Privacy Policy

Last updated: January 2025

1. Introduction

Macheri (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you use our wedding management platform. We comply with the Nigeria Data Protection Act (NDPA) 2023 and applicable international data protection standards.

2. Information We Collect

2a. Information you provide

• Account details: name, email address, phone number.
• Wedding details: dates, venues, guest lists, vendor contacts, budget data.
• Uploaded content: photos, documents, and other files.
• Payment information: processed securely through Paystack/Flutterwave (we do not store card details).

2b. Information collected automatically

• Usage analytics (via PostHog, EU-hosted): page views, feature usage, session data.
• Error reports (via Sentry): crash data, stack traces, device info.
• IP addresses for rate limiting and security.

3. How We Use Your Information

• To provide and improve the Service.
• To send transactional emails (verification, invitations, reminders).
• To power AI-assisted planning features (see Section 3a below).
• To detect fraud and enforce rate limits.
• To generate anonymised, aggregate analytics.

3a. AI-Assisted Features

Macheri uses AI to help with wedding planning, message drafting, and recommendations. We take the following steps to protect your data during AI processing:

• Data minimisation: Only the minimum data needed is shared with AI. Phone numbers, email addresses, exact addresses, and payment details are never sent to AI — they are masked with placeholders before processing.
• No AI training: Your data is never used to train AI models.
• Stateless processing: AI processes each request independently and does not retain your data between sessions.
• Server-side only: All AI processing happens on our secure servers, never directly in your browser.

You can view exactly what data AI can and cannot see in your Settings > Privacy & AI.

4. Data Storage & Security

Your data is stored in Supabase-managed PostgreSQL databases with AES-256 encryption at rest. All connections use TLS 1.2+. We follow the OWASP Top 10 guidelines for application security.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Service providers: Supabase (database), Resend (email), AI service providers (planning features), Paystack/Flutterwave (payments), PostHog (analytics), Sentry (error monitoring).
• Your wedding team: partners, planners, and vendors you explicitly invite.
• Legal requirements: when required by law or to protect our rights.

6. Cross-Border Data Transfers

Your data may be processed in the following regions:

• European Union: Analytics (PostHog) and error monitoring (Sentry).
• United States: Database hosting (Supabase), AI processing.

In compliance with the NDPA, we ensure appropriate safeguards for all cross-border transfers, including data processing agreements with all service providers and data minimisation practices (particularly for AI, where sensitive fields are masked before transfer).

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law. Anonymised analytics data may be retained indefinitely.

8. Your Rights

Under the NDPA and applicable data protection laws, you have the right to:

• Access: View all personal data we hold about you.
• Correction: Update inaccurate or incomplete data.
• Deletion: Request deletion of your data (with a 30-day grace period).
• Portability: Export your data in JSON format.
• Opt out: Disable analytics tracking in your account settings.

You can exercise your data export and deletion rights directly from Settings > Privacy & AI. For other requests, contact us at privacy@macheri.app.

9. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics tracking (PostHog) uses identified-only mode: no anonymous tracking. You can opt out of analytics in your account settings.

10. Children's Privacy

Macheri is not intended for users under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notification.

12. Contact

Questions about this policy? Contact our Data Protection Officer at privacy@macheri.app.