Privacy Policy

This policy explains what Invitations (“Invitations,” “we,” “us”) collects from the people who use it, how we use that information, and the choices you have. It covers the site at invitations.ajmalaksar.com and every invitation page we host on your behalf.

We're a small, independent product — read it once, then reach out if anything is unclear.

Who this policy is about

• Hosts. People who create an account, build an invitation, and send it to guests. Hosts sign in and control the data.
• Invitees. People who receive a personalized invitation link from a host. Invitees do not sign up — their details come from the host.

What we collect

When you sign up as a host

• Account identity — name, email address, phone number, sign-in provider (e.g. Google). Managed by Clerk, our authentication provider.
• Usage metadata — timestamps of sign-in, which invitations you own, and which actions you take (publishing, CSV exports, co-host invites).

When you add invitees

Invitations are built around real guest lists. As a host, you enter the following about each invitee:

• Name (required)
• Relationship to the couple (optional)
• Phone number (optional)
• Host-only notes (optional)
• Which events they can see

Hosts are responsiblefor having the invitees' consent to include their names and phone numbers in the invitation. See the Terms of Service for the exact responsibilities.

When invitees open or respond to an invitation

• RSVP data— their “Yes” or “No” per event, number of adults / children / infants, and optional names of people accompanying them.
• Open events— we log when a link is first opened so the host can see “seen by” timestamps. Limited to one log per invitee per 10 minutes.
• Network metadata— we compute a one-way hash of the visitor's IP address to rate-limit page opens (abuse protection). We do not store raw IP addresses.

What we don't collect

• We don't sell personal data. We never will.
• We don't use advertising trackers, remarketing pixels, or cross-site advertising networks. The site has no ads.
• We don't record phone calls, messages, or anything outside of the application itself.
• We don't collect payment details yet. When we add payments we will update this policy.

Why we collect it (our lawful basis)

We process the data above to perform the service you signed up for — creating and running your invitation. Specifically:

• Authenticating you as a host
• Showing invitees the invitation you designed for them
• Recording their RSVPs so you can plan catering
• Preventing spam and abuse
• Operating the service reliably

Who else sees the data (processors)

We use a small number of trusted vendors to actually run the service. Each of them has their own privacy policy and signs a data processing agreement with us.

• Clerk — authentication + user identity. clerk.com/legal/privacy
• Convex — application database + backend. convex.dev/legal/privacy
• Vercel — hosting and content delivery. vercel.com/legal/privacy-policy
• Google Maps Platform— embedded maps for venues only. Google receives the venue address you provide plus the invitee's browser request headers when the map loads.
• Microsoft Clarity — behavioural product analytics (heatmaps and session replays) to understand how visitors use the site. Only loads after a visitor accepts the cookie banner. Sensitive fields (invitee names, phone numbers, RSVP responses, co-host emails) are masked before recording and are never transmitted. See the Microsoft Privacy Statement.

We do not share data with anyone else — no marketing networks, no data brokers, no resellers.

Where the data lives

Clerk, Convex, and Vercel currently store data in data centers in the United States. If you're outside the US (including the EU / EEA and India), your data will be transferred to the US and processed under the standard terms of each provider. We review vendor security and transfer safeguards before onboarding new processors.

How long we keep it

• Live invitations — kept for as long as the host keeps the invitation.
• Auto-archive — 90 days after the last event on an invitation, we automatically archive it. Archived invitations are read-only and hidden from invitees but still visible to the host.
• Deletion — a host can permanently delete an invitation at any time from Settings → Danger zone. This cascades through every event, invitee, RSVP, and activity log entry within seconds.
• Account closure — email support@ajmalaksar.com with the address on your Clerk account and we will delete your account and any associated invitations within 30 days.
• Backups — our providers take short-term backups. Deleted data may persist in those backups for up to 30 days before being fully purged.

Your rights

Under the DPDP Act, GDPR, and most other modern privacy regimes, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data — hosts can edit directly; invitees can email us
• Delete your data (see above)
• Export your data — the dashboard has a “Download JSON” button under Settings; we can also fulfil email requests
• Object to or restrict processing
• Withdraw consent — for invitees this means emailing the host (or us, and we'll forward)
• Lodge a complaint with a data protection authority

Security

• All traffic is served over HTTPS. Invitee links use a 12-character opaque nanoid — unguessable, never sequential.
• Only hosts (and co-hosts they invite) can see invitee lists, RSVPs, and host notes. We use Convex access-control rules to enforce this server-side.
• RSVP writes and page opens are rate-limited to prevent scraping or automated abuse.
• We never see your password — Clerk handles authentication. Enable phone OTP for stronger sign-in security.

Children

Invitations is intended for adults (18+). We don't knowingly collect personal data from children. If you believe a child has been added to an invitation without guardian consent, email us and we'll remove them.

Cookies and similar technologies

We use cookies in two categories: strictly necessary ones that the product can't run without, and an optional analytics group that only loads after you accept the cookie banner.

Strictly necessary

• Clerk session cookies that keep hosts signed in (secure, HTTP-only).
• Convex connection cookies for real-time subscriptions on the dashboard.
• A small localStorage entry (invitations.consent.v1) that remembers your cookie-banner decision so we don't re-ask on every page.

Optional — product analytics (Microsoft Clarity)

We partner with Microsoft Clarity to capture how visitors use and interact with the site through behavioural metrics, heatmaps, and session replay. This helps us identify confusing flows, dead clicks, and layout issues before they become bugs. Data is captured using first- and third-party cookies set by Clarity — the common ones are_clck, _clsk, and MUID.

We instruct Clarity to mask sensitive fields before they leave the browser— invitee names, phone numbers, co-host emails, RSVP responses, and the “who's coming” attendee lists. These render as *** in any recording. Microsoft receives the masked signal alongside standard session metadata (pages visited, clicks, scrolls, browser, country).

Clarity does not load until you accept the banner shown on first visit. Decline and no analytics cookies are set. You can change your mind later — clear your browser's site data for this domain and the banner reappears. For more on how Microsoft uses the data, see the Microsoft Privacy Statement.

Changes to this policy

We may update this policy as the product evolves — for example when we introduce payments or a new template feature that collects new data. Material changes will be emailed to signed-up hosts at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.

Contact

Ajmal Aksar
Kerala, India
support@ajmalaksar.com

For any privacy or data-protection question, email the address above with “Privacy” in the subject line. We aim to respond within 7 days.

See also: Terms of Service.