Get Started
Pricing
Blog
Log in

Privacy Policy

Last Updated: 13 February 2026

1. Who we are

Wedly ("we", "our", "us") is a SaaS platform built for wedding professionals. We provide tools for managing bookings, quotes, payments, client communication, and AI-assisted workflows.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

  • Wedly is the Data Controller for personal data collected from Tenants (wedding professionals who subscribe to our platform).
  • Wedly is the Data Processor for personal data that Tenants collect from their Wedding Customers via the platform.
  • Tenants are the Data Controllers for their own Wedding Customers' data.

If you have questions about this policy, please contact us at hello@koursertech.com.

2. What personal data we collect

2.1. From Tenants (wedding professionals)

  • Name, email address, and business name (provided during registration)
  • Payment and billing information (processed securely via Stripe; we do not store card numbers)
  • Business content such as service catalogues, quote templates, and uploaded documents
  • Knowledge files uploaded to train AI assistant features
  • Usage data such as login times and feature interactions

2.2. From Wedding Customers (end-clients of Tenants)

  • Name and email address (provided by the Tenant or through web form submissions)
  • Event details such as wedding date, venue, and preferences
  • Messages sent through the chat or portal features
  • Files and images uploaded to the Guest Portal (e.g. mood boards, inspiration images)
  • Payment information when paying invoices (processed via Stripe on behalf of the Tenant)

3. How we use personal data

We process personal data for the following purposes:

  • Providing the service: managing accounts, processing bookings, generating quotes, handling payments, and enabling communication between Tenants and their Wedding Customers.
  • AI-assisted features: generating draft emails, quotes, timelines, and follow-ups using tenant-specific knowledge. AI outputs are always presented as suggestions requiring human review before sending.
  • Authentication and security: verifying identity via OIDC login for Tenants and magic link email verification for Wedding Customers accessing the Guest Portal.
  • Billing: processing subscription payments and generating invoices through Stripe.
  • Service improvement: understanding how the platform is used so we can fix issues and improve features.
  • Legal compliance: meeting our obligations under UK law, including responding to lawful requests from authorities.

4. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract: processing necessary to provide the service you have subscribed to (Article 6(1)(b)).
  • Legitimate interests: improving the platform and ensuring security (Article 6(1)(f)).
  • Legal obligation: where we are required to process data by law (Article 6(1)(c)).
  • Consent: where Wedding Customers submit their data through web forms or the Guest Portal, their Tenant is responsible for obtaining appropriate consent.

5. Cookies and similar technologies

Wedly uses only strictly necessary cookies that are essential for the platform to function. We do not use any tracking, analytics, or advertising cookies.

The cookies we set are:

  • Authentication cookies: these keep you logged in securely during your session and are set when you sign in via your identity provider. They are encrypted and cannot be read by third parties.
  • Portal authentication cookies: these allow Wedding Customers to access the Guest Portal after verifying their email via a magic link. They expire after a set period.
  • Anti-forgery cookies: these protect form submissions from cross-site request forgery attacks, a standard security measure.

Because we only use strictly necessary cookies, we do not require your consent to set them under the Privacy and Electronic Communications Regulations 2003 (PECR). There is no need for a cookie consent banner on this platform.

6. Third-party services

We use the following third-party services that may process personal data on our behalf:

  • Google Cloud: AI assistant features are powered by Google's AI services. Tenant knowledge and conversation data may be sent to Google for processing. We use API-only access with no data retention by the provider for training purposes.
  • Stripe: payment processing for subscriptions and invoice payments. Stripe is PCI DSS compliant. See Stripe's privacy policy.
  • ZeptoMail: transactional email delivery for notifications, magic links, and system messages.
  • Cloudflare: DNS, SSL, and content delivery. Cloudflare may process limited technical data (IP addresses, request metadata) as part of routing traffic.

We ensure that all third-party processors provide adequate safeguards for personal data in line with UK GDPR requirements.

7. Data sharing

We do not sell personal data to anyone. We share personal data only in the following circumstances:

  • With the third-party service providers listed above, strictly to deliver the service.
  • Where required by law, regulation, or a valid legal process.
  • Between a Tenant and their Wedding Customers as part of the normal use of the platform (e.g. messages, quotes, invoices).

Tenant data is logically isolated. We never share or mix data between different Tenant accounts.

8. Data retention

  • Tenant account data: retained for as long as the subscription is active, plus a reasonable period after cancellation to allow for reactivation or comply with legal obligations.
  • Wedding Customer data: retained in line with the Tenant's use of the platform. Tenants may delete individual customer records at any time.
  • Payment records: retained as required by UK tax and accounting regulations (typically 6 years).
  • AI knowledge files: retained while the Tenant's account is active and deleted upon account closure or at the Tenant's request.
  • Logs and audit data: retained for up to 12 months for security and debugging purposes.

9. Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can ask us to delete your data, subject to any legal retention requirements.
  • Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability: you can request your data in a structured, commonly used format.
  • Right to object: you can object to processing based on legitimate interests.

To exercise any of these rights, please email hello@koursertech.com. We will respond within one month as required by law.

Wedding Customers

If you are a Wedding Customer and wish to exercise your data rights, please contact the wedding professional (Tenant) you are working with in the first instance, as they are the Data Controller for your data. If you are unable to resolve your request with them, you may contact us directly.

10. Children's data

Wedly is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from someone under 18, we will delete it promptly.

11. International data transfers

Where personal data is transferred outside the UK (for example, to AI service providers based in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or reliance on an adequacy decision, in line with UK GDPR requirements.

12. Security

We take the security of your data seriously. Measures include:

  • Encryption of data in transit (TLS) and at rest
  • Logical tenant isolation so data is never shared between accounts
  • Secure authentication via OIDC and encrypted session cookies
  • Regular encrypted backups with redundancy
  • Role-based access controls within the platform

13. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify Tenants via email or through the platform. The "Last Updated" date at the top of this page will always reflect the most recent version.

14. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to resolve any concerns before you contact the ICO. Please reach out to us at hello@koursertech.com first.

An unhandled error has occurred. Reload 🗙