💌 WillYou

Privacy Policy

Last updated: 2026-06-23

This Privacy Policy explains how WillYou ("WillYou", "we", "us") collects, uses and protects personal data when you use our website and service. We serve users in the European Union/EEA, the United Kingdom, the United States and elsewhere, and we aim to comply with the EU General Data Protection Regulation (GDPR) and similar laws.

Questions or requests? Contact us at [email protected].

1. What we collect

  • Card details you provide: your name, your email address, the recipient's name and email address, your message, and your choices (occasion, style, language, mode).
  • Response data: whether the recipient answered "yes" and when.
  • Payment data: payments are processed by Stripe. We do not see or store your full card number; we only receive a confirmation that payment succeeded.
  • Analytics data: if you consent to cookies, Google Analytics collects usage data (pages viewed, device/browser, approximate location derived from a truncated IP). IP anonymization is enabled.
  • Technical data: standard server logs (e.g. IP address, timestamp) created by our hosting provider to operate and secure the service.

2. Why we use it (legal bases)

  • To provide the service - create your card, deliver the email to your recipient, and notify you of their answer. Legal basis: performance of a contract and our legitimate interest in running the service.
  • Analytics - to understand usage and improve WillYou. Legal basis: your consent (you can accept or reject; you can change this anytime via "Cookie settings").
  • Security and abuse prevention - legal basis: legitimate interest.

3. Cookies

  • Essential cookies (always on): a small cookie that remembers your chosen language, and a cookie that records your cookie choice.
  • Analytics cookies (only with consent): set by Google Analytics. No analytics script runs and no analytics cookies are set until you click "Accept".

4. Who we share data with

We use trusted processors to run the service:

  • Resend - to send the card and notification emails.
  • Stripe - to process payments.
  • Google Analytics - for usage analytics (only with consent).
  • Our hosting provider - to serve the website.

Some of these providers are based in the United States. Where data is transferred outside the EU/EEA, it is protected by appropriate safeguards such as the EU Standard Contractual Clauses. We never sell your personal data.

5. How long we keep it

Card data is retained for the life of the card link - 90 days from creation - after which the card expires and its data is deleted from active storage. You can ask us to delete a card sooner (see your rights below). Analytics data is retained according to Google's retention settings. Payment records are kept as required by law.

6. Your rights

If you are in the EU/EEA, UK or a similar jurisdiction, you have the right to access, correct, delete, restrict or object to processing of your personal data, to data portability, and to withdraw consent at any time. You may also lodge a complaint with your local data protection authority. To exercise any right, email [email protected].

7. Recipients

A sender provides their recipient's email address in order to send them a card. If you received a card and want your data removed, contact [email protected] and we will delete it.

8. Children

WillYou is not intended for children under 16. We do not knowingly collect data from children under 16.

9. Changes

We may update this policy from time to time. The "Last updated" date above shows the latest version.

WillYou