Privacy Policy

1. The two roles we play

Managing Matrimony plays two roles in how personal information is handled:

• Your account holder. For information about you as an account holder (couple or planner), we decide how and why your information is used — within the limits set out in this policy.
• Your processor. For information you add about other people (guests, family members, vendor contacts, planner leads), you decide how and why that information is used. We host and process it on your behalf to deliver the features you use. Our Terms & Conditions place obligations on you as the controller of that information.

2. Information we collect

From you as an account holder:

• Account details — name, email, phone, authentication credentials.
• Your project data — wedding date, venues, partner names, budgets, seating, runsheets, notes, preferences.
• Uploads — photos, designs and other files you add to your project.
• Payment metadata — the fact of purchases, amounts, receipts and Stripe identifiers. We do not store full card details.
• Communications content you draft, send or receive through the Services.
• Support correspondence you send us.

From guests and other recipients:

• Information you enter about them — name, email, phone, mailing address, dietary requirements, party and household membership, RSVP status, notes.
• Information they submit through your wedding website, RSVP forms or other guest-facing forms — including their responses, IP address and browser user-agent of the submission.

Automatically, from your use of the Services:

• Device and log data — IP address, browser type, device type, operating system, approximate location derived from IP, pages viewed and actions taken.
• Cookies and similar identifiers (see section 4).
• Message delivery events from our email and SMS providers (sent, delivered, bounced, opened, clicked).

Marketing attribution data:

• Referral and campaign parameters — UTM tags, referrer URL, Meta click identifiers (fbp,fbc, fbclid) and Google click identifiers (gclid), so we can measure which marketing channels brought you to us.
• For planner accounts using our marketing dashboards, we also show ad-performance data returned by Meta and Google about campaigns you run through your own ad accounts.

3. How we use personal information

• To operate the Services, create and secure your account, and deliver the features you use.
• To process payments, manage credit balances, fulfil printed orders and issue receipts and refunds.
• To send operational messages (confirmations, receipts, security alerts, support replies, service notices).
• To enable you to send emails and SMS to your guests or recipients when you choose to.
• To improve the Services, investigate bugs, and measure performance and reliability.
• To measure the performance of our marketing, including sharing hashed conversion signals with Meta and Google (see section 4).
• To prevent abuse, enforce our Terms and comply with legal obligations.
• We do not sell your personal information, and we do not use your private project content or guest information to train AI models.

4. Cookies, analytics and advertising

We use cookies and similar technologies on our marketing website and inside the portal to keep the Services working, remember preferences, and understand how the Services are used.

• Essential cookies keep you signed in, remember your session and keep forms and checkout working.
• Analytics and advertising. Our marketing website uses the Meta Pixel and Google tag (gtag) to measure campaign performance. These may set cookies and collect your IP address, user-agent and pages viewed, and may share that information with Meta and Google.
• Server-side conversion measurement. When you purchase or submit a lead, we may also send a server-side event to Meta (via their Conversions API) and/or queue an event for upload to Google Ads as an offline conversion. These events may include your hashed email and phone number (SHA-256), click identifiers (fbp, fbc, gclid), IP address, user-agent and the value of the conversion. Hashing is one-way and means the raw values are not shared. Events are deduplicated with any browser-side pixel event for the same purchase.
• Your controls. You can manage cookies through your browser and ad preferences through Meta and Google. Disabling cookies may affect how the Services work for you.

5. Who we share information with

We share personal information with the following categories of providers so we can run the Services. Each provider receives only what they need, subject to their own security and privacy commitments.

• Supabase — database, authentication and file storage hosting.
• Stripe — payments and refunds. Stripe receives your name, email, billing details and transaction amounts.
• Resend — email delivery. Resend receives the recipient address, subject line, sender identity, message body and delivery events for emails sent through the Services.
• Twilio — SMS delivery. Twilio receives recipient phone numbers and message bodies for SMS sent through the Services.
• Our print fulfilment partner — printed stationery orders. The partner receives your shipping address, contact details, the print-ready design files and the order quantities.
• Meta (Facebook, Instagram) — advertising, attribution and conversion measurement. See section 4.
• Google — advertising, analytics and conversion measurement. See section 4.
• Internal operations tooling — we use secure operational tools (for example, an internal admin notifications channel) to monitor and respond to high-signal events such as high-value orders or churn. These notifications may include your first name, email, plan and order details.

We may also disclose personal information: to professional advisers; in connection with a sale or restructure of our business (with appropriate confidentiality protections); to enforce our Terms; or where required by law or to respond to lawful requests.

6. Overseas disclosure

Some of our providers are located, or store data, outside Australia — including in the United States and the European Union (for example, Stripe, Resend, Twilio, Meta, Google and certain Supabase regions). By using the Services you consent to your personal information being disclosed to these providers in those locations. We take reasonable steps to ensure that overseas recipients handle your information in a way that is consistent with the APPs.

7. Public sharing and user content

Some features let you publish content on a public URL — for example, wedding websites and digital invitations. If you share a public link, anyone with the link can see what you publish. Information published publicly may also be indexed or cached by third-party systems, including search engines, and may remain visible in those caches even after you remove it from the Services. You can add password protection to wedding websites.

8. Guests — requesting your information

If you received a message from someone who manages a wedding through Managing Matrimony (for example, an invitation or Save the Date), the account holder — not us — decides what information is stored about you and how it is used. Please contact them directly to ask about or correct your information. If you cannot reach them, email us at hello@managingmatrimony.com.au and we will do our best to help.

9. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These include access controls, encrypted transmission, row-level security on our database, segmented API keys and regular backups. No system is perfectly secure — please keep your login credentials safe and use a strong, unique password.

10. How long we keep information

• Active accounts and projects — for as long as your account is active, plus up to 24 months after, so you can return to finish planning or retrieve records.
• Guest information — tied to the project it belongs to; deleted when the project is deleted, subject to backups.
• Messages and delivery logs — up to 24 months after the message is sent, for troubleshooting, compliance and proof of delivery.
• Payment and tax records — at least 7 years, as required by Australian tax law.
• Marketing attribution data — up to 24 months.
• Backups — deleted content may persist in encrypted backups for up to 30 days before being overwritten.

11. Your rights

You have the right to:

• Ask for access to the personal information we hold about you.
• Ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.
• Ask us to delete your account and personal information, subject to legal retention obligations.
• Withdraw your consent to marketing communications at any time.
• Make a complaint about how we have handled your personal information.

To make a request, email hello@managingmatrimony.com.au. We aim to respond within 30 days. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Children

The Services are intended for people aged 18 and over. Account holders may record limited details about child guests (such as a first name and age group) to manage seating and catering. We do not knowingly collect personal information directly from children.

13. Data breaches

If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the OAIC in accordance with the Notifiable Data Breaches scheme.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date. We will notify account holders of material changes by email or in-product where practicable.

15. Contact

For privacy questions or requests, contact our privacy team at hello@managingmatrimony.com.au.

Also see: Terms & Conditions · Refund Policy.