invytly

Privacy Notice for the Invytly Platform (Customers)

Last updated: January 12, 2026

1. Scope of Application

This Privacy Policy applies exclusively to Customers of the Invytly web application (the “Platform”), namely professionals or legal entities using the Platform for event management purposes.

This Privacy Policy does not apply to the personal data of event guests, which are governed by separate privacy notices provided by the Customer acting as Data Controller.

2. Data Controller

Damiano Carradori
Via Antonio Milani, 19 – 37124 Verona (Italy)
Email: privacy@invytly.com

3. Categories of Personal Data Processed

a) Customer account data

For the creation and management of the Customer account, the Provider processes:

  • email address
  • password (stored and processed exclusively in encrypted form)
  • any additional identification data associated with the account

Authentication services are provided through Firebase Authentication.

b) Authorized Users and collaborators

The Customer may invite Authorized Users (e.g. staff members or members of the couple) to access specific Projects with limited permissions.

In such cases, the Provider processes the data necessary to manage access (e.g. email address).

c) Data entered by the Customer during use of the Platform

While using the Platform, the Customer may enter data related to managed events, including:

  • names of the couple
  • names and contact details of guests
  • messages and content intended for guests
  • images or other files attached to communications

Such data may include personal data of third parties and is processed in accordance with Section 6 below.

d) Technical and usage data

The Provider may process technical and usage data such as:

  • IP address
  • access logs
  • browser, device, and operating system information
  • date and time of actions performed on the Platform

This data is processed exclusively for security, operational, and maintenance purposes.

4. Purposes of Processing

Personal data is processed for the following purposes:

  • provision and management of the Invytly Platform
  • creation and administration of Customer accounts
  • enabling collaboration between Authorized Users within Projects
  • sending service-related communications (e.g. registration confirmations, collaboration invitations)
  • ensuring Platform security, stability, and abuse prevention
  • compliance with legal obligations
  • protection of the Provider’s rights in the event of misuse or unlawful activity

5. Legal Basis for Processing

Processing of personal data is based on:

  • performance of a contract
    (Article 6(1)(b) GDPR), for the provision of the Platform
  • legitimate interest of the Provider
    (Article 6(1)(f) GDPR), in ensuring security and preventing abuse
  • compliance with legal obligations, where applicable
    (Article 6(1)(c) GDPR)

Customer consent is not required.

6. Personal Data of Event Guests

GDPR roles

With regard to the personal data of event guests entered by the Customer into Projects:

  • the Customer acts as Data Controller
  • the Provider acts as Data Processor, processing such data solely on behalf of and according to the documented instructions of the Customer

Customer responsibilities

Use of the Platform for communications with event guests is subject to the Customer’s acceptance of a specific Guest Contact Data Usage Notice, which must be approved by the Customer upon creation of each Project.

By accepting such notice, the Customer declares, inter alia, that they:

  • have lawfully collected the guests’ personal data
  • have informed the data subjects that event-related communications may be sent, including via email and WhatsApp
  • have obtained valid consent where required
  • assume full responsibility in the event of complaints or claims by data subjects

The Provider does not verify the existence or validity of the consent declared by the Customer.

7. Communications

The Provider uses third-party services to deliver communications, including:

  • SendGrid for transactional email delivery
  • WhatsApp Business API for guest communications, processed strictly on the Customer’s instructions

The Provider does not use personal data for its own marketing purposes.

8. Data Recipients and Service Providers

Personal data may be processed by third-party service providers appointed as Data Processors, including:

  • Google LLC / Firebase (authentication, infrastructure, security services)
  • SendGrid Inc. (email delivery services)
  • Meta Platforms Inc. (WhatsApp Business API services)
  • hosting and cloud storage providers

Personal data is not disclosed to the public.

9. Transfers Outside the European Union

Some service providers may be located outside the European Union. In such cases, personal data transfers are carried out in compliance with the GDPR through appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

10. Data Retention

  • Customer account data is retained for the duration of the contractual relationship.
  • Project-related data (including images and communications) is deleted upon Project closure or deletion.
  • Upon request for account deletion, all personal data is permanently erased, except where retention is required by applicable law.

11. Customer Rights

Customers may exercise their rights under Articles 15–22 of the GDPR (including access, rectification, erasure, restriction, objection, and data portability) by contacting:
privacy@invytly.com

Customers also have the right to lodge a complaint with the competent Data Protection Authority.

12. Technologies used (cookies and similar tools)

For information on the use of cookies and technically equivalent technologies within the Admin Area of the Invytly platform, please refer to the Cookie Notice for the Invytly Platform, which should be read together with this Privacy Policy.

13. Amendments to this Privacy Policy

The Provider reserves the right to amend this Privacy Policy. Any changes will be communicated to Customers by email and published within the Platform.