Privacy Policy

BiteXR d.o.o. (“BiteXR”, “we”, “us”, or “our”) operates the Perfect Day wedding planning platform (“Service”). We are the data controller for personal data processed in connection with your account and use of the Service.

Registered address: Montenegro. For all privacy-related enquiries contact us at office@bitexr.com.

We process your personal data on the following legal bases under GDPR Article 6:

We use the data we collect to:

• Create and manage your account and wedding workspace
• Authenticate you securely via Firebase magic-link email
• Deliver the Service features: guest management, seating, vendors, budget, tasks, gallery, public wedding page
• Send invitation emails to your guests via Resend (a transactional email provider)
• Process payments and issue receipts through Paddle
• Provide customer support and respond to your enquiries
• Monitor and improve the reliability and performance of the Service
• Comply with legal obligations, including tax and accounting requirements

We do not sell your personal data. We share data only with trusted third-party service providers acting as data processors on our behalf, under written agreements requiring them to protect your data in accordance with applicable law:

SCCs = EU Standard Contractual Clauses for international data transfers.

We may also disclose data where required by law, court order, or government authority, or where necessary to protect the rights, property, or safety of BiteXR, our users, or others.

We retain your data for as long as necessary to provide the Service and comply with legal obligations:

• Account & wedding data — retained while your account is active. Upon account deletion, data is purged within 30 days, except where retention is required by law (e.g. invoicing records are kept for 7 years per accounting regulations).
• Guest data — retained for the duration of your account. Deleted with your account or on your explicit request.
• Payment records — retained for 7 years to comply with tax and accounting obligations.
• Technical/log data — retained for up to 90 days.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your data (“right to be forgotten”), subject to legal retention obligations
• Restriction — request that we limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests or for direct marketing
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at office@bitexr.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

When you enter your guests’ personal data (names, emails, dietary requirements, etc.) into Perfect Day, you act as the data controller for that data. This means you are responsible for:

• Having a valid legal basis for collecting and processing your guests’ data
• Informing your guests that their data will be processed for wedding planning purposes
• Not entering more data than is necessary for the purpose
• Responding to any requests from your guests to access, correct, or delete their data

We provide the platform tools; compliance with applicable data protection laws in relation to guest data is your responsibility. Our Terms & Conditions address this in further detail.

We use a minimal set of cookies and similar technologies:

• Strictly necessary cookies — Firebase authentication session tokens. These are essential for the Service to function and cannot be disabled.
• Performance cookies — anonymised analytics to understand how the Service is used and identify areas for improvement. You may opt out via your browser settings or a cookie consent banner where applicable.

We do not use advertising, retargeting, or social media tracking cookies.

We implement appropriate technical and organisational measures to protect your data, including:

• TLS encryption for all data in transit
• Encryption at rest for database storage (Neon PostgreSQL)
• Firebase Authentication — passwordless magic-link login, no passwords stored
• Role-based access control — only you (and your designated coordinator) can access your dashboard
• GCS signed URLs for media access — photos are not publicly indexable

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at office@bitexr.com and we will delete it promptly.

Note: you may legitimately enter a child guest’s name and meal choice as part of your wedding guest list. Such data is processed solely for seating and catering purposes on your instruction as the data controller.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email to your registered address at least 14 days before the changes take effect, and update the “Last updated” date at the top of this page.

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please contact us:

You also have the right to lodge a complaint with the supervisory authority in your country of residence. In Montenegro, the supervisory authority is the Agency for Personal Data Protection and Free Access to Information. In the EU, you may contact your local Data Protection Authority or the relevant EU DPA.