fancy.fyiPrivacy policy
What we collect, why, and what we do not.
Effective May 4, 2026.
fancy.fyi is an invitation and RSVP service. We collect the smallest set of information we can to run it well: enough to deliver an invite, record an RSVP, and let a host see who is coming. This page is the long-form version of that promise.
Information we collect
- Account information. When you sign in with Google, we receive your email address, display name, and profile photo URL from Google. We store these to identify your account.
- Event information. The events you create: title, date and time, description, location, hero image, host name, and the list of people you invite. You choose what goes in.
- Contacts. When you invite someone by email, we store the address you entered along with the display name you typed (or the one we derived from the address) so you can re-invite them later without retyping.
- RSVPs. A guest who replies to an invitation submits a status (yes, maybe, no, waitlisted), an optional plus-one count, an optional display name, and an optional note. We store these on the event.
- Photos. If you upload a photo to an event album, we store the image, its dimensions, and the time you uploaded it.
- Phone numbers (optional). If you opt in to SMS notifications, we store the phone number you provided. See the SMS opt-in policy for what we send and how to stop receiving it.
- Payment information. If you upgrade to a paid tier, billing is handled by Stripe. We do not see or store your full card number; Stripe sends us an opaque customer ID and the last four digits of the card used.
- Usage data. Standard server logs (IP address, user agent, timestamps) kept for security and debugging. We do not run third-party analytics or advertising trackers.
How we use it
- To deliver invitations, reminders, and other transactional messages you trigger.
- To show your hosts who has RSVPd to their events.
- To process payments for paid tiers and per-event unlocks.
- To detect abuse and enforce our terms.
- To respond when you write to us.
We do not sell your data. We do not use it to train models. We do not share it with advertisers.
Who we share it with
We use a small set of vendors to operate the service. They process your data on our behalf and only for the purposes below.
- Google: sign-in (OAuth).
- Resend: sending transactional email (invitations, reminders, unsubscribe confirmations).
- Twilio: sending SMS notifications, only if you opt in.
- Stripe: payment processing, only if you upgrade to a paid tier.
- Vercel: hosting and request logs.
- Neon: managed Postgres database hosting.
We may also disclose information when required by law, to protect rights or safety, or in connection with a corporate transaction (e.g. acquisition). In any such case, the recipient must protect the data on terms no less restrictive than this policy.
Your choices
- Access and export. Email us and we will send you a copy of the data we hold about you.
- Delete. Email us to delete your account and the data tied to it. Some limited records (e.g. financial logs required by law) may be retained for the period required, then deleted.
- Unsubscribe. Every transactional email contains an unsubscribe link. For SMS, reply STOP to any message.
- Cookies. We use a session cookie for authentication. We do not use third-party tracking cookies.
Children
fancy.fyi is not directed at children under 13. We do not knowingly collect information from anyone under 13. If you believe a child has provided us information, contact us and we will delete it.
Security
Data in transit is encrypted via TLS. Data at rest is encrypted at the database layer by our hosting provider. Access to production systems is limited to the operator and requires multi-factor authentication.
Changes
If we change this policy in a material way, we will update the effective date above and notify signed-in users by email at least 14 days before the change takes effect.