Privacy Policy
This is an English translation for your convenience. The German version is legally binding.
1. Privacy at a Glance
General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy set out below.
2. Data Controller
3. What Data Do We Collect?
3.1 Upon Registration
- Name and email address
- Password (stored encrypted)
- Time of registration
3.2 When Using Our Service
- Uploaded photos and images
- Name of the uploader (for guests)
- Time of upload
- IP address (for abuse prevention, e.g. rate limiting, and in server logs)
3.3 Automatically Collected Data
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing device
- Time of the server request
4. Purpose of Data Processing
We process your data for the following purposes:
- Providing our online wedding album service
- User account management
- Payment processing via Stripe
- Sending transactional and invitation emails (e.g. registration, password reset, RSVP invitations)
- Technical security, error diagnostics and operations
- Customer support
5. Legal Basis
The processing of your data is based on:
- Art. 6(1)(a) GDPR: Consent (e.g. upon registration)
- Art. 6(1)(b) GDPR: Performance of a contract (providing the service)
- Art. 6(1)(f) GDPR: Legitimate interest (security, operations)
6. Cookies
Our website uses cookies. Cookies are small text files that are stored on your device. We use:
- Necessary cookies: for the functionality of the website (login, session)
- Preference cookies: to store your settings
You can configure your browser to notify you when cookies are set and to only allow them on a case-by-case basis.
7. Third Parties and External Services
7.1 Stripe (Payment Processing)
We use Stripe to process payments. When you make a payment, your payment data is transmitted directly to Stripe. Stripe's privacy policy is available at: https://stripe.com/privacy
7.2 Resend (Email Delivery)
We use the service Resend (Resend, Inc., USA) to send transactional emails (e.g. registration confirmation, password reset, expiration reminders) as well as RSVP invitation emails to wedding guests. This involves transmitting the names and email addresses of users and — in the case of RSVP invitations — of guests to Resend. Transfer to the USA takes place on the basis of appropriate safeguards pursuant to Art. 46 GDPR (EU Standard Contractual Clauses). The legal basis is Art. 6(1)(b) GDPR (performance of a contract) and/or Art. 6(1)(f) GDPR. Resend's privacy policy: https://resend.com/legal/privacy-policy
7.3 Google (Sign in with Google)
You can optionally sign in using your Google account ("Sign in with Google", Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In doing so, we receive your name, email address, and possibly your profile picture from Google. Use is voluntary; the legal basis is Art. 6(1)(b) GDPR. Google's privacy policy: https://policies.google.com/privacy
7.4 Sentry (Error Diagnostics)
To detect and fix technical errors, we use the service Sentry (Functional Software, Inc.) on the server side. In the event of errors, technical data such as error messages, browser and device information, and the IP address may be processed. We use Sentry with EU data hosting (processing on servers within the European Union). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in stable and secure operation). Sentry's privacy policy: https://sentry.io/privacy/
7.5 Hosting and Storage
Your uploaded photos are stored on our own servers in Germany and are subject to the GDPR.
8. Retention Period
- Account data: For as long as your account exists. You may have your account deleted at any time in your account settings or by emailing us.
- Photos: 12 months from the creation of the album
- Server logs: Stored as part of technical operations and deleted regularly
- Payment data: Pursuant to statutory retention periods (10 years)
9. Your Rights
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, please contact us at: kontakt@knipsglueck.de
10. Data Security
We employ technical and organizational security measures:
- SSL/TLS encryption for all data transfers
- Encrypted storage of passwords
- Regular security updates
- Access controls and authentication
- Regular backups
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The competent authority is:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
P.O. Box 30 40
55020 Mainz, Germany
12. Changes to This Privacy Policy
We reserve the right to amend this privacy policy to reflect changes in the law or in our service and data processing. The current version is always available on this page.
Last updated: June 11, 2026