Privacy Policy

Data Controller

VeloLabs (WedLab) is the data controller for the personal data processed through this service. If you have any questions about how we handle your data, contact us at kristoffer@velolabs.no.

Data We Collect

We collect the following categories of personal data:

• Account information: name, email address, and password (hashed)
• Wedding data: event details, timelines, team members, and guest information you provide
• Usage data: how you interact with WedLab, collected via PostHog analytics
• Payment data: processed securely by Stripe. We do not store your card details.
• AI interactions: conversations with our AI wedding planner, processed by Anthropic
• Email data: transactional emails sent via Resend

How We Use Your Data

We process your personal data for the following purposes:

• Providing and improving the WedLab service
• Sending transactional emails (invitations, notifications, magic links)
• Processing payments and managing subscriptions
• Powering AI features to help you plan your wedding
• Understanding how our service is used to improve it
• Complying with legal obligations

Legal Basis for Processing

We process your data based on the following legal grounds:

• Contract: processing necessary to provide the service you signed up for
• Consent: for optional features like analytics cookies and marketing emails
• Legitimate interest: for service improvement and security
• Legal obligation: for tax and accounting requirements

Third-Party Processors

We use the following third-party services to operate WedLab:

• Stripe — Payment processing (USA)
• PostHog — Product analytics (EU/USA)
• Vercel — Hosting and infrastructure (USA)
• Resend — Transactional email (USA)
• Anthropic — AI processing (USA)
• Neon — Database hosting (USA)

International Data Transfers

Some of our third-party processors are based in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and other appropriate safeguards as required by GDPR.

Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes (such as tax records, which are kept for 5 years).

Your Rights

Under GDPR, you have the following rights:

• Right of access: request a copy of your personal data
• Right to rectification: correct inaccurate data
• Right to erasure: request deletion of your data
• Right to data portability: receive your data in a machine-readable format
• Right to restrict processing: limit how we use your data
• Right to object: object to processing based on legitimate interest
• Right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no

Cookies

WedLab uses essential cookies for authentication and session management. We also use analytics cookies (PostHog) with your consent. You can manage your cookie preferences through the consent banner shown when you first visit our site.

Children's Privacy

WedLab is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

For any privacy-related questions or to exercise your rights, contact us at: