Privacy Policy
This policy explains what personal data The Guest Take collects, why we collect it, and the rights you have over it.
Last updated · 7 July 2026
The Guest Take ("we", "us", "our") is the data controller for personal data processed through theguesttake.com and related services. We are based in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who this applies to
- Couples who purchase or trial a package.
- Guests who upload photos or videos to a wedding page.
- Venue partners enquiring about a partnership.
- Visitors to our marketing site.
2. Personal data we collect
From couples
- Name, email address, wedding date, venue and partner details.
- Account credentials and preferences.
- Order, invoice and payment records (payment card data is handled by our payment processor and never stored by us).
- Support messages, revision requests and other communications.
From guests
- Photos and videos you choose to upload.
- Optional name or message attached to an upload.
- Basic device and network metadata (IP address, browser type) for security and abuse prevention only.
Automatically
- Cookies and similar technologies strictly necessary to run the service (see our Cookie Policy).
- Aggregated, non-identifying usage analytics.
3. How we use personal data
- To deliver the service the couple has purchased (contract, Art. 6(1)(b)).
- To send transactional emails — link-live notices, delivery notices, revision replies and receipts (contract).
- To operate, secure and improve the service (legitimate interests, Art. 6(1)(f)).
- To comply with legal and accounting obligations (Art. 6(1)(c)).
- To send occasional service updates. Marketing emails are only sent with consent and can be unsubscribed from at any time.
4. Guest uploads and consent
Guests upload media voluntarily using a link or QR code shared by the couple. By uploading, guests grant the couple a licence to use the media for their personal, non-commercial wedding archive. The couple is responsible for making guests aware of this policy at the venue.
5. Sharing personal data
We only share data with the sub-processors required to run the service:
- Cloud hosting and database (Lovable Cloud / Supabase, EU region).
- Transactional email delivery (Resend).
- Media upload / gallery provider chosen for each wedding.
- Payment processor for orders (Stripe).
- Analytics — Google Analytics 4 (Google Ireland Ltd) and Microsoft Clarity (Microsoft Ireland Operations Ltd). Loaded only after you grant analytics consent.
We never sell personal data. We only disclose data to public authorities when legally required.
6. International transfers
Our infrastructure is hosted in the EEA/UK where possible. Where a sub-processor transfers data outside the UK, transfers are protected by the UK International Data Transfer Agreement or an adequacy decision.
7. How long we keep data
- Wedding archives and deliverables: kept for the download window agreed with the couple, then deleted within 30 days.
- Account and billing records: kept for up to 7 years to meet UK tax law.
- Support correspondence: 2 years.
8. Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict, port and object to processing of your personal data. To exercise these rights, email contact@theguesttake.com. We will respond within one calendar month. You may also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).
9. Security
We use encryption in transit (TLS 1.2 or above), encryption at rest for stored media and databases, role-based access control, audit logs and regular backups. Access to production data is restricted to named personnel. If you believe you have found a security issue, please report it to contact@theguesttake.com.
10. Changes to this policy
We may update this policy from time to time. Material changes will be emailed to account holders. The "last updated" date at the top reflects the current version.
11. Contact
The Guest Take · United Kingdom · contact@theguesttake.com