Privacy Policy
Effective: 1 January 2026
Last updated: June 2026
We handle the logistics so you can handle the moment. This policy explains what data we collect, how we use it, and how you stay in control, specifically in connection with our WhatsApp Business messaging feature.
Contents
- Who we are
- Data we collect
- How we use your data
- WhatsApp & Meta
- Third-party sharing
- Your rights & opt-out
- Data retention
- Security
- Contact us
Section 01 — Who we are
Dear My Love ("DML", "we", "our") provides digital invitation and event-planning infrastructure for couples, hosts, and event professionals. We are the data controller for personal data processed through our platform.
Our WhatsApp Business feature lets you send RSVPs, invitations, and event updates directly to your guests via the WhatsApp Business Cloud API ("WA Cloud API"), operated by Meta Platforms Ireland Ltd.
Section 02 — Data we collect
When you or your guests interact with DML — including through WhatsApp — we may collect:
- Phone numbers
- Guest names
- Email addresses
- RSVP responses
- Event details
- Message interactions
- Seating preferences
- Device & usage signals
We collect this data when you register an account, create an event, import a guest list, or when guests respond to a DML-powered invitation via any channel including WhatsApp.
Section 03 — How we use your data
We use guest and organiser data to:
- Deliver digital invitations, RSVP links, and event updates via WhatsApp, email, or in-app notifications
- Provide organiser tools — summary views, bulk send, seating arrangements, and check-in systems
- Process and display RSVP responses within your planning hub (RSVP Summary)
- Generate QR-code check-in passes and day-of communication
- Improve platform reliability, debug issues, and develop new features
- Comply with legal obligations and respond to lawful requests
We do not use guest data for unrelated marketing without explicit consent. We will only use the WhatsApp Business Cloud API to do activities related to DML's business scope and should not be used otherwise. All 1-to-many WhatsApp sends are subject to DML's internal message approval process before delivery.
Section 04 — WhatsApp & Meta: how it works
Our one-to-many WhatsApp send feature is powered by the Meta WhatsApp Business Cloud API. Here is what that means for your data:
- Meta as processor. When messages are sent through the WA Cloud API, Meta acts as a data processor on our behalf. Meta processes message data only at our explicit instruction and does not use your content for its own advertising purposes.
- Message retention on Meta servers. To operate the platform, Meta temporarily stores message data on its infrastructure for a maximum of 30 days before purging. After delivery, message content is not retained by Meta beyond this window.
- No ad targeting from message content. Meta does not automatically scan the content of business WhatsApp messages to target you or your guests with personalised advertising on Meta platforms.
- End-to-end encryption. Messages are transmitted using the Signal Protocol. Once DML decrypts a message, we are responsible for securing that data in line with applicable law, including GDPR where relevant.
- For full details, see Meta's Business Data Processing Terms.
Section 05 — Third-party sharing
We share personal data only with:
- Meta Platforms Ireland Ltd. — to deliver WhatsApp messages on your behalf (as detailed above)
- Cloud infrastructure providers — for secure storage and processing (e.g. AWS, Google Cloud), under data processing agreements
- Analytics tools — aggregated, anonymised usage data only; no individual guest profiles (e.g. Google Analytics)
- Legal authorities — where required by applicable law or court order
We do not sell personal data. We do not share data with advertisers.
Section 06 — Your rights & how to opt out
You — and any guest who interacts with a DML-powered invitation — have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your data (subject to legal retention requirements)
- Withdraw consent for WhatsApp communications at any time by contacting us directly at dearmylove.invitation@gmail.com
- Port your data in a machine-readable format
- Object to certain processing activities
Guests who withdraw their consent will be immediately removed from further DML WhatsApp sends. Organisers can also remove guests from send lists at any time via the planning hub.
To exercise any of these rights, contact us at the details in Section 09.
Section 07 — Data retention
We retain event and guest data for as long as your account remains active or as needed to provide our service. After account closure:
- Guest contact data is deleted within 90 days, unless a legal obligation requires longer retention
- Anonymised, aggregated analytics data may be retained indefinitely
- Message logs transmitted via the WA Cloud API are purged from Meta's servers within 30 days of send
You may request earlier deletion at any time. After account closure, your digital invitation will be disabled and your account can no longer be accessed.
Section 08 — Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse — including encrypted storage, access controls, and regular security reviews. WhatsApp messages in transit are protected by the Signal Protocol.
No system is perfectly secure. If we become aware of a breach that may affect your rights, we will notify you in line with applicable law.
Section 09 — Contact us
Questions about this policy or your data? Reach us directly.
Email: dearmylove.invitation@gmail.com
Company: PT Kepada yang Paling Tercinta
Response time: Within 30 days
Governing law:
- Indonesia: UU PDP 2022
- UK: UK GDPR
- EU: GDPR
- US: We comply with applicable state privacy laws including CCPA where applicable
We may update this policy from time to time. Material changes will be notified via email or in-app notice. Continued use of DML after notice constitutes acceptance.