💌 WillYou

Politika privatnosti

Last updated: 2026-06-26

This Privacy Policy explains how WillYou ("WillYou", "we", "us") collects, uses, stores and protects personal data when you use our website and service. We serve users in the European Union/EEA, the United Kingdom, the United States and elsewhere, and we aim to comply with the EU General Data Protection Regulation (GDPR) and similar laws.

Questions or requests? Contact us at [email protected].

1. What we collect and store

When you create a card, we store the following in our own database (on a server located in the European Union):

  • Card details you provide: your name, your email address, the recipient's name and email address, your message and question, and your choices (occasion, style, language, mode).
  • Payment reference: the payment method and the license/order code returned by our payment provider, plus the amount and currency. We never see or store your card number.
  • Engagement data: whether and when the recipient opened the card link, whether the invitation email was opened (an approximate signal), and whether they answered "yes" or "no" and when.
  • Security data: if someone repeatedly submits invalid payment/discount codes, we temporarily store their IP address to block abuse and fraud.
  • Analytics data (only with your consent): Google Analytics collects usage data (pages viewed, device/browser, approximate location from a truncated IP). IP anonymization is enabled.
  • Technical data: standard server and CDN logs (e.g. IP address, timestamp) created by our hosting and network providers to operate and secure the service.

2. Why we use it (legal bases)

  • To provide the service - to create your card, take payment, deliver the email to your recipient and notify you of their answer. Legal basis: performance of a contract.
  • Security and abuse prevention - to protect the service from fraud and automated abuse. Legal basis: our legitimate interest.
  • Analytics - to understand usage and improve WillYou. Legal basis: your consent (accept or reject; change anytime via "Cookie settings").

3. Cookies

  • Essential cookie (always on): a small cookie that records your cookie choice.
  • Analytics cookies (only with consent): set by Google Analytics. We use Google Consent Mode - until you click "Accept", no analytics cookies are stored.

4. Who we share data with (processors)

We use trusted providers to run the service, each processing only what they need:

  • Gumroad - to process your payment and issue the order/license code.
  • Resend - to send the card and notification emails (delivered via servers in the EU, Ireland).
  • Cloudflare - for DNS, content delivery, and protection against attacks.
  • Our hosting provider - to run the server (located in the European Union).
  • Google Analytics - for usage analytics (only with your consent).

Some providers (e.g. Gumroad, Resend and Google) are based in the United States. Where data is transferred outside the EU/EEA, it is protected by appropriate safeguards such as the EU-U.S. Data Privacy Framework and/or the EU Standard Contractual Clauses. We never sell your personal data.

5. How long we keep it

Card data is automatically deleted 90 days after the card is created (the lifetime of the card link). Security/IP records are kept only as long as needed to prevent abuse and are then removed. Analytics data is retained according to Google's retention settings. Records required for accounting/tax may be kept by our payment provider as required by law. You can ask us to delete your data sooner at any time (see your rights).

6. Your rights

If you are in the EU/EEA, UK or a similar jurisdiction, you have the right to access, correct, delete ("right to be forgotten"), restrict or object to processing of your personal data, to data portability, and to withdraw consent at any time. To exercise any right, email [email protected] and we will action it (we can delete a specific card and all related data on request). You may also lodge a complaint with your local data protection authority.

7. Recipients

A sender provides their recipient's email address in order to send them a card. If you received a card and want your data removed, contact [email protected] and we will delete it promptly.

8. Children

WillYou is not intended for children under 16. We do not knowingly collect data from children under 16.

9. Changes

We may update this policy from time to time. The "Last updated" date above shows the latest version.

WillYou