Privacy Policy

When you create an account, we collect your email address, name, and authentication provider details (Google or Apple, if used).

When you create a hen party, we store the party details you provide: hen's name, dates, location preferences, and budget guidelines.

When group members are invited to view a plan, we store their name and email address. These are provided by the plan organiser, who confirms they have permission to share this information.

When you make a purchase, payment is processed securely by Stripe. We store your purchase history and order details but never your card information.

We automatically collect basic usage data (pages visited, features used) to improve the service. We do not sell this data to third parties.

To provide the core service: creating hen parties, generating personalised itineraries, sharing plans with your group, and delivering digital products.

To send transactional emails: magic link authentication, group invitations, RSVP reminders, payment reminders, and purchase confirmations.

To improve the product based on aggregated, anonymised usage patterns.

We will never sell your personal data. We will never send marketing emails without your explicit opt-in consent.

Itineraries are generated using artificial intelligence (Anthropic Claude). Your party preferences (location, budget, vibe, group size) are sent to this service to generate personalised suggestions.

Your personal identity (name, email) is not sent to the AI service. Only your planning preferences are used.

AI-generated itineraries may contain inaccuracies. Venue availability, pricing, and suitability should always be independently verified before booking.

Your preferences are not used to train AI models. They are processed solely to generate your itinerary and are not retained by the AI provider.

When a plan organiser adds guests, their name and email address are stored to manage invitations, RSVPs, and payment tracking.

Guest email addresses are provided by the plan organiser, who confirms at the point of sending that they have permission to email those individuals.

Guests may receive: an initial invitation email, RSVP reminder emails, and payment reminder emails. All emails include an unsubscribe link.

Guests can opt out of reminder emails at any time by clicking the unsubscribe link in any email or through their guest invitation. Opting out does not affect their ability to view the plan.

Guest personal data is deleted when the associated plan is deleted, when the planner's trial expires without upgrading, or automatically 12 months after the party date.

We share data with the following third-party services, solely as necessary to provide the product:

Stripe (payments) - processes payment transactions. Stripe retains customer records for tax and legal compliance even after account deletion.

Resend (email delivery) - sends transactional emails on our behalf.

Vercel (hosting) - hosts the application and may collect anonymised analytics data.

Anthropic (AI) - generates personalised itineraries from planning preferences. No personal identity data is shared.

Neon (database) - stores application data. Servers are located in the EU.

We have Data Processing Agreements in place with our sub-processors. We will update this list if we add new sub-processors.

Organisers control who can view their hen party plans. Group members can only see the finalised itinerary and accommodation options shared with them.

Your account data is retained for as long as your account is active.

If your trial ends without upgrading, we'll send you a reminder at 14 days, a final warning around 30 days, and then automatically delete your plans and any guest data around 37 days after the trial ends.

For paid accounts, guest personal data (name, email, phone, dietary, notes) is deleted 12 months after the party date. The plan itself remains in your account.

You can delete your account and all associated data at any time from the account settings page, or by emailing hello@theheneditco.com.

When you delete your account, all plans, guests, tasks, costs, and associated data are permanently removed from our database. Stripe may retain customer records for tax and legal compliance.

Data may persist in encrypted backups for up to 30 days after deletion.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and within 72 hours of becoming aware of the breach.

We will also notify the Information Commissioner's Office (ICO) as required under UK GDPR.

Some of our sub-processors (Stripe, Vercel, Anthropic) may process data outside the UK. Where data is transferred internationally, it is protected by Standard Contractual Clauses or equivalent safeguards in compliance with UK GDPR.

We use essential cookies for authentication and session management.

We offer optional analytics cookies (Vercel Analytics and Speed Insights) which you can accept or decline via the cookie consent banner. These collect anonymised usage data to help us improve the service.

We do not use third-party advertising or tracking cookies.

Under UK GDPR, you have the right to: access your personal data, correct inaccurate data, request deletion of your data, restrict processing, data portability, and withdraw consent for optional data processing at any time.

To exercise any of these rights, contact us at hello@theheneditco.com. We will respond within 30 days.

We may update this policy from time to time. We will notify registered users of significant changes via email. The latest version will always be available on this page.