Privacy Policy
Last updated: December 22, 2025
Our Data Privacy Philosophy
We're a small team who, like you, have been burned by too many companies that farm our data or use it improperly. When we set out to build Lemonvite, we decided to approach things differently. We don't sell your personal data as a source of revenue, and we take care in overseeing how your data is accessed and what it's used for. In short – we treat your data the way we'd want someone to treat our own data.
Lemonvite's data privacy philosophy is to only collect and share the information needed to operate our service. We've designed our product from the ground up with privacy in mind. For example:
- We don't require full names to use our platform
- When you add guests to your event, we only store the contacts you're inviting – not your whole address book
- By default, we don't share your phone number or email with other users
- We don't allow your personal data to be used for purposes unrelated to our platform, unless you explicitly consent
- We don't subscribe you to a marketing list when you sign up
- We don't sell your personal data as a source of revenue – we make money by charging a one-time fee to publish your event invitation
Summary of Key Points
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by reading the full sections below.
- What personal information do we collect? When you use our Service, we collect personal information depending on how you interact with Lemonvite, the choices you make, and the features you use.
- Do we receive information from third parties? We do not receive personal information from third parties. However, we may receive information about you from other users (e.g., when a host invites you to an event).
- Why do we collect personal information? We collect, use, and disclose personal information to provide, improve, and administer our Service, communicate with you, for security and fraud prevention, and to comply with law. We do not sell your personal information or use it for marketing purposes.
- How do we protect personal information? We have organizational and technical processes in place to protect your personal information. However, no electronic transmission over the internet can be guaranteed to be 100% secure.
- What are your rights? Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, or delete your data.
1. Introduction
Lemonberry Labs LLC ("Lemonvite," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event invitation platform (the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.
2. Google User Data
Lemonvite uses Google Sign-In (OAuth 2.0) for user authentication. This section specifically describes how we handle data received from Google APIs, in compliance with the Google API Services User Data Policy.
2.1 Google Data We Access
When you sign in with Google, we request access to the following information from your Google account:
- Email Address: Your primary Google account email address
- Name: Your display name as set in your Google profile
- Profile Picture: Your Google profile photo (optional, if available)
We access only the basic profile information necessary for authentication. We do not access your Google contacts, calendar, files, or any other Google services data.
2.2 How We Use Google Data
The Google user data we receive is used exclusively for the following purposes:
- Account Creation: Creating your Lemonvite account when you first sign up
- Authentication: Verifying your identity when you sign in to the Service
- Profile Display: Showing your name and profile picture within the Service (e.g., in the navigation bar and on events you create)
- Communication: Sending you transactional emails about your account and events
2.3 Google Data Storage
Google user data is stored as follows:
- Your email address, name, and profile picture URL are stored in our secure database
- Data is encrypted in transit using TLS/HTTPS and at rest
- Data is stored on secure servers hosted by Vercel and our database provider
- Data is retained until you delete your account
2.4 Google Data Sharing
We do not sell, share, or transfer your Google user data to any third parties for advertising, marketing, or any purpose unrelated to providing our Service.
Your Google data may only be shared in these limited circumstances:
- Service Providers: With infrastructure providers (Vercel, database hosting) solely for the purpose of operating the Service
- Legal Requirements: When required by law or to respond to valid legal process
- With Your Consent: Your name and profile picture may be visible to guests you invite to events you create
2.5 Google Data Deletion
You can request deletion of your Google user data at any time by:
- Deleting your Lemonvite account through Settings
- Contacting us at privacy@lemonvite.com
- Revoking Lemonvite's access in your Google Account permissions
Upon deletion request, we will remove your Google user data from our active systems within 30 days. Some data may be retained in backups for up to 30 additional days before permanent deletion.
3. Information We Collect
3.1 Information You Provide Directly
| Category | Data Collected | Purpose |
|---|---|---|
| Account Information | Name, email address, profile picture (via Google OAuth) | Account creation, authentication, communication |
| Event Information | Event titles, dates, times, locations, descriptions, event type | Providing the Service, displaying invitations |
| Guest Information | Names and email addresses of guests you invite | Sending invitations on your behalf, RSVP tracking |
| RSVP Data | Attendance status, guest counts, dietary notes, messages | Event management, guest coordination |
| Payment Information | Payment method details (processed by Stripe; we do not store full card numbers) | Processing transactions |
| Uploaded Content | Images you upload for invitations | Creating custom invitations |
| AI Prompts | Text prompts and reference images you provide for AI image generation | Generating AI images for your invitations |
| Address Book | Contact names, emails, and notes you save | Simplifying future event invitations |
3.2 Information Collected Automatically
| Category | Data Collected | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, clicks, time spent | Improving the Service, analytics |
| Device Information | Browser type, operating system, screen resolution, device type | Optimizing user experience |
| Log Data | IP addresses, access times, referring URLs, error logs | Security, debugging, fraud prevention |
| Location Data | Approximate location based on IP address; precise location only if you use maps features | Location-based features, fraud prevention |
4. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: Creating and managing your account, events, and invitations
- Sending Communications: Sending invitation emails and SMS on your behalf to your guests, transactional emails, and service notifications
- Processing Payments: Completing purchases and maintaining transaction records
- AI Image Generation: Processing your prompts to generate custom invitation images
- Improving the Service: Analyzing usage patterns, fixing bugs, developing new features
- Security: Detecting and preventing fraud, spam, abuse, and security incidents
- Legal Compliance: Complying with applicable laws and responding to legal requests
- Customer Support: Responding to your inquiries and providing assistance
5. Sharing of Information
5.1 Third-Party Service Providers
We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and may only use it for the purposes we specify.
| Provider | Purpose | Data Shared |
|---|---|---|
| Authentication, cloud storage, AI services, analytics, maps | Account data, uploaded images, AI prompts, usage data, location queries | |
| Stripe | Payment processing | Payment information, email address, transaction details |
| Resend | Email delivery | Recipient email addresses, invitation content, sender information |
| Vercel | Application hosting | Server logs, IP addresses, request data |
| Telnyx | SMS/MMS delivery | Recipient phone numbers, message content, sender information |
| Giphy | GIF Search | Search queries, IP addresses |
5.2 Event Guests
When you invite guests to an event, they will see the event details you provide (title, date, location, description, invitation image). If you enable the guest list feature, attending guests may see other guests who are attending.
5.3 Legal and Safety Disclosures
We may disclose your information if we believe it is necessary to:
- Comply with applicable laws, regulations, or legal processes
- Respond to valid requests from law enforcement or government authorities
- Protect the rights, property, or safety of Lemonvite, our users, or the public
- Detect, prevent, or address fraud, security issues, or technical problems
- Enforce our Terms of Service
5.4 Business Transfers
If Lemonvite is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
5.5 We Do Not Sell Your Personal Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We have not sold personal information in the preceding 12 months and have no plans to do so.
5.6 SMS/MMS Messaging Privacy
This section describes how we handle mobile phone numbers and SMS/MMS messaging in compliance with the Telephone Consumer Protection Act (TCPA) and carrier guidelines.
5.6.1 Information Collection and Consent
We collect your mobile phone number when you register for an account using your phone number, or when a registered User (Host) provides it to us for the purpose of sending or receiving transactional event invitations and account security alerts (OTP).
Legal Basis for Host-Initiated Messages: Our platform facilitates communications based on the existing social relationship between the Host and the Guest. When a Host provides a Guest's phone number, they are exercising their existing relationship to send a transactional invitation—Lemonvite serves as the technical tool to deliver that message. As our messages are strictly transactional social invitations (not telemarketing), they meet the statutory requirements of the TCPA.
5.6.2 Use of Mobile Information
Your mobile information will be used exclusively for:
- Transactional Notifications: Delivering event details, RSVP status updates, and logistics as initiated by a Host
- Account Security: Sending One-Time Passwords (OTP) and multi-factor authentication codes
- Customer Support: Responding to your direct inquiries via SMS/MMS
5.6.3 Mobile Information Non-Sharing Disclosure
We value your privacy. Your mobile information—including your phone number and SMS opt-in/consent status—will NOT be shared, sold, or rented to any third parties for marketing or promotional purposes.
We may only share your mobile data with trusted third-party service providers (such as telecommunications carriers or SMS platform providers) for the sole purpose of facilitating the delivery of your messages. All such providers are bound by strict confidentiality agreements.
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
5.6.4 Opt-Out and Help
You can opt out of our SMS service at any time:
- To Opt Out: Reply STOP to any message you receive
- For Help: Reply HELP or contact us at support@lemonvite.com
- Charges: Message and data rates may apply depending on your mobile carrier
5.6.5 SMS Data Security and Record-Keeping
We implement industry-standard security measures to protect your mobile data. As required by the TCPA and carrier guidelines, we maintain timestamped records of all opt-ins and opt-outs to ensure your preferences are strictly honored.
6. Guest Data: Your Role as Data Controller
When you upload guest information (names and email addresses) to send invitations, you are the data controller for that guest data, and Lemonvite acts as a data processor on your behalf. This means:
- You are responsible for ensuring you have a lawful basis (such as consent or legitimate interest) to share your guests' information with us
- You should inform your guests that their information is being processed through our Service
- Guests may contact you directly to exercise their data rights
- We process guest data only as necessary to provide the Service to you
Guest data is retained for the duration of your event plus one year, after which it is automatically deleted unless you request earlier deletion.
7. AI-Generated Content and Your Data
When you use our AI image generation features:
- Your text prompts and reference images are sent to our AI service providers to generate images
- We do not use your prompts, images, or generated content to train AI models. Your data is used solely to fulfill your specific request.
- Generated images are stored in your account and may be used for your events
- AI service providers may retain data temporarily for operational purposes in accordance with their privacy policies
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Information | Until you delete your account, plus 30 days for backup recovery |
| Event Data | Approximately 14 months (60 weeks) after the event date, or until you delete it |
| Guest/RSVP Data | Approximately 14 months (60 weeks) after the event date, or until you delete it |
| Uploaded & AI Images | Approximately 14 months (60 weeks) after the event date, or until you delete them |
| Payment Records | Retained by our payment processor (Stripe) for 7 years (as required for tax and legal compliance). Our internal reference is deleted when you delete your account. |
| Server Logs | 90 days |
| Analytics Data | Up to 14 months (standard retention for Google Analytics 4) |
You can request deletion of your data at any time by contacting us or using the account deletion feature in your settings. Some data may be retained as required by law or for legitimate business purposes (e.g., fraud prevention, legal claims).
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Authentication, security, basic functionality | Session or up to 30 days |
| Preference Cookies | Remembering your settings (e.g., theme, language) | Up to 1 year |
| Analytics Cookies | Understanding how you use the Service (Google Analytics) | Up to 2 years |
9.2 Managing Cookies
When you first visit our Service, you will see a cookie consent banner allowing you to accept or decline non-essential cookies. You can change your preferences at any time through your browser settings or by clearing your cookies and revisiting the site.
Note that disabling essential cookies may prevent you from using certain features of the Service, such as staying logged in.
9.3 Do Not Track
Some browsers offer a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals because there is no industry-standard interpretation. However, you can opt out of analytics tracking through our cookie consent banner.
10. Data Security
We have organizational and technical processes and procedures in place designed to protect your personal information, including:
- Encryption of data in transit using TLS/HTTPS
- Encryption of sensitive data at rest
- Secure authentication via OAuth 2.0 and SMS verification
- Regular security assessments and vulnerability testing
- Access controls limiting employee access to personal data
- Secure cloud infrastructure with industry-standard protections
However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. If you believe your account has been compromised, please contact us immediately at security@lemonvite.com.
10.1 Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
11. Your Privacy Rights and Choices
We offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our Service, you may request the following in relation to your personal information. The easiest way to exercise your rights is by contacting us at privacy@lemonvite.com. We may ask for specific information from you to help confirm your identity. You are entitled to exercise these rights free from discrimination.
11.1 Managing Your Account
If you would at any time like to review or change the information in your account or terminate your account, you can do so through your account Settings or by contacting us.
Upon your request to terminate your account, we will immediately and permanently delete your account and all associated data (events, guests, payments) from our active databases. This action is irreversible. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.
11.2 Rights Available to All Users
- Access: Request a copy of the personal data we hold about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
- Correction: Request correction of personal information that is inaccurate or out of date
- Deletion: Request deletion of personal data that we no longer need to provide the Service or for other lawful purposes
- Withdrawal of Consent: Where we have collected and processed your personal information with your consent, you may withdraw that consent at any time
11.3 Additional Rights for EEA/UK Residents (GDPR)
If you are in the European Economic Area or United Kingdom, you also have the right to:
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request restriction of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Lodge a Complaint: File a complaint with your local data protection authority
Legal Basis for Processing (GDPR):
- Contract: Processing necessary to provide the Service you requested
- Consent: Where you have given explicit consent (e.g., marketing emails, analytics cookies)
- Legitimate Interests: Improving the Service, security, fraud prevention
- Legal Obligation: Compliance with applicable laws
11.4 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
CCPA Categories Disclosure (Last 12 Months)
| Category | Collected | Sold | Business Purpose |
|---|---|---|---|
| Identifiers (name, email, IP) | Yes | No | Account management, communication |
| Commercial Information (purchases) | Yes | No | Transaction processing |
| Internet Activity (usage data) | Yes | No | Analytics, service improvement |
| Geolocation (approximate) | Yes | No | Fraud prevention, localization |
| Inferences (preferences) | Yes | No | Personalization |
To submit a verifiable consumer request, email privacy@lemonvite.com with "CCPA Request" in the subject line. We will verify your identity before processing your request.
12. International Data Transfers
Lemonvite is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
For transfers from the EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission and/or the UK Information Commissioner's Office, as well as other lawful transfer mechanisms.
By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.
13. Children's Privacy
The Service is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18.
If you are a parent or guardian and believe that your child under 18 has provided us with personal information, please contact us immediately at privacy@lemonvite.com. We will take steps to delete such information from our systems.
If we learn that we have collected personal information from a person under 18, we will delete that information as quickly as possible.
14. Third-Party Links
The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If we make material changes, we will notify you by:
- Posting a notice on the Service
- Sending you an email notification
- Updating the "Last updated" date at the top of this page
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
- Email: privacy@lemonvite.com
- Security Issues: security@lemonvite.com
- General Support: support@lemonvite.com
We will respond to your request within 30 days, or sooner as required by applicable law.