Privacy Policy

KnotBook is the data controller responsible for your personal data. For any privacy-related queries, you can contact us at admin@knotbook.co.uk.

2.1 Information You Provide

• Account details— name, email address, password (stored hashed), and account type (individual or planner).
• Wedding planning content— wedding date, venue, budget figures, guest lists, allergies/diets, vendor information, outfits, mood boards, seating plans, tasks, timelines, checklists, and any other content you upload or enter.
• Planner client data— if you are a wedding planner, information you input about your clients.
• Communications— messages, feedback, and support requests you send to us.

2.2 Payment Information

Payments are processed by Stripe. We do not store full card details on our servers. Stripe provides us with limited information such as last four digits, card brand, subscription status, and billing events.

2.3 Information Collected Automatically

• Device and browser type
• IP address and approximate location
• Pages visited and actions taken on the Platform
• Timestamps of activity (login, edits, uploads)
• Cookies and similar technologies (see Section 7)

2.4 Guest and Third-Party Data

When you upload information about wedding guests, vendors, or clients, you confirm you have the right to do so. You are responsible for ensuring those individuals are aware of how their data will be used in connection with your wedding planning.

We use your personal data to:

• Provide and operate the Platform and its features
• Authenticate users and secure accounts
• Process subscriptions, payments, and refunds
• Send transactional emails (account, billing, reminders)
• Send optional marketing emails (only with your consent — you can opt out at any time)
• Respond to support requests and feedback
• Improve the Platform and develop new features
• Detect, prevent, and investigate fraud, abuse, or violations of our Terms
• Comply with legal obligations

Under UK GDPR, we process your personal data on the following lawful bases:

• Contract— to provide the services you signed up for.
• Legitimate interests— to operate, secure, and improve our Platform, provided your rights do not override these interests.
• Consent— for marketing communications and optional cookies. You may withdraw consent at any time.
• Legal obligation— where we are required to retain or disclose data by law.

We do not sell your personal data. We share data only with trusted service providers who help us operate the Platform:

• Stripe— payment processing
• Resend— transactional and notification emails
• Cloudinary— image storage and delivery
• Hosting and infrastructure providers— to host the Platform and store data

These providers are bound by their own privacy and security obligations and may only process data on our instructions.

We may also disclose information where required by law, court order, or to protect our legal rights.

Some of our service providers may process data outside the United Kingdom or European Economic Area. Where this happens, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement or Standard Contractual Clauses.

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the Platform is used.

Categories of cookies:

• Strictly necessary— required for login, security, and core functionality.
• Functional— remember your preferences.
• Analytics— help us understand usage patterns (used only with your consent where required).

You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent the Platform from working correctly.

We retain your personal data only for as long as necessary:

• Active accounts— for the duration of your subscription, subject to the 3-year planning access limit described in our Terms.
• Inactive or closed accounts— data may be retained for up to 12 months after closure, then deleted or anonymised.
• Billing and tax records— retained for up to 7 years to comply with UK financial laws.
• Backups— may be retained for a limited period before automatic overwrite.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your data (right to be forgotten), subject to legal exceptions
• Restrict or object to certain processing
• Request portability of your data in a machine-readable format
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk

To exercise any of these rights, email admin@knotbook.co.uk. We will respond within one calendar month.

We protect your data through measures including:

• HTTPS/TLS encryption for all traffic
• Hashed and salted password storage
• Access controls and authenticated sessions
• Reputable infrastructure and payment providers
• Periodic review of security practices

No system is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

KnotBook is not intended for anyone under 18 years old. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will remove it.

We will only send marketing emails with your consent. Every marketing email contains an unsubscribe link, and you may opt out at any time without affecting transactional emails (such as billing or security notifications).

The Platform may contain links to third-party websites (e.g., vendor sites). We are not responsible for the privacy practices of those sites, and we encourage you to review their privacy policies separately.

We may update this Policy from time to time. The “Last updated” date at the top reflects the latest version. Significant changes will be notified by email or through the Platform.

For any questions about this Privacy Policy or how we handle your data:

Email: admin@knotbook.co.uk