← Back to LN Wedding

Data Privacy Policy

Version 1.0 — Effective March 1, 2026

This Privacy Policy explains how LN Wedding ("the App"), a mobile application for wedding planning and coordination, operated by Moritz Schafft, Am Hahnen 25, 34132 Kassel, Germany ("the Operator", "we", "us"), collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR/DSGVO) and applicable German data protection law.

Contact for data protection inquiries: cd@moalsc.com

1. Data Controller

Moritz Schafft
Am Hahnen 25
34132 Kassel, Germany
Email: cd@moalsc.com

2. Data We Collect

  • Account Data: Email address, display name, profile photo URL (if provided).
  • Authentication Data: Firebase Authentication tokens, Google Sign-In tokens (if using Google login).
  • Usage Data: Content you create within wedding groups (announcements, events, RSVP responses, gift registry items, expenses, tasks, packing lists, flight details, accommodation listings).
  • Group Data: Group membership, group names, wedding date, venue information, invite codes.
  • Technical Data: Push notification tokens (FCM), device type, app version.
  • Calendar Data: If you enable calendar sync, wedding events are written to your device's native calendar. This data stays on your device.
  • Analytics Data: App usage patterns, screen views, session duration, crash reports, and performance metrics — collected via Google Analytics for Firebase. This data is aggregated and pseudonymized (linked to a random instance ID, not your email or name).
  • Moderation Data: Content submitted for automated moderation checks, reports filed by users.

We do NOT collect: precise location data, contacts, browsing history, advertising identifiers, or biometric data.

3. Legal Basis for Processing (Art. 6 GDPR)

  • Contract Performance (Art. 6(1)(b)): Processing your account data and usage data is necessary to provide the App's services.
  • Legitimate Interest (Art. 6(1)(f)): Content moderation and safety measures to protect users and prevent misuse. Analytics data to improve app performance, stability, and user experience.
  • Consent (Art. 6(1)(a)): Push notifications and calendar sync (you can opt out at any time via device settings or the App).

4. How We Use Your Data

  • To provide and operate the App's features (announcements, events, gift registry, expenses, tasks, packing lists, flights, accommodation, etc.).
  • To authenticate your identity and manage your account.
  • To send push notifications about wedding group activity (with your consent).
  • To sync wedding events to your device calendar (with your consent).
  • To analyze app usage, diagnose crashes, and improve performance and reliability (via Google Analytics for Firebase).
  • To moderate content and enforce our Terms of Service.
  • To respond to user reports and investigate potential violations.
  • To comply with legal obligations.

5. Data Sharing & Third Parties

We share data only with the following service providers ("processors"), all of which are GDPR-compliant:

  • Google Firebase (Google LLC, USA): Authentication, database (Firestore), cloud functions, push notifications, file storage. Google is certified under the EU-US Data Privacy Framework. firebase.google.com/support/privacy
  • Google Analytics for Firebase (Google LLC, USA): Pseudonymized app usage analytics, crash reports, and performance monitoring. Data is aggregated and not used for advertising. Google does not share this data with third parties. Analytics data is linked to a randomly generated instance ID — not to your name or email. You can request deletion of this data by deleting your account. firebase.google.com/support/privacy
  • OpenAI (OpenAI, LLC, USA): Text content submitted for automated moderation checks. Only the text content is sent — no user identifiers. OpenAI's moderation endpoint does not store or train on submitted data. openai.com/privacy

We do NOT sell, rent, or share your personal data with advertisers or other third parties.

6. Data Retention

  • Account data: Retained as long as your account exists.
  • Usage data (group content): Retained as long as the wedding group exists or until you delete it.
  • Moderation data: Content moderation results are not stored. Reports are retained for up to 12 months.
  • Technical data (FCM tokens): Removed upon sign-out or account deletion.
  • Analytics data: Retained by Google for up to 14 months (configurable in Google Analytics settings), then automatically deleted. Instance IDs are reset upon account deletion.

7. Your Rights (GDPR Art. 15–21)

You have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of all your personal data. Available via the "Export My Data" button in the App's profile settings.
  • Right to Rectification (Art. 16): Update your profile information at any time via the App.
  • Right to Erasure (Art. 17): Delete your account and all associated data via "Delete Account" in the App's profile settings.
  • Right to Data Portability (Art. 20): Export your data in a machine-readable format via the App.
  • Right to Object (Art. 21): Object to data processing based on legitimate interest.
  • Right to Restrict Processing (Art. 18): Request restriction of processing in certain circumstances.

To exercise any of these rights, contact: cd@moalsc.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all data communication.
  • Firebase Security Rules restricting data access to authorized users.
  • Automated content moderation to detect and remove harmful content.
  • Rate limiting to prevent abuse.

9. Children's Data

The App is not intended for children under 16 years of age. We do not knowingly collect data from children under 16. If we become aware that a user is under 16, we will delete their account and data.

10. International Data Transfers

Some of our service providers (Google, OpenAI) are based in the USA. These transfers are protected by:

  • EU-US Data Privacy Framework (Google).
  • Standard Contractual Clauses (SCCs) where applicable.
  • For moderation: Only anonymized text content is sent (no personal identifiers).

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated through the App, and you may be asked to acknowledge the updated policy.

12. Complaints

If you believe your data protection rights have been violated, you may lodge a complaint with:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany
datenschutz.hessen.de

13. Contact

For all data protection inquiries: cd@moalsc.com