Skip to content

Legal

Privacy Policy

Last updated: April 9, 2026

1. Overview

Majori Studio ("we," "us," or "our") operates the website majoristudio.com and provides an online platform for designing digital invitations, managing events, and tracking guest RSVPs. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Austrian and European data protection laws.

2. Data Controller

The data controller responsible for processing your personal data is:

Majori Studio
Email: hello@majoristudio.com

3. Data We Collect

3.1 Account Data

When you create an account, we collect your name, email address, and profile picture via our authentication provider (Clerk). We also store your subscription plan and Stripe customer ID for payment processing.

3.2 Event & Invitation Data

Data you enter when creating events and invitations: event title, date, venue, guest names, email addresses, phone numbers, RSVP responses, dietary preferences, allergies, seating arrangements, and any uploaded images or audio files.

3.3 Guest Data (collected from invitees)

When guests interact with an invitation, we collect: RSVP responses, dietary preferences, allergy information, menu choices, plus-one details, and any notes they provide. We also record page views with anonymized IP address, device type, and approximate location (city/country level).

3.4 Payment Data

Payments are processed by Stripe. We do not store full credit card numbers. We receive and store your Stripe customer ID, payment status, and transaction amounts.

3.5 Usage Data

We collect anonymized analytics data via PostHog, including pages visited, features used, and session duration. Error tracking is handled by Sentry with anonymized data.

4. How We Use Your Data

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Send transactional emails (RSVP confirmations, notifications)
  • Track event analytics (page views, RSVP statistics)
  • Prevent abuse and enforce rate limits
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising or profiling purposes.

5. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance — Processing necessary to provide the services you signed up for (account, events, invitations).
  • Legitimate interest — Analytics and error tracking to improve service quality.
  • Consent — Marketing communications (if any), which you can withdraw at any time.
  • Legal obligation — Tax and accounting records for payment processing.

6. Third-Party Services

We use the following third-party services to operate our platform:

  • Clerk — Authentication and user management (US)
  • Stripe — Payment processing (US/EU)
  • Neon — PostgreSQL database hosting (EU)
  • Vercel — Web hosting and deployment (Global CDN)
  • Uploadthing — File uploads (images, audio)
  • Resend — Transactional email delivery
  • Upstash — Rate limiting (Redis)
  • PostHog — Product analytics (EU)
  • Sentry — Error tracking
  • Anthropic — AI text generation (processed server-side, no personal data sent)

Each provider processes data under their own privacy policies and applicable data processing agreements.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Event data is retained until you delete the event or your account. Payment records are retained for 7 years as required by tax law.

Guest data (RSVP responses, page views) is retained as long as the associated event exists. When an event is deleted, all associated guest data is automatically removed (cascade delete).

8. Your Rights (GDPR)

As a data subject, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure— Request deletion of your data ("right to be forgotten")
  • Restriction — Limit how we process your data
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent

To exercise any of these rights, contact us at hello@majoristudio.com. We will respond within 30 days.

9. Cookies & Tracking

We use essential cookies for authentication (Clerk session cookies) and service functionality. Analytics are collected via PostHog using anonymized identifiers. We do not use advertising or third-party tracking cookies.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including: encrypted connections (TLS/HTTPS), parameterized database queries (no raw SQL), server-side input validation, rate limiting on all sensitive endpoints, and role-based access control.

11. International Data Transfers

Some of our service providers are located outside the EU/EEA. Where data is transferred internationally, we ensure adequate safeguards are in place (Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms) as required by GDPR.

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay, and in any case within 72 hours of becoming aware of the breach, in accordance with GDPR Art. 33 and Art. 34. Notification will be sent to the email address associated with your account and will describe the nature of the breach, the likely consequences, and the measures taken to address it.

15. Contact

For questions about this Privacy Policy or your personal data, contact us at:

hello@majoristudio.com

You also have the right to lodge a complaint with a supervisory authority. For Austria, the competent authority is:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna, Austria
www.dsb.gv.at