How we handle your data

This is a starter draft pending legal review. The product behavior described below is accurate as of this version; the legal language will be refined by counsel before any public launch. If you have questions in the meantime, reach us at the help center.

• Account info — email, password (hashed), display name, optional phone + profile photo URL
• Event data you create — guest lists, vendor records, budget items, schedule, mood-board palettes
• Messages you send via the in-app chat
• Payment metadata — order amounts, reference codes, channel, your screenshot if you upload one
• Automatic — IP address (truncated to first 3 octets for QR scan events), browser user-agent, timestamps

• Face biometrics — Papic iteration (0012) hasn’t shipped face data in V1
• Location beyond city-level vendor info you choose to share
• Third-party analytics — Sentry/PostHog are wired but not active until owner provisions accounts

When you chat with a Setnayan vendor, the vendor sees only your event display name and date — never your email or personal name unless you choose to share. This is a load-bearing product rule.

• Right to access: download a JSON archive of your data anytime from your profile.
• Right to erasure: the same profile page has a soft-delete action (type DELETE to confirm). Soft-deleted accounts are retained for 30 days for restoration by you, then become irreversibly deleted.
• Right to rectification: edit your personal info on the profile page.
• Right to object: reach us at the help center to opt out of specific processing.

• Supabase (database + auth, Singapore region)
• Vercel (web hosting)
• Cloudflare (CDN + planned R2 object storage, APAC region)
• Resend (transactional email — pending activation)

For privacy questions or RA 10173 requests, message us via the help center with subject “Privacy”. We’ll respond within one business day.