Privacy policy

The data controller is the person responsible for my-bachelorette-party.com, based in France, on behalf of the My Bachelorette Party project. No legal entity is registered yet; data-related requests can be sent via the formulaire de contact.

Bachelorette Party sites generated by the service are public: anyone with the link (URL) can view the displayed content without an account. Only share the link with people you trust. Editing and certain actions (payment, advanced management) remain reserved for the organizer via dedicated access.

• Bachelorette Party creation: questionnaire answers (city, dates, preferences, style, etc.), chosen theme, generated site content, technical event identifier.
• Organizer account: email address if you provide one (link recovery, notifications).
• Invited guests: display name, email if provided for invitation or verification, photos uploaded to the gallery (depending on plan).
• Payment: data processed by Stripe (we do not store card numbers).
• Contact: name, email, and message content via the dedicated form.
• Technical: server logs, signed session identifiers, hashed fingerprints for abuse limiting (no plain IP address stored in the application database).
• Audience measurement and stability: data collected via PostHog, Google Ads (conversions), Vercel Web Analytics, Vercel Speed Insights, and Sentry (see dedicated section).

The site uses the following tools in particular:

• PostHog — Audience measurement, product events, and session recordings (EU hosting, after consent).
• Google Ads — Advertising conversion measurement (gtag tag, after consent).
• Vercel Web Analytics — Aggregated audience metrics (page views, country, device — no marketing cookie).
• Vercel Speed Insights — Perceived performance (Core Web Vitals: LCP, FCP, CLS, INP, etc.).
• Sentry — Error tracking and page performance (aggregated transactions, no cookie banner).
• Google reCAPTCHA — Anti-spam protection on the contact form.

Vercel Web Analytics (aggregated page views) and Vercel Speed Insights (performance / Core Web Vitals) do not rely on the cookie banner: aggregated measurement without marketing cookies (see Vercel policy). PostHog (detailed audience, product events, replays) and the Google Ads tag (ad conversions) are only enabled after “Accept all” on the “Cookies and trackers” banner. Google Ads uses Consent Mode: loaded with storage denied by default, then full mode if you accept. You can change your choice at any time via the “Cookies” link at the bottom of the page. Sentry (errors and page performance, no cookie banner) and reCAPTCHA (contact form) are trackers necessary for service operation or security.

• Providing the service and displaying public sites (contract performance / pre-contractual steps).
• Security, abuse prevention, and creation rate limiting (legitimate interest).
• Sending transactional emails related to the service (contract performance).
• Payment for Premium / Ultimate plans by consumers (contract performance).
• Responding to contact messages (legitimate interest).
• Audience measurement and service improvement (legitimate interest, subject to applicable tracker rules).
• Detecting and fixing technical incidents via Sentry (legitimate interest).

Free sites remain accessible for a limited time after the Bachelorette Party end date (about one month). Premium and Ultimate plans are not subject to this limit. Content is kept while the service is active and as needed for technical reasons.

Technical logs and abuse-limiting data are kept for a proportionate period. Contact messages are kept as long as needed to handle the request.

Data may be processed by:

• Vercel Inc. — Web application hosting.
• Supabase, Inc. — Database and file storage (depending on configuration).
• OpenAI, LLC — Text content generation from the questionnaire.
• Resend, Inc. — Transactional email (codes, invitations, notifications).
• Stripe, Inc. — Online payment for paid plans (consumers).
• Amazon Web Services (or S3-compatible provider) — Gallery photo storage (relevant plans).
• Functional Software, Inc. (Sentry) — Application error logging.

Some providers are located outside the European Union. Their transfers rely on safeguards set out in their terms (standard contractual clauses, certifications, etc.).

Under the GDPR, you have the rights of access, rectification, erasure, restriction, portability, and objection, as well as the right to withdraw consent where processing is based on it. You may lodge a complaint with the CNIL (www.cnil.fr).

To exercise your rights, use the formulaire de contact specifying your request and, if possible, your site URL or the email address used when creating your site.

When you arrive on the site, a banner lets you accept or refuse audience measurement trackers. PostHog and Google Ads are only enabled if you accept (Consent Mode for Google advertising). Your choice is stored for six months on your device. Strictly necessary cookies ensure the service works (session, security). Sentry helps detect technical incidents; reCAPTCHA protects the contact form.

The “Cookies” link in the footer reopens the banner so you can change your preference. You can also limit cookies in your browser settings.

We implement reasonable technical and organizational measures (HTTPS, restricted database access, server secrets, rate limiting). However, no transmission over the Internet is guaranteed to be 100% secure.

This policy may be updated. The date at the bottom of the page shows the last revision. In case of a major change, a notice may be displayed on the site.