← Back to Novi

Data Privacy Policy

Version 2.5 — Effective April 12, 2026

This Privacy Policy explains how Novi ("the App"), a mobile application for wedding planning and coordination, operated by Moritz Schafft, 34132 Kassel, Germany ("the Operator", "we", "us"), collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR/DSGVO) and applicable German data protection law.

Contact for data protection inquiries: cd@moalsc.com

1. Data Controller

Moritz Schafft
34132 Kassel, Germany
Email: cd@moalsc.com

2. Data We Collect

  • Account Data: Email address, phone number (if using phone sign-in), display name, profile photo URL (if provided).
  • Authentication Data: Firebase Authentication tokens, Google Sign-In tokens (if using Google login), phone verification data (if using phone sign-in).
  • Usage Data: Content you create within groups (announcements, event details, gift registry entries, task assignments, expense records, packing lists, travel plans, accommodation details).
  • RSVP & Dietary Data: Attendance status, food preferences (e.g. vegan, vegetarian, fish, meat), severe allergy information, and the same data for plus-ones. This may include health-related data. We collect this data only when you voluntarily provide it during the RSVP process.
  • Location Data: When you enter a location for an event or venue, the App uses Google Places API to provide address autocomplete suggestions and convert locations into geographic coordinates (latitude and longitude). A Google Place ID is also stored alongside the coordinates to identify the selected place. On the web planner, Places API requests are made directly from your browser, which means Google receives your IP address and typed search queries. On the mobile app, requests are routed through our Cloud Functions in europe-west1 (Belgium). This location data is stored with the event. We do NOT track your device location in the background or access your GPS without your action. Location data is only collected when you voluntarily enter a location.
  • Group Data: Group membership, group names, invite codes.
  • Guest Language Preference: When a wedding planner sets a language for a guest or for the guest website, or when a guest selects a language on the guest website, that language preference is stored. On the guest website, the selected language is also saved in your browser's localStorage.
  • Technical Data: Push notification tokens (FCM), device type, app version.
  • Moderation Data: Reports filed by users regarding content violations.
  • Guest Invitation Data: When a wedding planner sends invitations through the App, we collect and store guest email addresses (normalized to lowercase), first names, and last names. A guest email lookup index is maintained to enable automatic matching when guests sign up via the guest website.
  • AI Summary Data: The App generates personalized daily event summaries using Google's Gemini API. The following data is sent for processing: your first name, event titles, times, locations, categories, and your RSVP status for each event. No email addresses, user IDs, or other account identifiers are sent to Google Gemini. Summaries are generated daily and automatically deleted after 7 days.
  • Area Guide Data: Location data for spots and tips added by planners to the area guide, including place names, geographic coordinates, categories, and descriptions. This data may be synced to Google Drive as a KML file for use with Google My Maps.
  • Weather Data: To display historical and forecast weather information for event and travel locations, the App sends the geographic coordinates (latitude and longitude) you have entered for an event or trip, along with the relevant dates, to the Open-Meteo API. No user identifiers, account data, or other personal information are transmitted. Weather results are cached locally on your device.
  • Field-Level Content Encryption: Sensitive group content — including announcements, expenses, travel plans, travel legs, accommodations, wishlist items, responsibilities, packing lists and items, and event details — is encrypted on your device using AES-256 with a per-group encryption key before being stored in Firestore. The server stores only ciphertext; plaintext is only ever visible to members of your group who hold the group key.

We do NOT collect: contacts, browsing history, advertising identifiers, or biometric data.

3. Legal Basis for Processing (Art. 6 GDPR)

  • Contract Performance (Art. 6(1)(b)): Processing your account data (including email address or phone number), usage data, RSVP and dietary data, and location data is necessary to provide the App's services.
  • Legitimate Interest (Art. 6(1)(f)): Content moderation and safety measures to protect users and prevent misuse.
  • Consent (Art. 6(1)(a)): Push notifications (you can opt out at any time via device settings).

4. How We Use Your Data

  • To provide and operate the App's features (announcements, events, gift registry, expenses, RSVP, food preferences, etc.).
  • To authenticate your identity and manage your account.
  • To send push notifications about group activity (with your consent).
  • To provide address autocomplete suggestions and convert location text to geographic coordinates for event and venue mapping (via Google Places API).
  • To moderate content and enforce our Terms of Service.
  • To respond to user reports and investigate potential violations.
  • To send invitation emails to guests on behalf of wedding planners (via Brevo).
  • To automatically match guests to their guest list entry when they sign up via the guest website, using a normalized email lookup.
  • To generate personalized daily event summaries using AI (via Google Gemini), helping you stay informed about upcoming events.
  • To sync area guide spots to Google Drive as a KML file for use with Google My Maps, enabling planners to share location information with guests.
  • To comply with legal obligations.

5. Data Sharing & Third Parties

We share data only with the following service providers ("processors"), all of which are GDPR-compliant:

  • Google Firebase (Google LLC, USA): Authentication (including phone number verification via SMS), database (Firestore), cloud functions, push notifications, file storage. Google is certified under the EU-US Data Privacy Framework. firebase.google.com/support/privacy
  • Google Places API (Google LLC, USA): Address autocomplete and place details for events and venue locations. On the mobile app, your search queries are sent to Google's Places API from our Cloud Functions in europe-west1 (Belgium) — only the search text is sent, with no user identifiers. On the web planner, requests are made directly from your browser to Google's servers, which means Google receives your IP address along with your search queries. Google is certified under the EU-US Data Privacy Framework. policies.google.com/privacy
  • OpenAI (OpenAI, LLC, USA): Text content submitted for automated moderation checks. Only the text content is sent — no user identifiers. OpenAI's moderation endpoint does not store or train on submitted data. openai.com/privacy
  • Brevo (Brevo SAS, France): Transactional email delivery for guest invitations. When a wedding planner sends invitations, guest first name, last name, and email address are transmitted to Brevo's API to deliver the invitation email. Brevo processes this data within the EU. brevo.com/legal/privacypolicy
  • Google Gemini API (Google LLC, USA): Generates personalized daily event summaries. Data sent includes your first name, event titles, times, locations, categories, and RSVP status. No email addresses, user IDs, or other account identifiers are sent. Our Cloud Functions call the Gemini API from the europe-west1 (Belgium) region. Google is certified under the EU-US Data Privacy Framework. Google's Gemini API terms state that data sent via the API is not used to train Google's models. ai.google.dev/terms
  • Google Drive API (Google LLC, USA): Area guide spots are synced to Google Drive as a KML file for use with Google My Maps. Only location data (place names, coordinates, categories) is sent — no user identifiers. Google is certified under the EU-US Data Privacy Framework. policies.google.com/privacy
  • Open-Meteo (Open-Meteo, Bürglen, Switzerland): Historical and forecast weather data for event and travel locations. Only geographic coordinates (latitude and longitude) and the requested dates are transmitted — no user identifiers. Open-Meteo does not require accounts, does not set cookies, and states it does not log personal data. open-meteo.com/en/terms

Phone numbers provided for authentication are sent to and stored by Google to improve spam and abuse prevention across Google services, including Firebase. By using phone sign-in, you consent to this processing.

We do NOT sell, rent, or share your personal data with advertisers or other third parties.

6. Data Retention

  • Account data: Retained as long as your account exists.
  • Usage data (group content): Retained as long as the group exists or until you delete it.
  • Moderation data: Reports are retained for up to 12 months.
  • Technical data (FCM tokens): Removed upon sign-out or account deletion.
  • AI-generated daily summaries: Automatically deleted after 7 days.
  • Guest invitation data (email lookup index): Retained as long as the group exists or until the planner deletes the guest list entry.
  • Guest website localStorage data: Language preferences and other settings are stored locally on the guest's device via localStorage and automatically cleared after the wedding date has passed.
  • Travel plans: Retained as long as the group exists or until the creator deletes them.
  • Accommodation entries: Retained as long as the group exists or until the creator deletes them.
  • Area guide spots and tips: Retained as long as the group exists or until the creator deletes them.
  • Transport options: Retained as long as the group exists or until the planner deletes them.
  • Q&A entries: Retained as long as the group exists or until the creator deletes them.

7. Your Rights (GDPR Art. 15–21)

You have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of all your personal data. Available via the "Export My Data" button in the App's profile settings.
  • Right to Rectification (Art. 16): Update your profile information at any time via the App.
  • Right to Erasure (Art. 17): Delete your account and all associated data via "Delete Account" in the App's profile settings.
  • Right to Data Portability (Art. 20): Export your data in a machine-readable format via the App.
  • Right to Object (Art. 21): Object to data processing based on legitimate interest.
  • Right to Restrict Processing (Art. 18): Request restriction of processing in certain circumstances.

To exercise any of these rights, contact: cd@moalsc.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all data communication.
  • Encryption at rest for all data stored by Firebase (Google's standard server-side encryption).
  • Client-side field-level encryption (AES-256) for sensitive group content — announcements, expenses, travel plans, travel legs, accommodations, wishlist items, responsibilities, packing lists and items, and event details — using a per-group encryption key. The server only ever stores ciphertext for these fields.
  • Firebase Security Rules restricting data access to authorized users.
  • Automated content moderation to detect and remove harmful content.
  • Rate limiting to prevent abuse.

9. Children's Data

The App is not intended for children under 16 years of age. We do not knowingly collect data from children under 16. If we become aware that a user is under 16, we will delete their account and data.

10. International Data Transfers

Some of our service providers process data outside the European Economic Area:

  • Google (Firebase, Gemini API, Places API, Drive API) — USA: Certified under the EU-US Data Privacy Framework. Standard Contractual Clauses (SCCs) where applicable. Gemini API, Places API, and Drive API calls are initiated from our Cloud Functions in europe-west1 (Belgium).
  • OpenAI — USA: Only anonymized text content is sent (no personal identifiers). Standard Contractual Clauses apply.
  • Brevo — France: Data remains within the EU. Brevo is headquartered in France and processes email delivery data on EU servers.
  • Open-Meteo — Switzerland: Switzerland is recognized by the European Commission as providing an adequate level of data protection (adequacy decision). Only coordinates and dates are transmitted — no personal identifiers.

11. Automated Decision-Making (Art. 13(2)(f) GDPR)

The App uses the following automated processing:

  • Content Moderation: User-submitted text content is automatically checked by OpenAI's moderation API to detect potentially harmful content (harassment, hate speech, violence, etc.). Content flagged by the system may be blocked. This is based on our legitimate interest in maintaining a safe platform (Art. 6(1)(f)). No fully automated decisions with legal effects are made — flagged content is subject to review and users can contest moderation actions by contacting cd@moalsc.com.
  • AI Daily Summaries: The App generates personalized daily event summaries using Google's Gemini API. Your first name, event titles, times, locations, and RSVP status are used to create these summaries. This is part of the App's service delivery (Art. 6(1)(b)). Summaries are automatically deleted after 7 days. No profiling or automated decisions are made based on these summaries.

You have the right to object to automated processing under Art. 21 GDPR. Contact: cd@moalsc.com

12. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated through the App, and you may be asked to acknowledge the updated policy.

13. Complaints

If you believe your data protection rights have been violated, you may lodge a complaint with:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany
datenschutz.hessen.de

14. Contact

For all data protection inquiries: cd@moalsc.com