Legal

Privacy Policy.

How we collect, use, and protect the information you trust us with. Written in plain English, because we'd like you to actually read it.

Effective dateJanuary 14, 2026 Last updatedMay 14, 2026 Version2.1

01 Overview

Ceremono, Inc. ("Ceremono", "we", "us", or "our") operates an event-planning platform, a vendor marketplace, and a print & gifts shop. This policy explains what personal information we collect when you use our services at ceremono.com and what we do with it.

The short version We collect what we need to run the platform, marketplace, and shop. We don't sell personal data. We share information only with vendors you contact, payment processors, and service providers that help us operate. You can request a copy or deletion of your data at any time.

This policy applies to everyone who uses Ceremono — couples and event hosts planning events, vendors listing services, and customers buying from the shop.

02 Information we collect

We collect three categories of information.

Information you give us

  • Account data — name, email, password, phone number, profile photo, business name (for vendors).
  • Event & guest data — event details you enter, your guest list, RSVP responses your guests submit, seating plans, meal preferences.
  • Booking data — quote requests sent to vendors, messages, contracts, event dates.
  • Order data — shipping addresses, order contents, gift messages (for the shop).
  • Payment data — we don't store full card numbers. Stripe processes payments and holds card details; we keep a token and the last four digits.
  • Communications — messages you send to vendors through the platform, customer support tickets, survey responses.

Information we collect automatically

  • Usage data — pages viewed, features used, time spent, click events, search queries.
  • Device data — browser type, OS, screen size, IP address, approximate location (city-level).
  • Cookies & storage — small files stored in your browser to keep you logged in, remember preferences, and measure performance.

Information from third parties

  • Sign-in providers — if you sign in with Google or Apple, we receive your name, email, and profile photo.
  • Payment processors — Stripe shares verification status and limited transaction metadata.

03 How we use it

We use your information for a handful of clearly-defined purposes:

  • To provide the service — host your account, deliver your invitations, process bookings, ship your orders, route messages between you and vendors.
  • To process payments — charge cards, hold deposits in escrow, release payouts to vendors.
  • To improve the product — understand which features get used, fix bugs, design new functionality.
  • To communicate with you — confirmations, reminders, account notifications, occasional product news (you can opt out of marketing emails at any time).
  • To prevent fraud & abuse — detect suspicious activity, enforce our terms, comply with legal obligations.

We do not use your information to target advertising on third-party platforms, and we do not sell personal data.

04 When we share

Personal information leaves Ceremono only in these specific cases:

  • With vendors you contact — when you request a quote, the vendor receives your name, event details, and the message you sent. They cannot see your other bookings or messages with other vendors.
  • With service providers we trust — Stripe (payments), Postmark (transactional email), AWS (hosting), Cloudflare (security & CDN). Each is bound by strict data-processing agreements.
  • With print & fulfillment partners — shipping carriers (USPS, UPS) get your shipping address; our New Jersey print studio handles your order details.
  • For legal reasons — if compelled by lawful subpoena, court order, or to investigate fraud against the platform.
  • In a business transfer — if Ceremono is acquired or merged, your data transfers with the company under the same protections.

We never sell or rent personal information to advertisers, data brokers, or third parties for marketing.

05 Cookies & tracking

We use a small number of cookies and similar technologies. Each falls into one of three buckets:

Essential
Keep you logged in, remember your cart, secure forms against fraud. These cannot be disabled.
Preferences
Remember your theme (light/dark), language, and recent searches.
Analytics
Anonymized usage data to help us improve the product. We use Plausible (cookieless) — no cross-site tracking.

We do not use third-party advertising cookies. You can clear cookies anytime in your browser settings; essential cookies will rebuild when you return.

06 Vendor data

If you list your business on Ceremono as a vendor, additional information is collected and handled specially:

  • Business information — business name, service category, portfolio images, services and prices, service area. This is shown publicly on your profile.
  • Verification documents — business license number or insurance documentation, used internally for our approval review. Not shown publicly.
  • Payout details — bank account information for ACH payouts. Held by Stripe Connect; we see only the last four digits.
  • Booking & review data — list of bookings made through Ceremono, average rating, reviews from past clients.

Vendors can request edits, hide their profile, or close their account at any time from the vendor dashboard. Closed accounts are retained for 7 years for tax and audit purposes, then permanently deleted.

07 Your rights

Depending on where you live, you have some or all of these rights over your data:

  • Access — request a copy of personal information we hold about you.
  • Correction — fix anything inaccurate or out of date.
  • Deletion — ask us to permanently delete your account and data (subject to legal retention requirements).
  • Portability — get an export of your data in a machine-readable format (JSON or CSV).
  • Opt-out — unsubscribe from marketing emails, restrict processing, or object to specific uses.
  • Complain — lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@ceremono.com from the address on your account, or use the export and delete tools inside Settings → Account. We respond within 30 days.

Residents of California have additional rights under the CCPA, and residents of the EU/UK have rights under the GDPR. We honor both.

08 Security

We take security seriously and use industry-standard protections:

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Passwords are hashed with bcrypt — we cannot see your password.
  • Two-factor authentication is available for all accounts.
  • Access to production systems is limited to a small engineering team and audited.
  • We run quarterly penetration tests through an independent security firm.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you within 72 hours.

09 Data retention

We keep your information only as long as we need it:

  • Account data — for the life of your account, then 30 days after deletion.
  • Booking & transaction records — 7 years (required by tax and accounting regulations).
  • Marketing data — until you unsubscribe.
  • Server logs — 90 days.
  • Backups — 35 days rolling.

10 International transfers

Our servers are located in the United States (AWS us-east-1). If you access Ceremono from outside the US, your information will be transferred to and processed in the US.

For users in the European Economic Area, United Kingdom, and Switzerland, we rely on Standard Contractual Clauses approved by the European Commission to lawfully transfer data.

11 Children's privacy

Ceremono is built for adults planning events. We do not knowingly collect personal information from anyone under 16. If we learn we have collected information from a child under 16 without parental consent, we will delete it. If you believe a child has provided us with information, please contact privacy@ceremono.com.

12 Changes to this policy

We update this policy when our practices change or when laws change. The Effective date and Version at the top show when. For material changes, we'll email registered users at least 30 days before the new policy takes effect and post a notice on the platform.

Continued use of Ceremono after the effective date means you accept the updated policy. If you don't agree, you can delete your account before then.

13 Contact us

For any questions about this policy or to exercise your rights, reach out — we read every message.

Email privacy@ceremono.com
Mail Ceremono, Inc.
Attn: Privacy Officer
221 Edison Way, Suite 4
Edison, NJ 08820, United States
Data Protection Officer dpo@ceremono.com
EU representative EuroRep Compliance B.V.
Keizersgracht 555, 1017 DR Amsterdam