Privacy Policy
Last updated: (v1.0)
This Privacy Policy explains how SIA "Bitbox 28", registration number 40203454887 ("we", "us", "our"), collects, uses, and protects your personal data when you use tableplanner.io (the "Service").
We are committed to protecting your privacy. We do not sell, rent, or share your personal data with third parties for marketing purposes.
1. Data Controller
SIA "Bitbox 28", Atpūtas 11, Cēsis, Latvia, is the data controller for the personal data processed through the Service. You can contact us at info@bitbox.lv.
2. What We Collect
2.1 Account data
When you create an account, we collect your email address. You may optionally provide your name and profile image. We use magic link authentication — we do not collect or store passwords.
2.2 Wedding and guest data
When you use the Service, you may provide: wedding name and date, guest names, dietary restriction tags (vegan, vegetarian, halal, kosher, gluten-free, allergy), accessibility tags (wheelchair, elderly, child), seating conflict preferences ("do not seat with" relationships), table layouts and seat assignments.
This data is stored to provide the Service and is accessible only to you (and anyone you share a read-only link with).
2.3 Session and security data
We collect IP address and browser user agent string when you sign in. This data is stored in your session record for security and fraud prevention purposes.
2.4 Payment data
Payment processing is handled by a third-party payment processor. We receive your email address and confirmation of payment. We do not receive, process, or store your credit card number, expiration date, or CVV. The payment processor’s own privacy policy governs their handling of your payment data.
2.5 Contact form data
If you use the contact form, we collect your name, email address, and message. This data is sent to our support email and is used solely to respond to your inquiry.
2.6 Local browser data
If you use the editor without an account, your chart data is stored in your browser’s local storage. This data never leaves your device unless you create an account. We also store your theme preference (light/dark mode) in local storage.
3. How We Use Your Data
We use your personal data for the following purposes:
• To provide and maintain the Service (account management, chart storage, PDF export, share links).
• To process payments via our payment processor.
• To send transactional emails (magic link sign-in emails).
• To respond to support inquiries submitted via the contact form.
• To protect the security of the Service (session management, fraud prevention).
We do not use your data for advertising, profiling, or automated decision-making.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area, our legal basis for processing your personal data is:
• Contract performance: processing your account data, wedding data, and payment data is necessary to provide the Service you requested (Art. 6(1)(b) GDPR).
• Legitimate interest: processing session data (IP, user agent) for security and fraud prevention (Art. 6(1)(f) GDPR).
• Consent: processing contact form data based on your voluntary submission (Art. 6(1)(a) GDPR).
5. Data Sharing
We share your personal data only with trusted third-party service providers, solely to operate the Service:
• Payment processor — your email and payment details are shared to process your purchase. We never see or store your credit card number.
• Database provider — your account and wedding data is stored on secure, hosted database servers.
• Email delivery provider — your email address is shared to send sign-in and contact form emails.
• Hosting provider — your requests are processed on our hosting provider’s infrastructure.
These providers process data on our behalf and are contractually bound to protect your data. Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.
We do not sell your data. We do not share your data with advertisers or data brokers.
6. Share Links
When you generate a share link, anyone with the link can view your wedding name, guest names, table layout, and seat assignments. Share links are randomised and not guessable, but you should treat them as you would any sensitive link. You can revoke a share link at any time from your account.
7. Cookies
We use only essential cookies required for the Service to function:
• Authentication cookie: a session cookie set when you sign in. This is necessary for you to stay signed in across pages. It expires when your session ends.
We do not use tracking cookies, analytics cookies, advertising cookies, or any third-party cookies. We do not use Google Analytics, Facebook Pixel, or similar tracking tools.
8. Data Retention
Your account and associated data (weddings, guests, tables, seats) are retained as long as your account is active. Session records are retained for security purposes and are periodically cleaned up.
Contact form inquiries are retained in our email for as long as necessary to resolve your request.
If you delete your account, all associated data is permanently removed, including all wedding data, guest data, table layouts, seat assignments, share tokens, and session records.
9. Your Rights
Under the GDPR and applicable data protection laws, you have the right to:
• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate personal data.
• Erasure: request deletion of your personal data and account.
• Restriction: request that we restrict processing of your data.
• Portability: request your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interest.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at info@bitbox.lv. We will respond within 30 days.
You also have the right to lodge a complaint with the Data State Inspectorate of Latvia (dvi.gov.lv) or your local data protection authority.
10. Children
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
• Encryption in transit (HTTPS/TLS) for all connections.
• Encryption at rest for stored data.
• Access controls limiting data access to authorised processes only.
• No storage of credit card or payment details on our systems.
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a notice within the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact
If you have questions about this Privacy Policy or our data practices, contact us at:
SIA "Bitbox 28"
Atpūtas 11, Cēsis, Latvia
Email: info@bitbox.lv