Privacy Policy

How we handle your data - simply and transparently.

Last updated: January 2026

1. Who We Are

JoinMyEvent is an event invitation service that lets you create events and share invite links with your guests. This policy explains what data we collect and how we use it.

2. Cookies We Use

We use only essential cookies required for the service to function and security purposes. We do not use any analytics, advertising, or tracking cookies.

Guest Identification Cookie

  • Name: jme_guest_id
  • Purpose: Allows guests to RSVP without creating an account and return to edit their response
  • Duration: 1 year
  • Type: Strictly necessary (no consent required)

Session Cookie

  • Purpose: Maintains your login session and protects against cross-site request forgery
  • Duration: Until you close your browser
  • Type: Strictly necessary (no consent required)

Security Cookie (Cloudflare Turnstile)

  • Name: cf_turnstile
  • Purpose: Bot and spam protection on forms (registration, contact)
  • Duration: Session only
  • Type: Strictly necessary for security (no consent required)
  • Provider: Cloudflare

3. Information We Collect

Account Information

When you create an account, we collect your email address and a password (stored securely hashed, never in plain text).

Event Information

When you create an event, we store the event name, location, date/time, timezone, and description you provide.

Guest Responses

When guests respond to an invitation, we collect their name, response (attending/not attending), optional message, and any plus-one information they provide.

Security Data (Bot Protection)

To protect against spam and automated abuse, we use Cloudflare Turnstile on our registration and contact forms. When you submit these forms, Cloudflare may collect:

  • IP address
  • Browser type and version
  • Interaction data (mouse movements, timing) to distinguish humans from bots

This data is processed by Cloudflare solely for bot detection purposes and is subject to Cloudflare's Privacy Policy. We do not receive or store this data ourselves.

4. How We Use Your Data

We use your data solely to provide the JoinMyEvent service:

  • Display your events and guest responses to you
  • Allow guests to RSVP to your events
  • Send essential emails (account verification, password reset)
  • Respond to your support requests

We do not sell, share, or use your data for advertising purposes.

5. Data Retention

Account data: Kept until you delete your account.

Events and guest responses: Automatically deleted 2 weeks after the event date.

6. Your Rights

You have the right to:

  • Access: View all data we hold about you in your account settings
  • Export: Download your guest lists as CSV files (Standard plan and above)
  • Delete: Delete your account and all associated data at any time from your settings
  • Correct: Update your information through your account settings

7. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the personal data we collect, use, and disclose about you
  • Right to Delete: You can request deletion of your personal data (with some exceptions)
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at contact@joinmyevent.co or delete your account directly from your Settings page.

We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.

8. International Data Transfers

JoinMyEvent is operated from Germany. Your data may be transferred to and processed in countries outside your country of residence, including:

  • Payment processing: Our payment provider Polar may process payment data in the United States
  • Bot protection: Cloudflare (Turnstile) may process security data in the United States or other countries
  • Hosting: Our servers are located in Germany (Hetzner)

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with adequate data protection laws.

9. Data Security

We protect your data with:

  • HTTPS encryption for all connections
  • Secure password hashing (never stored in plain text)
  • HttpOnly cookies (not accessible to JavaScript)
  • CSRF protection on all forms

10. Contact Us

If you have questions about this privacy policy or your data, contact us at:

contact@joinmyevent.co

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to registered users. The "Last updated" date at the top indicates when this policy was last revised.