← Back

Privacy Policy

1. Controller

Irina Ermakova
Prof-Much-Str 16
65843 Sulzbach
Germany
Email: support@ladiapp.eu

2. Hosting and technical delivery

This website is hosted by Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USA. When you visit the site, server access data is automatically recorded (IP address, date and time of access, requested URL, HTTP status code, data volume, browser type, and operating system).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and uninterrupted website operation). Data is deleted automatically after 30 days at most. Data transfer to the USA is based on Standard Contractual Clauses pursuant to Art. 46 GDPR. For more information, see Vercel's privacy policy: vercel.com/legal/privacy-policy

3. Public invitation pages and RSVP processing

When a host publishes an invitation with ladi, we provide that event under a public URL. This may include the child's first name, age, date, time, location, invitation copy, cover imagery, and other optional party details entered by the host.

When guests open an invitation page or submit an RSVP, we process the data required to provide that interaction. Depending on use, this may include invitation code, technical request data, guest name, attending status, optional note, child and adult counts, dietary information, and free-text dietary notes. The legal basis is Art. 6(1)(f) GDPR because this processing is necessary to operate digital invitations and RSVP flows.

4. Wishlists and gift reservations

If a published invitation includes a wishlist, we may also process wishlist entries and gift reservations. This can include item names, optional notes or price information, and the name entered by the guest reserving a gift. The legal basis is Art. 6(1)(f) GDPR.

5. App subscriptions and RevenueCat

If you buy, unlock, or restore paid features in the ladi app, we use RevenueCat as our subscription and purchase infrastructure provider. Depending on the app flow, RevenueCat may process technical and transaction-related end user information such as the app-scoped user ID generated by ladi, product identifiers, entitlement status, last-seen timestamps, store receipt data or purchase tokens, and limited device or app metadata required to validate purchases and restores.

We use this data to unlock paid features, validate purchases, support restore flows, and prevent abuse. Apple remains responsible for payment processing and billing through the App Store. The legal basis is Art. 6(1)(b) GDPR (performance of the contract for paid features) and Art. 6(1)(f) GDPR (service security and fraud prevention). More information is available in RevenueCat's privacy policy: revenuecat.com/privacy

6. App analytics and diagnostics with TelemetryDeck

Within the ladi app we use TelemetryDeck, a privacy-focused analytics provider, to understand app usage and product quality. Depending on region and applicable law, analytics are enabled only after consent where required. We send event names, SDK-provided app/device metadata, and deliberately limited custom metadata such as screen or flow state and bounded technical error categories (for example network_timeout or server_500).

We do not intentionally send invitation text, RSVP notes, guest names, invitation URLs, or other free-form content to TelemetryDeck. The legal basis is Art. 6(1)(a) GDPR where consent is required and otherwise Art. 6(1)(f) GDPR for product improvement and operational reliability. More information is available at telemetrydeck.com/privacy.

7. Supabase backend provider

We use Supabase as our technical backend provider to store and deliver published invitations, RSVP responses, wishlist reservation data, organizer-authenticated actions, and push notification registrations. Only the data required to provide the service is processed there, and access is limited to what is technically necessary.

8. Website analytics, cookies, and external links

This website uses Plausible Analytics to measure aggregate visits and page usage in a privacy-friendly way. Plausible is used without advertising profiles and without placing marketing cookies. The legal basis is Art. 6(1)(f) GDPR for reach measurement and product improvement.

If you click external links, such as links to the Apple App Store or optional shopping links inside a wishlist, further data processing takes place solely under the responsibility of the respective third-party provider.

9. App Store

When you download the ladi app via the Apple App Store, Apple's privacy policy applies to the download, billing, and payment flow. We do not receive your full payment details from Apple.

10. Retention

Website access logs within Vercel hosting are generally deleted after no more than 30 days. Published invitations and related RSVP or wishlist data are stored only for as long as needed to provide the relevant event. An automated cleanup path is technically planned for expired events, generally no later than 60 days after the event date.

Subscription and analytics data processed by RevenueCat and TelemetryDeck are retained according to the respective provider agreements and privacy policies, insofar as this is required to provide purchases, restores, aggregated analytics, and operational safeguards.

11. Your Rights

Under GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21).

To exercise your rights, contact us at:
support@ladiapp.eu

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is determined by your place of residence or the location of the alleged infringement.

Last updated: April 2026