate data.
  • Right to erasure — Request deletion of your data, subject to legal retention obligations.
  • Right to restriction — Request that we limit processing of your data in certain circumstances.
  • Right to data portability — Request your data in a machine-readable format.
  • Right to object — Object to processing based on legitimate interests or direct marketing.
  • Rights related to automated decision-making — We do not make solely automated decisions with legal or significant effect.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may ask you to verify your identity before processing your request.

Right to lodge a complaint: If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). If you are in the EU, you may contact your local supervisory authority.

Please note: We cannot erase data that we are legally required to retain (e.g., financial records, fraud prevention logs) or data that is necessary to defend against pending or potential legal claims.

7. International Data Transfers

Our primary servers are located within the European Economic Area (EEA). Some of our third-party service providers (including Stripe and Google) may transfer data to the United States. Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK International Data Transfer Agreement (IDTA).

8. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Strictly necessary cookies — Session management and authentication. Cannot be disabled.
  • Preference cookies — Storing your language selection (locale cookie).
  • Affiliate tracking cookies — If you arrive via an affiliate link, we set a forevite_ref cookie (valid for 90 days) to attribute any resulting purchase for commission purposes.
  • Analytics — We may use privacy-respecting analytics tools to understand how users interact with the Service. These do not share identifiable data with third parties.

You can control non-essential cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted password storage (bcrypt hashing)
  • Role-based access controls limiting staff access to personal data
  • Regular security reviews and monitoring
  • No plaintext storage of payment credentials

Despite these measures, no internet transmission is completely secure. You acknowledge that you provide your data at your own risk and we cannot guarantee absolute security.

10. Children's Privacy

Forevite is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by posting a prominent notice on the platform at least 14 days before the changes take effect. The updated policy will show the revised "Effective date" at the top.

12. Contact Us

For any privacy-related questions, requests, or complaints, contact our privacy team:

Flipovr Ltd
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: [email protected]
Website: https://forevite.com