Book a Ceremony

Legal

Privacy Policy

Last updated: June 15, 2026

1. Information We Collect

We collect information you provide directly and information generated through your use of the Platform:

  • Account information: name, email address, and password (stored as a secure hash β€” never in plain text).
  • Booking information: ceremony date, location, service type, special notes, preferred area, and β€” after the ceremony β€” the officiant's confirmation of whether the signed marriage license was returned to the issuing office.
  • Officiant profile data: bio, services, pricing, languages spoken, and profile photo.
  • Officiant credential documents (optional): letters of good standing and state/county officiant registration certificates you may choose to upload. These are stored privately (never shown to clients), encrypted at rest with managed encryption keys, and access-logged; they are retained while your account is active and deleted when you close your account or on request. When you upload a credential image, it may be processed by an AI vision model to help confirm that it is a genuine credential document; the AI's assessment assists a human reviewer and never approves or rejects a credential on its own. We do not collect or store government identity documents β€” officiant identity is verified by Stripe (see below).
  • Officiant attestation: when you join as an officiant, we record your confirmation that you are legally authorized to perform marriages in the areas you serve, along with the date and version of that confirmation.
  • Trust & safety scan metadata: for Officiant accounts, we store the results of automated AI content scans of your profile text and profile photo β€” including a risk classification (clean, low, medium, or high), the date of the scan, a brief description of any flagged content, a cumulative violation count, any account-freeze or warning events, and a record of any content removed from your profile by our team as a result of a confirmed violation (the artifact type, removal date, and reason β€” not the removed content itself, which is deleted). This metadata is used solely for platform safety enforcement and is not visible to Clients. Profile text is scanned at minimum quarterly; additional randomised scans may occur at any time without prior notice. Scan results are updated each time a scan runs or when you modify your profile.
  • Identity verification: performed by Stripe as part of payout setup. Stripe collects and verifies your legal identity information directly; we receive only your verification status, not your identity documents.
  • Payment information: processed entirely by Stripe β€” we do not store raw card numbers or banking details.
  • Vendor profile data (Vendors only): if you join our vendor program, we collect your business name, contact name, email, city, optional website, tagline, bio, pricing, and category. If you choose to provide your website URL, we fetch its publicly available page content and process it with an AI model to help pre-fill your profile (business name, city, a short description, and starting price); you review and edit the result before it is saved, and we do not store the page content itself. AI-assisted "write" and "polish" tools for your bio send the text you provide to our AI provider to return an improved version. To receive payouts for package bookings, Vendors connect a Stripe Express account; identity verification is performed by Stripe, and we receive only your verification/payout status, not your identity documents. Your website and email are shown only in your own dashboard and are never displayed to Clients.
  • Ceremony-builder input: details you provide to our AI vow and ceremony-script tools (such as names, relationship details, and tone or style preferences) so we can generate a draft for you. Free vow drafts and ceremony-script previews are generated before any purchase; the full personalized ceremony script is generated when you unlock it with a self-officiated ("Marry a Friend") package.
  • Self-officiated package data: if you purchase a "Marry a Friend" package, we collect the information needed to provide ordination guidance, state-specific legal instructions, your personalized ceremony script, and license-filing tracking.
  • Calendar data (Officiants only): if you connect Google Calendar, we store OAuth tokens to sync your availability. We only read/write calendar events you authorize.
  • Matching & waitlist preferences: when you search, join the waitlist, or use our AI matching, we collect your event date and location and the preferences you choose to share (ceremony type, language, budget, guest count, and notes) so we can rank and recommend officiants who fit. You can edit these preferences anytime before you book; once you confirm a booking they become part of your booking details. Officiants may see anonymized demand signals (e.g. that couples are waiting in their service area) but never your contact information unless you book them.
  • Referral & channel source: if you arrive at the Platform through a partner referral link (a URL containing a ?ref= parameter) or a first-party channel link such as an officiant's shared booking page or an embedded widget (a URL containing a ?src= parameter), we store that source identifier in your browser's local storage and associate it with any booking you make within 30 days. This is used solely to attribute bookings to the referring partner or channel for program-tracking purposes. Source data does not affect the price or services you receive.
  • Agreement records (Officiant business tools): when an Officiant uses our tools to generate a draft agreement and shares it for acknowledgement, we store the draft document text and, if a Client acknowledges it, the acknowledgement details β€” the typed name, a timestamp, the acknowledger's IP address, and a hash of the document β€” solely to record that the agreement was reviewed and acknowledged. This is a convenience record only and is not a legally binding electronic signature.
  • Usage data: pages visited, features used, and general interaction patterns to improve the Platform.

When you submit a booking request, a customer account is automatically created using your email address. You will receive a one-time link (valid 48 hours) to set your password and activate the account.

2. How We Use Your Information

We use your information to:

  • Facilitate bookings between Clients and Officiants;
  • Send booking confirmations, status updates, and ceremony reminders via email (you can opt out of non-essential notification emails using the one-click unsubscribe link they contain);
  • Generate AI-assisted vow and ceremony-script drafts you request, and deliver self-officiated ("Marry a Friend") package guidance and materials;
  • Process payments and issue refunds through Stripe;
  • Scan Officiant profile text and photos using AI to detect content that violates our platform policies β€” including off-platform contact information, redirect links, QR codes, and social media handles β€” and to enforce those policies (see Section 8 of our Terms of Service);
  • Sync availability with Google Calendar (Officiants who opt in);
  • Display Officiant profiles and availability to prospective Clients;
  • Track referral attribution for partner referral programs;
  • Improve Platform features and resolve technical issues;
  • Communicate important updates about your account or the service.

3. Information Sharing

We share your information only in the following ways:

  • Between booking parties: when a booking is confirmed, we share the Client's name and ceremony details with the Officiant, and the Officiant's contact information with the Client.
  • Stripe: payment and payout processing. Officiants who connect Stripe have a Stripe Express account created on their behalf. Stripe's privacy policy governs their use of that data.
  • AWS: database and infrastructure hosting (DynamoDB, Lambda, S3).
  • Vercel: frontend hosting and anonymous analytics.
  • Resend: transactional and notification email delivery (booking confirmations, reminders, updates). Non-essential notification emails include a one-click unsubscribe link.
  • Groq: AI text generation, officiant matching, trust & safety content review, and translation. We send: (a) ceremony-builder input you provide, to generate vow and ceremony-script drafts; (b) officiant profile details (and, when you ask about adding a vendor, connected vendors' business name, category, city, and starting price) together with your matching preferences, to rank officiants, explain fit, and suggest package vendors; (c) officiant profile text and photo/credential content (as base-64 image data), to detect policy violations and help confirm credential documents; (d) interface text and officiant bios, to translate the experience into your chosen language; and (e) for Vendors, the public content of a website URL you provide and any bio text you ask us to write or polish, to pre-fill and improve your vendor profile. Content processed by Groq is not used to train models or for advertising.
  • Google: calendar integration (Officiants who connect Google Calendar).
  • Referral partners: if a booking is attributed to a referral partner, we share only the fact of the attribution (not your personal details) with that partner for program-tracking purposes.
  • Wedding vendors (opt-in only): if you ask us to connect you with local vendors after booking (photographers, DJs, makeup artists, etc.), we share your name, email, phone number, event date, and event location with vendors in the categories you selected. We never share your contact information with vendors unless you explicitly opt in, and you may withdraw consent by contacting us. Vendors pay us a referral fee for these introductions. Separately, if you book a vendor as part of a ceremony package, we share your booking details (such as your name and event date) with that vendor so they can fulfill the service you booked. In all cases vendors are independent businesses and are not employed or endorsed by Book a Ceremony.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data obtained through Google APIs is used only to provide the calendar sync feature and is not used for advertising, profiling, or shared with third parties beyond what is necessary to operate that feature, in compliance with Google's API Services User Data Policy.

Book a Ceremony's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When an Officiant connects Google Calendar, we request the https://www.googleapis.com/auth/calendar.events scope, which lets us read and write the calendar events needed to sync availability. We request no other Google scopes and access no other Google data.

4. Data Retention

Account data is retained for as long as your account is active. Booking and payment records are retained for 7 years for financial and legal compliance. If you delete your account, your personal profile information is removed; anonymized booking records may be retained for compliance purposes. You may request deletion of your account by contacting us at bookaceremonyllc+support@gmail.com.

Officiant credential documents (letters of good standing and registration certificates) are retained securely while your account is active, so we can stand behind a credential-review decision or resolve a dispute. They are stored in a private, access-logged bucket and encrypted at rest with managed encryption keys, and are deleted when you delete your account or on request. We practice data minimization: we do not collect or store government identity documents β€” officiant identity is verified by Stripe.

Trust & safety scan results are stored on your Officiant profile record and are updated each time a scan is run. Scan metadata (classification, date, and flagged reasons) is deleted when your account is deleted. Profile photos that are rejected by the automated photo scan are not saved to permanent storage β€” they expire from temporary storage within 24 hours via an S3 lifecycle rule.

Referral source data stored in your browser expires after 30 days. Server-side referral attribution on a completed booking is retained as part of the booking record for 7 years.

5. Cookies and Local Storage

We use httpOnly session cookies to maintain your login state. These cookies are set server-side, cannot be accessed by JavaScript, and expire when you log out or your session expires. We do not use third-party tracking cookies or advertising cookies. Our anonymous analytics (Vercel Analytics) do not use cookies and do not track individuals across sites.

We use browser local storage to remember your referral source (if you arrived via a partner link) for up to 30 days. This data is not shared with advertisers and is used solely for referral attribution.

6. Security

We use industry-standard security practices: HTTPS encryption in transit, encryption at rest for stored documents, PBKDF2 password hashing, time-limited session tokens, and access-controlled AWS infrastructure. Credential documents are held in a private, non-public storage bucket and every access to them is logged. We do not store raw payment card data or government identity documents β€” payment processing and identity verification are handled by Stripe. No system is 100% secure. Please use a strong, unique password for your account.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information through your account dashboard;
  • Request deletion of your account and personal data;
  • Withdraw Google Calendar authorization at any time through your Google account settings;
  • Request a human review of any automated trust & safety flag applied to your account by contacting us at the address below.

To exercise these rights, contact us at bookaceremonyllc+support@gmail.com.

8. Your U.S. State Privacy Rights

This Service is intended for users in the United States. We do not sell your personal information, and we do not share it for cross-context behavioral (targeted) advertising.

Depending on your state of residence β€” including California (CCPA/CPRA), Virginia (VCDPA), and Colorado, Connecticut, Texas, and other states with comprehensive privacy laws β€” you may have the right to: confirm whether we process your personal information and access it; correct inaccuracies; delete it; obtain a portable copy; and opt out of the sale of personal information, targeted advertising, and profiling (none of which we conduct).

California residents. The categories of personal information we collect are described in Section 1 (identifiers and account information; booking and transaction information; payment-status information; internet/usage activity; referral source; agreement-record metadata; and, for officiants, professional and credential information and trust & safety scan metadata). We collect it for the purposes in Section 2 and disclose it only to the service providers listed in Section 3. We do not knowingly process sensitive personal information beyond what is necessary to provide the service, and we do not use or disclose it in ways that would require a right to limit.

To exercise any of these rights, contact us at bookaceremonyllc+support@gmail.com. We will verify your identity before responding, you may use an authorized agent, and we will not discriminate against you for exercising your rights. You may appeal a decision by replying to our response.

9. EU and UK Users β€” GDPR / UK GDPR

This Platform is designed for use in the United States. If you are located in the European Union, the United Kingdom, or another jurisdiction with comprehensive data-protection law, the following additional information applies.

Data controller. Book a Ceremony LLC, contactable at bookaceremonyllc+privacy@gmail.com, is the data controller for personal information collected through this Platform.

Legal basis for processing. We process your personal data on the following bases:

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the booking, payment, and ceremony services you request.
  • Legitimate interests (Art. 6(1)(f) GDPR): improving the Platform, preventing fraud, enforcing platform policies (including automated content safety scanning), and communicating service updates. Our legitimate interests do not override your rights.
  • Legal obligation (Art. 6(1)(c) GDPR): retaining financial records as required by law.
  • Consent (Art. 6(1)(a) GDPR): where we rely on consent (e.g., Google Calendar sync), you may withdraw it at any time.

Automated decision-making. We use AI-assisted tools to rank and recommend officiants β€” and to suggest wedding vendors you can add to your booking as a package β€” based on your search preferences and what you tell our concierge (Art. 22 GDPR). These suggestions help surface relevant options and are one factor in your decision β€” they do not produce legal or similarly significant effects, and you are always free to choose any available officiant or vendor, or none, regardless of what is suggested. We also use automated AI tools to scan Officiant profile content and photos for policy violations; a flag from this scan is reviewed by a human administrator before any enforcement action is taken. You may contact us to request a human review of any match, recommendation, or content-safety flag.

International data transfers. We use US-based service providers (Stripe, AWS, Vercel, Resend, Groq). Transfers to the US from the EU or UK are made on the basis of Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms where applicable. Stripe, AWS, and Vercel maintain EU/UK data transfer agreements. Contact us at the address below if you would like more information about the safeguards in place.

Additional rights (EU/UK residents). In addition to the rights in Section 7, you also have the right to: data portability (receive your data in a machine-readable format); restrict processing in certain circumstances; and object to processing based on legitimate interests. You also have the right to lodge a complaint with your local supervisory authority β€” in the UK, the Information Commissioner's Office (ICO, ico.org.uk); in the EU, your national data protection authority. To exercise your rights, contact us at bookaceremonyllc+privacy@gmail.com. We will respond within 30 days.

10. Children's Privacy

The Platform is intended for users 18 and older. We do not knowingly collect personal information from children under 13, and we do not knowingly sell or share the personal information of minors under 16. If we become aware that we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice on the Platform prior to the changes taking effect.

12. Contact

Questions about this Privacy Policy? Contact us at bookaceremonyllc+support@gmail.com.