Privacy Policy
Effective Date: January 2026
Last Updated: January 2026
1. Introduction
DDay ("we," "our," or "us") is the trade name of Kiltech LLC. This Privacy Policy describes how DDay collects, uses, shares, and protects information when you use our digital wedding invitation platform, including but not limited to the websites at dday.io, invite.dday.io, and api.dday.io (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.
DDay respects your privacy. We do not sell your personal data.
2. Information We Collect
2.1 Host Information
When you create an account as a Host, we collect:
- Name: Your display name for invitations
- Email Address: For account access, notifications, and Email OTP authentication
- Phone Number: For Phone OTP authentication and SMS notifications
- Google Account Info: If you use Google OAuth to sign in
- Wedding/Event Details: Date, venue, invitation content, and uploaded photos
2.2 Guest Information
When guests interact with invitations, we may collect:
- Name: Guest name for RSVP responses
- Phone Number: If provided for contact
- Email Address: If provided for contact
- RSVP Responses: Attendance status, party size, meal preferences
- Guestbook Messages: Messages left for the Host
- Uploaded Photos: Photos shared by guests
Important: Guests may interact with invitations without creating an account. Hosts are responsible for obtaining proper consent from guests and complying with applicable privacy laws.
2.3 Payment and Billing Information
- Payment Details: Payment method information (processed securely by Stripe and PayPal)
- Transaction History: Purchase records, order history, and hosting fees
- Billing Address: For payment processing and tax compliance
Note: We do not store your full credit card details. Payment information is processed and stored by our PCI-compliant payment processors, Stripe and PayPal.
2.4 Usage and Technical Information
- Device Information: Device type, operating system, browser type and version, unique device identifiers
- Log Data: IP address, access times, pages viewed, page interactions, and referral URLs
- Cookies and Tracking: Session cookies, authentication tokens, and analytics data
- Performance Data: App crashes, errors, and usage statistics
3. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To provide, operate, and maintain the invitation platform
- Authentication: To verify your identity and secure your account with OTP codes
- Invitation Delivery: To send event invitations via SMS and email on your behalf
- RSVP Management: To collect and track guest responses to your invitations
- Payment Processing: To process purchases, manage your orders, and send receipts
- Communication: To send service notifications, reminders, low balance alerts, and customer support responses
- Personalization: To customize your experience based on preferences and usage patterns
- Analytics and Improvement: To understand how users interact with our Service and make improvements
- Security: To detect and prevent fraud, abuse, and security incidents
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
4. SMS and Communication Practices
4.1 SMS Consent
By providing your phone number and creating an account, you expressly consent to receive SMS text messages from DDay, including:
- One-time verification codes (OTPs) for account authentication
- RSVP notifications and updates
- Broadcast messages to wedding guests
- Service notifications (order confirmations, reminders)
SMS messaging is subject to TCPA compliance. You may opt out at any time.
4.2 Message Frequency and Costs
Message frequency varies based on your activity and the events you create or attend. Standard message and data rates from your mobile carrier may apply. We are not responsible for charges from your carrier.
4.3 Opt-Out Rights
You may opt out of receiving SMS messages at any time by:
- Replying STOP to any SMS message from DDay
- Adjusting notification settings in your account
- Contacting us at support@dday.io
Note: Opting out of SMS may limit certain Service features, including account authentication and notification delivery.
4.4 Help and Support
For SMS support, reply HELP to any message or contact us at support@dday.io.
5. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:
5.1 With Your Consent
- Event Guests: Your event details and contact information are shared with guests you invite
- RSVP Responses: Guest responses may be visible to other invited guests if you enable this feature
5.2 Service Providers
We share information with trusted third-party vendors who help us operate our Service:
- Stripe & PayPal: Payment processing and billing
- Telnyx: SMS delivery for OTP codes and notifications
- Resend: Email delivery service
- Google Analytics: Usage analytics and service improvement
- Google Drive: Cloud photo exports (user-initiated)
- Cloudflare: CDN, image storage, and security
- Fulfillment Vendors: Physical product printing and shipping (for keepsakes)
These providers are bound by confidentiality obligations and may only use your information to perform services on our behalf.
5.3 Legal Requirements
We may disclose your information if required by law or in good faith belief that such action is necessary to:
- Comply with legal obligations, court orders, or government requests
- Enforce our Terms of Service and other agreements
- Protect the rights, property, or safety of DDay, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
5.4 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: Data in transit is encrypted using TLS/SSL protocols
- Authentication: Secure OTP-based authentication and token-based sessions
- Access Controls: Role-based access and principle of least privilege
- Monitoring: Continuous security monitoring and incident response
- Regular Audits: Periodic security assessments and vulnerability scanning
However, no method of transmission or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Your Privacy Rights
You have the following rights regarding your personal information:
7.1 Access and Portability
You can access, review, and download your personal information through your account settings or by contacting us.
7.2 Correction and Updates
You can update your account information, including phone number, email, and profile details, through your account settings.
7.3 Deletion
You can delete your account at any time through account settings. Upon deletion:
- Your personal information will be permanently deleted within 30 days
- Active invitations may remain accessible to guests for event completion
- Billing records may be retained for legal and tax compliance (typically 7 years)
- Aggregated, anonymized data may be retained for analytics
7.4 Opt-Out
You can opt out of marketing communications and adjust notification preferences in your account settings or by replying STOP to SMS messages.
7.5 California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:
- Right to know what personal information we collect and how we use it
- Right to delete your personal information
- Right to opt-out of the sale of personal information (we do not sell your information)
- Right to non-discrimination for exercising your privacy rights
To exercise these rights, contact us at support@dday.io.
8. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:
- Active Accounts: Retained while your account is active and for 30 days after deletion
- Event Data: Retained until event completion plus 90 days, or until you delete them
- Transaction Records: Retained for 7 years for tax and legal compliance
- Security Logs: Retained for 90 days for security and fraud prevention
- Anonymized Data: May be retained indefinitely for analytics and service improvement
9. Children's Privacy
DDay is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@dday.io. We will take steps to delete such information from our systems.
10. International Data Transfers
Our Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States where our servers and service providers are located. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies:
- Essential Cookies: Required for authentication, security, and basic Service functionality
- Preference Cookies: Remember your settings, language, and theme preferences
- Analytics Cookies: Help us understand how users interact with our Service (Google Analytics, PostHog)
You can control cookies through your browser settings, but disabling certain cookies may limit Service functionality.
For detailed information about specific cookies we use, see our Cookie Policy.
12. Third-Party Links and Services
Our Service may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
- Posting the updated policy on this page with a new "Effective Date"
- Sending you an email or in-app notification
- Requiring you to accept the updated policy before continuing to use the Service
Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
DDay
Email: support@dday.io
We will respond to your inquiry within 30 days.