Privacy Policy

Donum, Inc. (“Donum,” “we,” “us”) operates the Donum wedding-registry service (the “Service”). This Privacy Policy explains what personal information we collect, why we collect it, who we share it with, and the rights you have. We also publish a plain-English privacy promise that summarizes our commitments in human terms; this document is the formal policy.

1. Summary

• We collect what we need to run a registry, process gifts, and prevent abuse — and not much more.
• We do not sell or rent personal data, and we do not place third-party advertising trackers on registry pages.
• Payments are processed by Stripe; banking details live with Stripe, not with us.
• You can export or delete your data at any time from your account settings.

2. Who this applies to

This Policy applies to people who create accounts on Donum (“Couples”), people who visit a registry and contribute or click through to a retailer (“Guests”), and visitors to our marketing pages.

3. Information we collect

From Couples

• Account information: email address, password (stored as a salted hash by our authentication provider), optional display name.
• Registry information: partner names, wedding date, location, intro note, cover image, the items and funds you add, and any guest notes you receive.
• Stripe Connect onboarding: tax identification, banking details, and identity-verification documents you submit during Stripe’s onboarding flow. This information is collected and held by Stripe directly; Donum receives back only the status of your account (e.g. “charges enabled”) and high-level metadata.

From Guests

• Optional: name, email address, and a personal note, only if a guest chooses to provide them when contributing or clicking through to a retailer.
• Payment: card and billing details are collected directly by Stripe through its embedded payment element. Donum stores the contribution amount, currency, fee breakdown, and a Stripe transaction reference; we do not store full card numbers.
• Click metadata: when a guest clicks an affiliate link, we record the time, item, retailer, network, referrer, user-agent string, and a one-way hash of the IP address (salted with a server-side secret). We do not store the raw IP address.

From all visitors

• Server logs: standard request logs (timestamp, path, status code, user-agent) retained for operational and security purposes.
• Cookies: a small number of first-party cookies necessary to keep you signed in. See Section 8.

4. How we use information

• To create and operate your registry.
• To process cash contributions and route them to the Couple via Stripe.
• To send transactional emails (account confirmation, password reset, gift receipts, Stripe-status notifications, optional one-time guest follow-up).
• To attribute affiliate commissions accurately and to detect attribution fraud.
• To prevent abuse — including rate-limiting, bot detection, and dispute response.
• To comply with legal obligations and to enforce our Terms.

We do notuse your information or your guests’ information to build advertising profiles, to train machine-learning models, or to share with marketing partners.

5. How we share information

• With service providers (subprocessors) who process information on our behalf under contract — see Section 6.
• With Stripe, to enable cash contributions to your account.
• With affiliate networks, only the click identifier needed for commission attribution. We do not share guest names, emails, or IP information with affiliate networks.
• With law enforcement or other authorities, when we are legally required to do so by valid process, or where we have a good-faith belief that disclosure is necessary to protect rights, safety, or to comply with law.
• In a corporate transaction, such as a merger, acquisition, or sale of assets, in which case we will require the recipient to honor this Policy or notify you of material changes.

6. Subprocessors

We rely on the following service providers to operate the Service:

• Stripe, Inc. — payment processing and Stripe Connect Express onboarding.
• Supabase, Inc. — managed Postgres database and authentication.
• Resend, Inc. — transactional email delivery.
• Vercel, Inc. — application hosting and edge delivery.
• Anthropic, PBC — AI fallback for parsing item pages when retailer scrapers fail; receives only the public URL of the page being parsed.
• Affiliate networks (e.g. Amazon Associates, Impact, Skimlinks) — receive only the click identifier necessary for commission attribution.

We update this list as our infrastructure changes. The most current list will always be on this page.

7. We do not sell or rent personal data

We have not sold and will not sell personal information as “sale” is defined under the California Consumer Privacy Act, nor will we share personal information for cross-context behavioral advertising. We do not rent personal information to third parties for their own marketing.

8. Cookies and tracking

We use a small set of first-party cookies:

• Authentication: cookies set by our authentication provider (Supabase) so signed-in users stay signed in.
• Click attribution: a short-lived cookie associating an affiliate-link click with the originating registry, so commission can be attributed if a purchase is made.

We do not use third-party advertising cookies, retargeting pixels, or social-media tracking on registry pages. Affiliate links you click may cause the retailer or affiliate network to set their own cookies on their own domain, which we do not control.

9. Your rights and choices

Regardless of where you live, you can:

• Access and download your registry data and contribution history through your dashboard’s export tool.
• Correct any inaccurate information through your account settings.
• Delete your account at any time, which removes your registry, items, and personal information from active systems within 30 days. Contribution records may be retained as required by tax and financial-reporting law (see Section 13).
• Opt out of non-essential email by following the unsubscribe link in any communication. Transactional emails (account, payment receipts) cannot be opted out of as long as the account is active.

Guests who left an email at checkout may request deletion of that record by emailing hello@trydonum.com. We will respond within 30 days.

10. California (CCPA / CPRA)

If you are a California resident, you have the rights described in Section 9 plus the following statutory rights under the California Consumer Privacy Act, as amended:

• Right to know the categories and specific pieces of personal information we have collected about you.
• Right to delete personal information we have collected, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of any sale or sharing of personal information for cross-context behavioral advertising. (We do not sell or share for those purposes.)
• Right to non-discrimination for exercising any of these rights.

Categories of personal information collected: identifiers (name, email), commercial information (transaction records), internet activity (server logs, hashed IPs), and inferences derived from any of the above (e.g. an attribution score for an affiliate click). We do not knowingly collect sensitive personal information.

To exercise these rights, email hello@trydonum.com from the account email address, or use the export and deletion tools in your dashboard. We may need to verify your identity before fulfilling a request.

11. Other US state privacy rights

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws have rights similar to those described in Sections 9 and 10. Submit requests to the email above. We do not engage in “targeted advertising” or “profiling in furtherance of decisions that produce legal or similarly significant effects” as those terms are defined in those laws.

12. International users

The Service is offered to and intended for users in the United States. If you access the Service from outside the United States, you do so at your own initiative and are responsible for compliance with local law. Information you provide will be processed in the United States.

13. Data retention

• Account data: retained for as long as the account is active, then deleted within 30 days of account deletion.
• Contribution records: retained for at least seven (7) years to comply with U.S. tax-record and financial-reporting requirements.
• Click and affiliate-attribution records: retained for two (2) years.
• Server and security logs: retained for thirty (30) days.
• Backups: encrypted backups may persist deleted data for up to thirty (30) additional days before rotation.

14. Security

We use industry-standard administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, or disclosure: TLS in transit, encryption at rest, hashed passwords, principle-of-least-privilege access controls, and production-only secret rotation. No system is perfectly secure; we cannot guarantee absolute security and you provide information at your own risk.

15. Children

The Service is not directed to children under the age of 18 and we do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child, we will delete it promptly. Contact us at the address below if you believe we have done so.

16. Changes

We will update this Policy from time to time. The “Effective” date at the top reflects the most recent revision. For material changes we will provide reasonable notice (e.g. by email to the address on your account) before the changes take effect.

17. Contact

For privacy questions, requests under any law, or to report a concern, email hello@trydonum.com with the subject line “Privacy.”