Privacy Policy

Last updated: May 31, 2026

Our Commitment: Your wedding is personal, and so is your data. We collect only what we need to provide our service, we never sell your information, and we give you full control over your data. This policy explains exactly what we collect, why, and how you can manage it.

1. Introduction

Nozari ("we," "our," or "us") operates the Nozari mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This Privacy Policy applies to all users of the Service, including couples (account administrators), wedding party members, and any other individuals who interact with our platform.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when creating an account or using the Service:

  • Account Information: Name, email address, phone number (optional), profile photo (optional)
  • Wedding Information: Wedding date, venue details, wedding party member names, partner names
  • User Content: Photos, videos, documents, mood boards, and other content you upload
  • Financial Information: Budget categories, expense amounts, vendor pricing (stored within the app; payment card details are processed by Stripe and never stored on our servers)
  • Guest Information: Names, email addresses, RSVP status, dietary preferences of wedding guests you add
  • Communications: Messages you send to us via email or support channels

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

  • Device Information: Device type, operating system, unique device identifiers, browser type
  • Usage Data: Features used, time spent in app, screens viewed, actions taken
  • Log Data: IP address, access times, error logs, referring URLs
  • Location Data: General geographic location based on IP address (we do not collect precise GPS location)

2.3 Information from Third Parties

We may receive information from third-party services:

  • Authentication Providers: If you sign in using Google or Apple, we receive your name, email, and profile photo from these services
  • Payment Processor: Stripe provides us with transaction status and limited payment information (not full card numbers)

3. How We Use Your Information

We use the collected information to:

  • Provide the Service: Create and manage your account, enable wedding coordination features, store and display your content
  • Process Payments: Handle subscription payments and in-app purchases
  • Communicate with You: Send service-related notifications, respond to support requests, provide updates about your wedding events
  • Improve the Service: Analyze usage patterns, identify bugs, develop new features
  • Ensure Security: Detect and prevent fraud, unauthorized access, and other illegal activities
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes

What We Do NOT Do:

  • We do NOT sell your personal information to third parties
  • We do NOT use your photos for advertising without explicit consent
  • We do NOT share your guest list with vendors or marketers
  • We do NOT track your location outside of the app

4. How We Share Your Information

We share your information only in the following limited circumstances:

4.1 With Your Wedding Party

Content you share in the Service is visible to other members of your wedding space based on the visibility settings you choose. Side-specific content (e.g., "Bride's Side Only") is only visible to members of that side and the couple.

4.2 With Service Providers

We share information with third-party vendors who perform services on our behalf:

  • Stripe: Payment processing
  • Firebase (Google): Authentication and push notifications
  • Supabase: Database and file storage
  • Sentry: Error monitoring and performance diagnostics (anonymized — no personal information is sent)
  • Google Analytics & Microsoft Clarity: Anonymized usage analytics, only when you've given consent via the cookie banner

These providers are contractually obligated to protect your information and use it only for the specific services they provide to us.

4.3 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoenas, court orders)
  • Government requests that meet applicable legal standards
  • Protection of our rights, privacy, safety, or property
  • Emergency situations involving potential harm to individuals

4.4 Business Transfers

If Nozari is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the app before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your information as follows:

  • Active Accounts: Data is retained for the duration of your subscription plus 30 days
  • Expired Subscriptions: Data is preserved in read-only mode for 30 days after expiration, then permanently deleted
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion request
  • Backup Copies: Backups are retained for up to 90 days for disaster recovery purposes, then permanently deleted
  • Legal Requirements: Some data may be retained longer if required by law (e.g., financial records for tax purposes)

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict access controls limit who can access your data within our organization
  • Secure Infrastructure: We use enterprise-grade cloud infrastructure with SOC 2 compliance
  • Regular Audits: We conduct regular security assessments and vulnerability testing
  • Payment Security: We are PCI-DSS compliant through our use of Stripe for payment processing

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Cookies & Tracking

We use cookies and similar technologies to improve your experience and understand how our service is used. We always ask for your consent before using analytics tools.

7.1 What We Use

  • Google Analytics 4: Anonymous usage statistics to understand which features are most helpful and where people encounter issues
  • Microsoft Clarity: Session recordings and heatmaps (with personal information automatically masked) to see how people navigate the site and identify usability improvements
  • Essential Cookies: Required for sign-in, your wedding data security, and basic site functionality (always enabled)

7.2 Your Control

You can manage your cookie preferences anytime by clicking "Cookie Preferences" in the footer. We'll re-ask for your permission every 12 months to ensure you're still comfortable with your choices. We never sell your data or use it for advertising.

7.3 Error Monitoring (Operational, Not Analytics)

Separate from the analytics described above, we use Sentry for error monitoring — when something crashes or breaks, your browser sends us a diagnostic report so we can fix it. This is operational data, not analytics, and is required to keep the service running safely.

What's sent: the URL where the error happened, browser version, operating system, and a stack trace. We strip personal information (cookies, authorization headers) before sending, and your IP address is not stored. We never identify you personally in error reports.

Legal basis (GDPR): legitimate interest in maintaining service quality and security. This is consistent with Article 6(1)(f) and aligns with guidance from the European Data Protection Board. Because error monitoring is essential to the Service, it is not gated behind the cookie consent banner.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You can download a complete copy of your personal data through Settings > Privacy & Your Data > Export My Data. The download is a ZIP file containing JSON data dumps and a manifest of your uploaded media. Available once per 24 hours per account.

If you have questions about your data or need help with an export, contact privacy@nozari.app.

8.2 Correction

You can update your account information directly in the app. For other corrections, contact privacy@nozari.app.

8.3 Deletion

You can delete your account through Settings > Privacy & Your Data > Delete Account on either the mobile app or the website. Account deletion removes all your personal data from our systems within 30 days. Note that:

  • If you are an admin, this will delete the entire wedding space and affect all party members
  • Content you shared may have been saved by other users
  • Some information may be retained for legal or legitimate business purposes

8.4 Opt-Out of Communications

You can manage notification preferences in the app's Settings. You cannot opt out of essential service communications (e.g., security alerts, billing notifications).

8.5 Identity Verification

To protect against unauthorized data requests, we verify identity before fulfilling export or deletion requests. Self-serve requests made from the app or website require an authenticated, signed-in session — only the account owner can request their own data.

For requests made via email (privacy@nozari.app), we will ask you to verify identity by confirming the request from the email address associated with your account and by providing account details only the account owner would know (e.g., wedding date, party member names, approximate signup date). We will not act on requests from any email address that does not match an account on file.

We log all data export and deletion requests with timestamp and source. When an account is deleted, we send a confirmation email to the account holder's address as a security notification. If you receive a deletion confirmation you did not initiate, contact privacy@nozari.app immediately — we retain backups for 90 days and may be able to restore the account.

8.6 Do Not Track

Our Service does not currently respond to "Do Not Track" signals. We do not track you across third-party websites.

9. Children's Privacy

The Service is not intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws different from your country.

When we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to protect your information.

11. Regional Privacy Rights

11.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

To exercise these rights, use the self-serve tools in Settings > Privacy & Your Data or contact privacy@nozari.app. We will respond within 45 days as required by CCPA.

11.2 European Economic Area Residents (GDPR)

If you are in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your data based on: (a) your consent, (b) performance of our contract with you, (c) compliance with legal obligations, and (d) our legitimate interests in operating and improving the Service.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top of this policy
  • Sending you an email notification for material changes (if you have an account)

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

We will respond to your request within 30 days, or sooner as required by applicable law.

↑ Back to top