Cookie & Privacy Policy

1. Introduction

This Privacy Policy explains how einvite, operated by Kreative Smart Studio SRL ("we", "us", "our"), collects, uses, stores, and protects personal data when you use the einvite Platform ("Platform"), accessible at einvite.net.

We are committed to protecting your privacy in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection law.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Kreative Smart Studio SRL
Company Registration Number: 36201161
Email: hi@einvite.net

3. What Personal Data We Collect

3.1 Data You Provide Directly

When you register, purchase a plan, or use the Platform, we may collect:

• Full name and email address
• Billing information (processed securely via third-party payment providers — we do not store card details)
• Event details you create on the Platform, including event name, date, location, and personal messages
• Photos or media you upload to your invitations
• Any other content you voluntarily submit through the Platform

3.2 Data Collected Automatically

When you visit or use the Platform, we automatically collect:

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on the Platform
• Referral source (how you arrived at the Platform)
• Cookie data (see Part II — Cookie Policy)

3.3 Guest RSVP Data

When your guests respond to your event invitation, the following data may be collected on your behalf:

• Guest name
• Email address (if requested)
• RSVP response (attending / not attending)
• Optional message from the guest
• Number of accompanying guests

As stated in our Terms and Conditions, you are the data controller for your guests' personal data. einvite acts solely as the data processor for this information.

4. How We Use Your Personal Data

We use your personal data for the following purposes and on the following legal bases:

• Creating and managing your account — Performance of contract (Art. 6(1)(b) GDPR)
• Processing your payment — Performance of contract (Art. 6(1)(b) GDPR)
• Delivering the Platform service — Performance of contract (Art. 6(1)(b) GDPR)
• Sending transactional emails such as order confirmations and renewal reminders — Performance of contract (Art. 6(1)(b) GDPR)
• Responding to support or refund requests — Performance of contract (Art. 6(1)(b) GDPR)
• Improving Platform performance and user experience — Legitimate interest (Art. 6(1)(f) GDPR)
• Complying with legal obligations — Legal obligation (Art. 6(1)(c) GDPR)
• Sending marketing communications (only with consent) — Consent (Art. 6(1)(a) GDPR)

We will never use your personal data for purposes incompatible with those listed above.

5. Guest Data — Your Responsibilities as Data Controller

When you use einvite to collect RSVP responses from your guests, you become the data controller of that guest data. You are solely responsible for:

• Having a lawful basis for collecting your guests' personal data
• Informing your guests that their data will be processed via einvite
• Ensuring that guest data is not used beyond the purpose of event management
• Responding to any data subject requests made by your guests
• Deleting guest data when it is no longer necessary

einvite recommends that you include a brief privacy notice on your event page informing guests how their data will be used.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party for marketing purposes. We may share your data only in the following limited circumstances:

• Payment processors — to securely process your transactions. These processors are GDPR-compliant and process data solely for payment purposes
• Hosting and infrastructure providers — to operate and maintain the Platform securely
• Analytics providers — to understand how the Platform is used, with data anonymised or pseudonymised where possible
• Legal authorities — where required by law, court order, or regulatory obligation

All third-party processors are bound by data processing agreements in accordance with GDPR Article 28.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or that the recipient country has been deemed adequate by the European Commission.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this Policy:

• Account data — retained for the duration of your account and for 3 years following account deletion, for legal and accounting purposes
• Event and invitation data — retained for the duration of your subscription and for 30 days after event deactivation, after which it may be permanently deleted
• RSVP guest data — retained until event deactivation (30 days after the event date), after which it is deleted from our servers
• Payment and billing records — retained for 10 years in compliance with Romanian accounting and tax law
• Support correspondence — retained for 3 years from the date of last contact

9. Your Rights Under GDPR

As a data subject located in the European Union, you have the following rights:

• Right of access — you may request a copy of the personal data we hold about you
• Right to rectification — you may request correction of inaccurate or incomplete data
• Right to erasure — you may request deletion of your personal data, subject to legal retention obligations
• Right to restriction of processing — you may request that we limit how we process your data
• Right to data portability — you may request your data in a structured, machine-readable format
• Right to object — you may object to processing based on legitimate interest, including for direct marketing
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hi@einvite.net. We will respond within 30 calendar days. We may need to verify your identity before processing your request.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• Encrypted data transmission via HTTPS/TLS
• Secure password hashing
• Access controls limiting data access to authorised personnel only
• Regular security assessments of our infrastructure

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

11. Children's Privacy

The einvite Platform is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at hi@einvite.net and we will delete it promptly.

12. Links to Third-Party Websites

The Platform may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We recommend reviewing the privacy policy of any third-party site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of significant changes by email or via a notice on the Platform. The date of the latest revision is always indicated at the top of this document.

14. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the competent supervisory authority:

ANSPDCP — Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
Website: dataprotection.ro
Email: anspdcp@dataprotection.ro

You may also seek judicial remedy before the competent courts of Romania.

15. What Are Cookies

Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device, remember your preferences, and collect information about how you use the site. Cookies may be session-based (deleted when you close your browser) or persistent (remaining on your device for a set period).

16. What Cookies We Use

16.1 Strictly Necessary Cookies

These cookies are essential for the Platform to function and cannot be disabled. They do not require your consent.

• session_id — Maintains your login session — Duration: Session
• csrf_token — Protects against cross-site request forgery attacks — Duration: Session
• cookie_consent — Records your cookie preferences — Duration: 12 months

16.2 Functional Cookies

These cookies enable enhanced functionality and personalisation. Disabling them may affect your experience.

• lang_pref — Remembers your language preference — Duration: 12 months
• ui_settings — Remembers your Platform display preferences — Duration: 6 months

16.3 Analytics Cookies

These cookies help us understand how visitors interact with the Platform, allowing us to improve performance and user experience. All data collected is anonymised or pseudonymised.

• _ga — Google Analytics — Distinguishes unique users — Duration: 24 months
• _ga_* — Google Analytics — Maintains session state — Duration: 24 months

16.4 Marketing Cookies

We do not currently use marketing or advertising cookies on the Platform. If this changes, this Policy will be updated and your consent will be requested before any such cookies are placed.

17. Third-Party Cookies

Certain third-party services integrated into the Platform may place their own cookies on your device. These include:

• Google Analytics — for Platform usage analytics. Google's privacy policy is available at policies.google.com/privacy
• Payment processors — for secure transaction processing. Their cookie and privacy practices are governed by their own policies

We do not control third-party cookies and recommend reviewing the respective privacy policies of these providers.

18. Managing & Withdrawing Cookie Consent

You can manage your cookie preferences at any time through:

• Our cookie consent banner — displayed on your first visit to the Platform
• Your browser settings — most browsers allow you to block or delete cookies. Please refer to your browser's help documentation for instructions
• Third-party opt-out tools — for analytics cookies, you may opt out via tools.google.com/dlpage/gaoptout

Please note that disabling strictly necessary cookies may prevent the Platform from functioning correctly.

19. Do Not Track

Some browsers transmit a "Do Not Track" signal to websites. As there is currently no universally accepted standard for responding to such signals, the Platform does not alter its data collection practices in response to Do Not Track requests. You may use the cookie management options described in Section 18 to control tracking.

20. Contact

For any questions regarding this Cookie & Privacy Policy, or to exercise your data protection rights, please contact us at:

Email: hi@einvite.net

einvite is a product of:
Kreative Smart Studio SRL
Company Registration Number: 36201161