Terms & Conditions
Wedding Planner Compass — Version 2.0 — Date: 17.04.2026
General Terms and Conditions
Section 1 — Scope of Application
(1) These General Terms and Conditions ("GTC") govern the use of the software "Wedding Planner Compass" (hereinafter "Service").
(2) The Service is intended exclusively for business customers within the meaning of Section 14 of the German Civil Code (BGB). Contracts with consumers are excluded. Should it transpire that the Customer is a consumer within the meaning of Section 13 of the German Civil Code (BGB) despite the confirmation given, the Provider shall be entitled to terminate the Agreement with immediate effect.
(3) Any conflicting or additional terms and conditions of the Customer shall not apply unless the Provider has expressly consented to them in writing.
(4) The Provider may amend these GTC by giving six (6) weeks' prior notice of the intended effective date. Amendments shall be notified to the Customer by email to the email address registered in the Customer's account. The Customer shall have the right to terminate the Agreement with effect from the date on which the amendments take effect. If the Customer does not exercise this right of termination, the amended GTC shall be deemed accepted. The Provider shall specifically draw the Customer's attention to this legal consequence in the amendment notice.
(5) The Acceptable Use Policy (Schedule 1) and the Data Processing Agreement (Schedule 2) form an integral part of this Agreement.
Section 2 — Subject Matter of the Agreement
(1) The Provider shall make an internet-based software solution available to the Customer on a software-as-a-service basis.
(2) The Provider shall use reasonable efforts to ensure high availability of the Service. Scheduled maintenance windows shall be communicated to the Customer with at least 48 hours' prior notice where practicable. During the current build-up phase of the Service, occasional availability restrictions may occur. No specific availability level is guaranteed.
(3) The Provider offers support via email. Support requests are generally processed on business days (Monday to Friday, excluding public holidays at the Provider's registered office). No fixed response time is guaranteed. Additional support services may be agreed upon separately.
(4) The Service is in a pilot phase. The pilot phase commenced on 1 May 2026 and runs for twelve (12) months. During the pilot phase, feature changes, errors, or limitations may occur. The Provider may transition the Service to regular operation before the end of the pilot phase by notifying the Customer in text form.
The Provider may extend the pilot phase once by up to twelve (12) months by notifying the Customer in text form.
Upon expiry of the pilot phase (including any extension), the Provider shall notify the Customer whether the Service will transition to regular operation or be discontinued. If no such notification is given, the Service shall automatically transition to regular operation. Transition to regular operation does not constitute a material change within the meaning of Section 2(5) and does not in itself trigger any special termination right.
A reduced fee may be agreed for the duration of the pilot phase.
During the pilot phase (including any extension), annual subscribers may request termination with effect from the end of the current month, together with a pro-rata refund of prepaid fees for periods following the effective date of termination. To exercise this right, the Customer must submit the termination request by email to info@weddingcompass.com. Termination through the payment service provider's self-service portal does not trigger a refund and instead follows the standard terms under Section 6(2). This right applies only during the pilot phase and expires upon transition to regular operation.
(5) The Provider reserves the right to change or modify the name of the Service, branding, domains, URLs, technical access points, and technical infrastructure, provided that the material contractual features are not adversely affected. Material changes within the meaning of this paragraph and paragraph (6) shall be communicated to the Customer at least 30 days in advance. If any such change results in a material restriction or removal of contractually guaranteed features, the Customer shall be entitled to terminate the Agreement with 14 days' notice effective as of the date the change takes effect.
(6) The Provider may technically develop or modify features, provided that no material primary contractual obligations are adversely affected. Section 2(5), sentences 2 and 3 shall apply accordingly.
(7) The Service is offered in several plans, which differ primarily in the maximum number of wedding projects that can be managed. The features and limits of each plan are listed on the Provider's pricing page and at checkout. The Provider may modify the features of the plans; Section 2(5) and (6) apply accordingly.
(8) The Customer may change their plan at any time through the Service.
(a) Upgrades (moving to a higher plan) take effect immediately. Fees already paid are credited pro-rata to the new plan.
(b) Downgrades (moving to a lower plan) take effect at the end of the current billing period. If the Customer's number of active wedding projects exceeds the limit of the new plan, the excess projects are automatically archived when the downgrade takes effect. Archived projects remain accessible and exportable but can no longer be edited.
Section 3 — Usage Rights
(1) For the duration of the Agreement, the Customer shall receive a non-exclusive, non-transferable, and non-sublicensable right to use the Service for its own business purposes.
(2) Sharing access credentials with third parties outside the Customer's own organisation is prohibited.
(3) The Customer shall keep access credentials confidential and protect them from unauthorised access.
(4) The Customer shall be liable for all actions of its users as if they were its own. This liability shall not apply to the extent that the Customer demonstrates compliance with its obligations under the Acceptable Use Policy (Schedule 1).
Section 4 — Intellectual Property
(1) All rights in and to the Service, including without limitation copyrights, trademark rights, database rights, rights in software, source code, algorithms, architectures, designs, AI functionalities, and any other intellectual property rights, shall remain exclusively with the Provider.
(2) The Customer shall not acquire any ownership rights in the Service. The Customer shall only receive the contractually granted right of use for the duration of the Agreement.
(3) All data, content, documents, and other information uploaded to the Service by the Customer ("Customer Data") shall remain the property of, and under the responsibility of, the Customer. The Provider makes no claim to such content.
(3a) All content generated by the Service through AI features, including without limitation texts, analyses, recommendations, summaries, and other results ("AI Outputs"), shall be attributed to the Customer. The Provider waives any proprietary usage or exploitation rights in respect of a Customer's AI Outputs. The Provider shall not be entitled to use a Customer's AI Outputs for other customers or for its own commercial purposes.
(3b) The AI features of the Service are based on probabilistic language models and may produce inaccurate, incomplete, or erroneous results. AI Outputs do not constitute legal advice, tax advice, or any other professional advisory service. The Customer is solely responsible for reviewing AI Outputs for accuracy and suitability before relying on or using them. The Provider employs reasonable technical measures in implementing and operating the AI features. The Provider's liability for erroneous AI Outputs shall be governed by Section 8 of these GTC.
(4) The Provider may use anonymised and aggregated data for statistical purposes and error resolution, provided that no conclusions can be drawn about individual customers or natural persons. Anonymisation shall be carried out using appropriate technical procedures. Any use of Customer Data or AI Outputs for training or fine-tuning AI models requires the Customer's prior consent in text form. The Customer may revoke such consent at any time with effect for the future (opt-out). The Service uses the Google Gemini API to provide AI features. Under the paid tier used by the Provider, data transmitted via the API is not used by Google for training its own AI models.
(5) The Customer shall not be entitled to decompile, reverse engineer, modify, or technically analyse the Service, except to the extent mandatorily permitted by law.
Section 5 — Fees and Taxes
(1) Current plans and prices are available on the Provider's pricing page and during checkout. The prices and plan features shown at the time of purchase form part of the contract. Where individual arrangements (e.g. vouchers, discount codes, or custom pricing) have been agreed, these prevail over the prices shown on the pricing page.
(2) The Provider may adjust the agreed fees. Fee increases shall be communicated to the Customer at least six (6) weeks prior to their effective date in text form. In the event of a fee increase, the Customer shall be entitled to terminate this Agreement effective as of the date of the increase. If the Customer does not exercise this right of termination, the adjusted fee shall be deemed accepted. The Provider shall specifically draw the Customer's attention to this special right of termination in the notice.
(3) Fees may be agreed on either a monthly prepaid basis or as advance payment for multiple months.
(4) Payment processing is handled by Stripe Payments Europe, Limited (Dublin, Ireland). Available payment methods are those supported by Stripe at the time of checkout (e.g. credit card, SEPA direct debit, digital wallets). The current payment methods are displayed during the checkout process. The Provider does not have access to complete credit card numbers or bank account details at any time. Further details can be found in the Privacy Policy.
(5) Fees are due at the beginning of the agreed billing period.
(6) Termination shall take effect at the end of the agreed billing period. If the Customer terminates ordinarily, no pro-rata refund of prepaid fees shall be made. If the Provider terminates ordinarily, prepaid fees for periods following the effective date of termination shall be refunded on a pro-rata basis.
(7) Fees are invoiced without value-added tax (VAT) pursuant to Section 19 of the German VAT Act (UStG).
(8) If Section 19 UStG (small business exemption) ceases to apply, the previously agreed fee shall be deemed a net amount. The applicable statutory VAT rate shall be added to this net amount. The Provider shall notify the Customer without undue delay in text form of the discontinuation of the small business exemption.
(9) In the event of payment default, the Provider may temporarily suspend access to the Service. Suspension may only occur after the Provider has issued a reminder to the Customer setting a grace period of at least fourteen (14) days, has expressly warned of the suspension, and the Customer has failed to make the outstanding payment within the grace period.
(10) New customers may use the Service free of charge for thirty (30) days upon first registration ("Trial Period"). The Trial Period begins when the order is placed. At the end of the Trial Period, the subscription automatically converts to a paid subscription under the selected plan, and the payment method on file is charged for the first time. The Customer may cancel at any time before the end of the Trial Period, in which case no charge is made. The Trial Period is available only once per customer.
(11) The Customer may add additional user seats ("Team Seats") through the Service. Team Seats are charged at the prices shown at the time they are added and are billed on top of the base fee of the selected plan. The Customer may add or remove Team Seats at any time through the Service. Changes to Team Seats take effect immediately; billing is adjusted according to the Customer's billing period.
Section 6 — Term and Termination
(1) The Agreement shall be concluded for an indefinite term, unless otherwise agreed.
(2) The Customer may terminate the Agreement with effect from the end of the current billing period. For monthly plans, this means termination is possible on a monthly basis. For annual plans, termination takes effect at the end of the current contract year, and no pro-rata refund is made for fees already paid (see Section 5(6)). Annual plans renew automatically for a further year unless the Customer cancels before the end of the current billing period.
(2a) Upon termination, recurring payments via the payment service provider will automatically cease. Any payments already due shall remain unaffected.
(3) The right to terminate for cause shall remain unaffected.
(4) Cause for termination shall exist in particular where: the Customer is in default of due payments despite a reminder; the Customer materially breaches contractual obligations or the Acceptable Use Policy; the use of the Service gives rise to security risks, legal violations, or material system impairments; prohibited or illegal content is uploaded; repeated violations of data protection requirements occur; the continued operation or economically reasonable maintenance of the Service is permanently or materially impaired or rendered impossible for technical, legal, or security-related reasons. In the event of termination for cause by the Provider that is not attributable to the Customer's conduct, the Provider shall observe a notice period of at least thirty (30) days, enable the Customer to retrieve all Customer Data in accordance with Section 7, and refund prepaid fees for periods following the effective date of termination on a pro-rata basis. In all other respects, the statutory requirements of Section 314 of the German Civil Code (BGB) shall apply.
(5) The Provider may terminate the Agreement for convenience with 60 days' notice effective at the end of any calendar month.
(6) Termination notices must be given in text form. Email shall be sufficient.
Section 7 — Data Export and Deletion
(1) Following termination of the Agreement, the Customer shall have thirty (30) days to export its data in a machine-readable standard format. The Provider shall make available a suitable export function with the export formats available in the Service.
(2) Upon expiry of this period, personal data shall be deleted in accordance with the contractual provisions, unless statutory retention obligations apply.
(3) Where backup systems are configured, residual copies may remain until automatically overwritten in the regular backup cycle, but in no event for longer than ninety (90) days after termination of the Agreement.
(4) In addition, the requirements of Articles 23 to 25 of Regulation (EU) 2023/2854 (EU Data Act) regarding data access and data portability shall apply to the extent applicable to this contractual relationship.
Section 8 — Liability
(1) The Provider shall be liable without limitation in cases of wilful misconduct and gross negligence.
(2) In cases of ordinary negligence, the Provider shall only be liable for breach of material contractual obligations (cardinal obligations). Material contractual obligations are those obligations whose fulfilment is essential for the proper performance of the Agreement and on whose compliance the Customer may regularly rely, in particular the provision of access to the Service pursuant to Section 2 and compliance with the contractually agreed technical and organisational measures. In such cases, liability shall be limited to the foreseeable damage typical for this type of agreement.
(3) Liability for ordinary negligence is limited in amount to the fees paid by the Customer in the twelve (12) months preceding the event giving rise to the claim.
(4) Liability for damages resulting from injury to life, body, or health shall remain unaffected.
(5) Liability for indirect damages or loss of profits is excluded, except in cases of wilful misconduct and gross negligence. In the event of a breach of material contractual obligations, the limitations set out in paragraphs (2) and (3) shall apply.
(6) The Service is not intended for safety-critical or mission-critical applications.
(7) The Provider shall not be liable for delays or failures in performance attributable to circumstances beyond its reasonable control, including without limitation natural disasters, power outages, telecommunications network failures, DDoS attacks, governmental orders, or failures of the cloud infrastructure used (Google Cloud/Firebase). The affected performance obligations shall be suspended for the duration of the force majeure event. The Provider shall notify the Customer without undue delay of the occurrence and anticipated scope of the disruption.
Section 9 — Data Protection
To the extent the Provider processes personal data on behalf of the Customer, Schedule 2 (Data Processing Agreement) shall apply.
Section 10 — Governing Law and Jurisdiction
(1) This Agreement shall be governed by the laws of the Federal Republic of Germany, excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).
(2) The exclusive place of jurisdiction shall be the registered office of the Provider, provided that the Customer is a business customer.
(3) The English-language version of this Agreement shall prevail.
(4) For Customers domiciled outside the European Union, mandatory provisions of the Customer's jurisdiction of domicile shall remain unaffected.
Schedule 1 — Acceptable Use Policy
Wedding Planner Compass — As of: 15 March 2026
Section 1 — Scope and Definitions
1.1 This Acceptable Use Policy governs the permitted use of the Service "Wedding Planner Compass" (hereinafter "Service") by the Customer and its authorised users. It forms an integral part of the Agreement between the Provider and the Customer.
1.2 Definitions for the purposes of this Policy:
- "Service" — the SaaS platform "Wedding Planner Compass" including all features, interfaces, and AI-powered functionalities.
- "Customer" — the natural or legal person that has entered into an Agreement with the Provider.
- "User" — any natural person authorised by the Customer to use the Service (e.g. employees, freelancers, subcontractors as well as couples to whom the Customer grants limited access to the Service).
- "AI Features" — all features of the Service that are based on artificial intelligence, in particular the Google Gemini AI integration (e.g. vendor import from PDFs, guest list extraction, RSVP translation).
- "Intended Use" — use of the Service for the purpose of professional wedding planning and coordination within the scope of the contractually agreed features.
Section 2 — Lawful Use
2.1 The Customer shall use the Service exclusively for its intended purpose and in compliance with applicable law, in particular German and European law.
2.2 The Customer shall ensure that its users also comply with this Acceptable Use Policy. The Customer shall be liable for violations by its users as if they were its own.
Section 3 — Prohibited Activities
3.1 The Customer and its users are prohibited from:
(a) Technical Integrity
- uploading, transmitting, or facilitating the distribution of malware (viruses, trojans, ransomware, spyware, or comparable programs);
- circumventing, disabling, or tampering with security mechanisms, access controls, encryption, or other technical safeguards of the Service;
- conducting automated mass queries (scraping, crawling), unless expressly enabled through the Service's designated interfaces;
(b) Unlawful Content
uploading, storing, or distributing content via the Service that is unlawful under German law, in particular:
- content constituting incitement to hatred, glorification of violence, or pornographic material (Sections 130, 131, 184 of the German Criminal Code (StGB));
- content infringing the personal rights of third parties (Sections 185 et seq. StGB, Section 22 of the German Art Copyright Act (KUG));
- content violating copyright law (Sections 106 et seq. of the German Copyright Act (UrhG));
- content infringing trademark rights or other industrial property rights;
(c) Prohibited Data Categories (absolute)
- uploading or storing identity documents, passport data, or other official identification documents in the Service;
- deliberately entering credit card numbers, bank account details, payment data, or other financial instrument data into input fields of the Service.
Payment processing is handled exclusively through the integrated payment service provider Stripe. Payment data (credit card numbers, IBAN) is entered and processed directly by Stripe — not in the input fields of the Service. This prohibition does not apply to the upload of business documents (e.g. vendor contracts, invoices) that incidentally contain such data. The Provider does not separately process payment data contained in uploaded documents and assumes no responsibility for their protection beyond the general security measures.
(d) Misuse
- using the Service for purposes unrelated to wedding planning;
- using the Service to provide proprietary hosting or SaaS services to third parties (resale);
- sharing access credentials with unauthorised third parties.
Section 4 — Special Categories of Personal Data (Art. 9 GDPR)
4.1 Principle. The processing of special categories of personal data within the meaning of Art. 9(1) GDPR (hereinafter "sensitive data") via the Service is generally prohibited, unless an exception is provided for in this Section 4.
4.2 Exception for intended use. Notwithstanding Section 4.1, the entry and processing of the following sensitive data is permitted where necessary for the intended use of the Service in the course of professional wedding planning:
- (a) Religious or philosophical beliefs — to the extent necessary for planning the wedding ceremony (e.g. religious, civil, or non-denominational ceremonies) and selecting appropriate vendors and venues;
- (b) Health-related data — to the extent necessary for:
- menu planning (food allergies, intolerances, medically required dietary needs);
- ensuring venue accessibility (e.g. wheelchair accessibility, mobility restrictions).
4.3 Customer's responsibility. As data controller within the meaning of Art. 4(7) GDPR, the Customer is solely responsible for ensuring that a valid legal basis exists for the entry and processing of sensitive data under Section 4.2, in particular explicit consent pursuant to Art. 9(2)(a) GDPR. The Provider neither verifies the existence of a legal basis nor reviews the content of uploaded data. The Provider processes the data solely in accordance with the Controller's documented instructions under the Data Processing Agreement (Schedule 2 of the Agreement).
4.4 Indemnification. The Customer shall indemnify and hold harmless the Provider against all third-party claims arising from the unlawful entry of personal data into the Service, including sensitive data without a valid legal basis. This includes damages and legal costs, to the extent the Provider has not independently committed a breach of duty.
4.5 Data minimisation. The Customer shall ensure that sensitive data is entered only to the extent actually necessary for the respective planning purpose. In particular, detailed medical diagnoses, findings, or treatment plans shall not be entered into the Service; the indication of planning-relevant information (e.g. "nut allergy", "wheelchair user") is sufficient.
4.6 Sensitive data that remains prohibited. Regardless of the exceptions under Section 4.2, the entry of the following sensitive data is prohibited in all cases:
- biometric data for the purpose of unique identification (Art. 9(1) GDPR);
- genetic data;
- data concerning trade union membership;
- data relating to criminal convictions and offences (Art. 10 GDPR).
Section 5 — Use of AI Features
5.1 The Service provides AI-powered features based on Google Gemini AI technology. Depending on availability, the AI Features may include:
- automated import of vendor data from PDF documents (vendor import);
- extraction and structuring of guest lists;
- automated translation of RSVP texts and responses;
- AI-powered image generation (e.g. vendor preview images).
5.2 Permitted AI use. The AI Features may only be used within the scope of the intended use of the Service for wedding planning purposes.
5.3 Prohibited AI use. The following uses are prohibited:
- using the AI Features to generate content that is unlawful under Section 3.1(b);
- creating deceptively realistic depictions of real persons without their consent (deepfakes);
- systematic extraction or reverse engineering of the underlying AI models, training data, or algorithms;
- using the AI Features for automated decision-making within the meaning of Art. 22 GDPR that produces legal effects concerning data subjects;
- entering data categories prohibited under Section 3.1(c) (identification documents, financial data) into AI input fields;
- prompt injection attacks or other attempts to circumvent the security mechanisms or content restrictions of the AI models.
5.4 Notices regarding AI use. The Customer acknowledges that:
- AI-generated results may contain errors and do not constitute legally binding advice;
- the Customer must independently verify AI-generated results for accuracy and suitability before use;
- AI-generated images must be labelled as such if used in communications with third parties.
Section 6 — Customer Obligations Towards its Users
6.1 The Customer shall demonstrably inform all users to whom it grants access to the Service of the content of this Acceptable Use Policy prior to their first use.
6.2 The Customer shall ensure that its users commit to complying with this Acceptable Use Policy before access to the Service is granted.
6.3 The Customer shall notify the Provider without undue delay if it becomes aware of violations of this Policy by its users.
6.4 The Customer shall be liable for violations of this Acceptable Use Policy by its users as if they were its own. The Customer shall indemnify the Provider against all third-party claims arising from acts of its users in connection with the use of the Service, unless the Customer demonstrates that it has fulfilled its obligations under Sections 6.1 and 6.2.
Section 7 — Consequences of Violations — Escalation Model
7.1 Principle of proportionality. The Provider shall observe the principle of proportionality when responding to violations of this Acceptable Use Policy. Consequences shall be determined by the nature, severity, and frequency of the violation.
7.2 Level 1 — Warning. In the event of a first-time or minor violation of this Acceptable Use Policy, the Provider shall issue a written warning to the Customer in text form, setting a reasonable deadline for remediation and cessation of further violations. The deadline shall generally be at least 14 calendar days, unless the nature of the violation requires a shorter deadline.
7.3 Level 2 — Temporary suspension. The Provider may temporarily suspend access of the Customer or individual users if:
- the Customer commits renewed or continued violations despite a warning under Section 7.2;
- the Customer has allowed the deadline set in the warning to expire without remediation.
The suspension shall be communicated to the Customer without undue delay, stating the reasons. The Provider shall lift the suspension without undue delay once the Customer has demonstrably remedied the violation and provides sufficient assurance that further violations will not occur.
7.4 Level 3 — Termination for cause. The Provider shall be entitled to terminate the Agreement for cause if:
- the Customer repeatedly or materially violates this Acceptable Use Policy despite prior warning and/or suspension;
- continuation of the contractual relationship is unreasonable for the Provider, weighing the interests of both parties.
7.5 Immediate suspension in case of imminent threat. Notwithstanding the escalation model under Sections 7.2 to 7.4, the Provider may immediately suspend the Customer's access without prior warning if:
- there is an imminent threat to the technical integrity or security of the Service, its infrastructure, or third-party data (e.g. active malware upload, ongoing attack);
- a criminal offence is being committed via the Service or its commission is imminent;
- immediate suspension is required to comply with a statutory or regulatory order.
In such cases, the Customer shall be notified of the suspension and its reasons without undue delay. The Customer shall be given the opportunity to respond within 5 business days. Following review of the response, the Provider shall decide on the continuation of the suspension, the lifting of the suspension, or termination for cause.
7.6 Damages. The Provider's right to claim damages shall remain unaffected by the foregoing provisions.
Section 8 — Final Provisions
8.1 The Provider reserves the right to amend this Acceptable Use Policy with at least six (6) weeks' prior notice in text form, to the extent required due to changes in the legal framework, technological developments, or emerging threats. The Customer shall have the right to terminate the Agreement with effect from the date on which the amendment takes effect. If the Customer does not exercise this right of termination, the amended version shall be deemed agreed. The Provider shall specifically draw the Customer's attention to the deadline and legal consequences in the amendment notice.
8.2 Should any provision of this Acceptable Use Policy be or become invalid or unenforceable, the validity of the remaining provisions shall not be affected.
8.3 This Acceptable Use Policy shall be governed by German law.
Schedule 2 — Data Processing Agreement (DPA)
pursuant to Art. 28 GDPR
Wedding Planner Compass — As of: 15 March 2026
Preamble
The Processor provides the Controller with the SaaS service "Wedding Planner Compass" (hereinafter "Service"). In the course of using the Service, the Processor processes personal data on behalf of the Controller. This Data Processing Agreement (hereinafter "DPA") specifies the data protection rights and obligations of the Parties in connection with the data processing pursuant to Art. 28 of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter "GDPR").
This DPA forms an integral part of the main agreement between the Parties governing the use of the Service (hereinafter "Main Agreement"), including the General Terms and Conditions (GTC). In the event of any conflict between this DPA and the Main Agreement, the provisions of this DPA shall prevail with respect to the protection of personal data.
Section 1 — Subject Matter and Duration of Processing
(1) The subject matter of this DPA is the processing of personal data by the Processor on behalf of and upon instruction of the Controller in the course of providing and using the Service "Wedding Planner Compass".
(2) The Service comprises an internet-based software solution for planning and managing wedding projects, including all features available within the Service.
(3) The duration of processing shall correspond to the term of the Main Agreement. Processing shall commence upon execution of the Main Agreement and shall end upon its termination, subject to the deletion obligations set out in Section 12.
Section 2 — Nature and Purpose of Processing
(1) The nature of processing includes in particular: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission (to sub-processors pursuant to Section 7), alignment, combination, restriction, erasure, and destruction of personal data.
(2) The purpose of processing is exclusively the provision of the Service in accordance with the Main Agreement, in particular:
- storage and management of guest and wedding data in the cloud database (Firebase Firestore);
- authentication and authorisation of users (Firebase Authentication);
- storage of uploaded files (Firebase Storage);
- AI-powered processing of Customer Data for text extraction, data structuring, translation, and other AI features available within the Service (Google Gemini API);
- Payment processing via the payment service provider Stripe (credit card and bank data are processed exclusively by Stripe and not stored within the Service);
- Authentication and authorisation of users via Firebase Authentication (Google Sign-In and email/password authentication);
Section 3 — Categories of Data Subjects and Personal Data
(1) The categories of data subjects affected by the processing are:
Couples (clients of the Controller), wedding guests, external service providers (vendors/venues), and users of the Service (the Controller, employees, or agents of the Controller).
(2) The following categories of personal data are processed:
Master and contact data, wedding-related planning data (e.g. financial data, calendar, templates, checklists, comment data), dietary data (Art. 9 GDPR where applicable), vendor data, document data, usage and authentication data, AI-processed data, payment reference data (Stripe customer ID, subscription status; no complete payment instrument data), newsletter data (email addresses, engagement data), appointment booking data, cookie consent data, and free-text content entered by the Customer.
(3) Special categories of personal data (Art. 9(1) GDPR):
In the course of using the Service, special categories of personal data within the meaning of Art. 9(1) GDPR may be processed, in particular health-related data (allergies, intolerances, accessibility information) and religious or philosophical beliefs (to the extent necessary for ceremony planning). The responsibility for the existence of a valid legal basis pursuant to Art. 9(2) GDPR rests solely with the Controller.
Section 4 — Instructions of the Controller
(1) The Processor shall process personal data solely on the basis of documented instructions from the Controller, unless required to do so by Union law or the law of the relevant Member State. In such a case, the Processor shall inform the Controller of that legal requirement before processing, unless such law prohibits such information on important grounds of public interest (Art. 28(3)(a) GDPR).
(2) The Main Agreement including this DPA, as well as the intended use and configuration of the Service by the Controller, shall constitute documented instructions within the meaning of paragraph (1).
(3) Additional individual instructions shall be given in text form (email shall suffice) and shall be documented by the Controller. Oral instructions shall be confirmed in text form without undue delay.
(4) If the Processor is of the opinion that an instruction from the Controller infringes the GDPR or other data protection provisions, it shall notify the Controller without undue delay. The Processor shall be entitled to suspend the execution of the relevant instruction until confirmation or amendment by the Controller.
(5) The Processor is not obligated to verify the lawfulness of the data transmitted by the Controller for processing or entered into the Service. The responsibility for the existence of a valid legal basis, particularly for sensitive data within the meaning of Art. 9 GDPR, rests solely with the Controller.
Section 5 — Confidentiality
(1) The Processor shall ensure that persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality (Art. 28(3)(b) GDPR).
(2) The obligation of confidentiality shall survive the termination of this DPA.
(3) The Processor may engage qualified third parties (in particular freelancers) under its instruction and control for the provision of the Service, provided that such persons have been bound by confidentiality and compliance with data protection provisions. Such persons shall not be deemed sub-processors within the meaning of Section 7.
Section 6 — Technical and Organisational Measures
(1) The Processor shall implement all measures required pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk. The specific technical and organisational measures are described in Annex 2 to this DPA.
(2) The Processor shall review the technical and organisational measures where there is a specific reason to do so and shall adapt them to the state of the art as necessary. Changes are permissible provided that the contractually agreed level of protection is not diminished.
(3) For special categories of personal data within the meaning of Art. 9(1) GDPR, the additional safeguards described in Annex 2, Section 10 shall apply.
Section 7 — Sub-Processors
(1) The Controller hereby grants the Processor general written authorisation to engage further processors (hereinafter "sub-processors") (Art. 28(2) GDPR).
(2) The sub-processors engaged at the time of execution of this DPA are listed in Annex 1. The Controller consents to the engagement of these sub-processors.
(3) The Processor shall inform the Controller in advance in text form of any intended addition or replacement of sub-processors. The Controller may object to the change within 14 days of receipt of the notification on legitimate data protection grounds in text form. If no objection is raised within this period, the change shall be deemed approved.
(4) If the Controller raises a legitimate objection, the Parties shall endeavour to reach an amicable solution. If this is not possible, the Controller shall have the right to terminate the Main Agreement for cause.
(5) The Processor shall contractually ensure that sub-processors are subject to the same data protection obligations as set out in this DPA, in particular with regard to sufficient guarantees of appropriate technical and organisational measures (Art. 28(4) GDPR). The Processor shall remain fully liable to the Controller for the performance of the sub-processor's data protection obligations pursuant to Art. 28(4) GDPR. The Processor's right of recourse against the sub-processor shall remain unaffected.
Section 8 — Transfers to Third Countries
(1) The transfer of personal data to a third country (countries outside the EEA) or to an international organisation shall only take place if the requirements of Articles 44 to 49 GDPR are met.
(2) Where sub-processors in third countries are engaged, the Processor shall ensure that an adequate level of data protection is guaranteed. The following mechanisms may be relied upon in particular:
- an adequacy decision of the European Commission pursuant to Art. 45 GDPR (e.g. EU-U.S. Data Privacy Framework);
- Standard Contractual Clauses (SCCs) of the European Commission pursuant to Art. 46(2)(c) GDPR;
- supplementary measures in accordance with the recommendations of the European Data Protection Board (EDPB), where required.
(3) The current status of third-country transfers and the respective safeguards is documented in Annex 1.
(4) Should a safeguard for a third-country transfer cease to be valid (e.g. invalidation of an adequacy decision), the Processor shall inform the Controller without undue delay. In such event, the Parties shall jointly assess alternative safeguards. If an adequate level of protection cannot be ensured, the affected processing shall be discontinued.
Section 9 — Rights of Data Subjects
(1) The Processor shall assist the Controller, insofar as possible, with appropriate technical and organisational measures in fulfilling its obligation to respond to requests for exercising the rights of data subjects under Chapter III of the GDPR (Art. 28(3)(e) GDPR), in particular:
- right of access (Art. 15 GDPR),
- right to rectification (Art. 16 GDPR),
- right to erasure (Art. 17 GDPR),
- right to restriction of processing (Art. 18 GDPR),
- notification obligation (Art. 19 GDPR),
- right to data portability (Art. 20 GDPR),
- right to object (Art. 21 GDPR),
- right regarding automated decision-making (Art. 22 GDPR).
(2) If a data subject addresses a request under paragraph (1) directly to the Processor, the Processor shall forward the request to the Controller without undue delay, to the extent that attribution to the Controller is possible.
(3) Upon request, the Processor shall provide the Controller with the information and data necessary to respond to data subject requests. Costs exceeding the ordinary effort shall be borne by the Controller following prior consultation.
Section 10 — Processor's Assistance Obligations
(1) Taking into account the nature of the processing and the information available to it, the Processor shall assist the Controller in ensuring compliance with the obligations set out in Articles 32 to 36 GDPR (Art. 28(3)(f) GDPR), in particular with regard to:
- ensuring the security of processing (Art. 32 GDPR);
- notification of personal data breaches to the supervisory authority (Art. 33 GDPR);
- communication of personal data breaches to data subjects (Art. 34 GDPR);
- conducting data protection impact assessments (Art. 35 GDPR);
- prior consultation with the supervisory authority (Art. 36 GDPR).
(2) Data protection impact assessment (DPIA): Upon request, the Processor shall provide the Controller with the information necessary to conduct a DPIA pursuant to Art. 35 GDPR. This includes in particular information on the processing procedures employed, the technical and organisational measures, and the sub-processors engaged and their processing activities.
Section 11 — Notification of Personal Data Breaches
(1) The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach (Art. 33(2) GDPR).
(2) The notification shall include at least the following information, to the extent available at the time of notification:
- a description of the nature of the breach, including the categories and approximate number of data subjects and data records affected;
- the name and contact details of the Processor's contact person;
- a description of the likely consequences of the breach;
- a description of the measures taken or proposed to address and mitigate the consequences of the breach.
(3) Where not all information can be provided simultaneously, the Processor shall provide the information in phases without undue further delay.
(4) The Processor shall assist the Controller in fulfilling its notification obligations under Articles 33 and 34 GDPR.
Section 12 — Deletion and Return of Data
(1) Upon termination of the Main Agreement, the Processor shall delete all personal data processed on behalf of the Controller and all existing copies, unless Union law or the law of a Member State requires further storage (Art. 28(3)(g) GDPR).
(2) Prior to deletion, the Processor shall provide the Controller with the opportunity to export the data. Where an export function is available in the Service, the export shall be carried out through it. For data without an export function, the Processor shall provide the data in a common format upon request. The Controller shall request such export within 30 days of termination of the Agreement.
(3) Deletion shall take place within 30 days of termination, unless an export request has been communicated under paragraph (2), in which case within 30 days of the export. Residual copies in backup systems shall be deleted no later than 90 days after termination of the Agreement. For AI-processed data, the current deletion timelines of the respective AI sub-processor shall apply (currently: Google Gemini API, maximum 55 days).
(4) The Processor shall confirm complete deletion to the Controller upon request in text form.
Section 13 — Audit and Inspection Rights
(1) The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Art. 28 GDPR and shall allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller (Art. 28(3)(h) GDPR).
(2) The Controller shall be entitled to verify compliance with this DPA. This shall be carried out by obtaining information in text form or by reviewing audit reports and certifications of the sub-processors engaged. As the Processor does not operate its own server infrastructure and data processing is carried out exclusively via cloud services in accordance with Annex 1, audits shall generally be limited to document-based evidence.
(3) The costs of audits shall be borne by the Controller.
(4) The Controller shall be entitled to conduct a maximum of one audit per calendar year, unless a specific reason requires an additional audit.
Section 14 — Obligations of the Controller
(1) The Controller shall be solely responsible for the lawfulness of data processing and for safeguarding the rights of data subjects.
(2) The Controller shall ensure in particular that:
- a valid legal basis for the processing of personal data exists (Art. 6 GDPR);
- for special categories of personal data within the meaning of Art. 9(1) GDPR, the explicit consent of data subjects pursuant to Art. 9(2)(a) GDPR has been obtained, or another exception under Art. 9(2) GDPR applies;
- data subjects are informed about the data processing in accordance with Articles 13 and 14 GDPR;
- instructions to the Processor are properly documented;
- the necessary consents for the use of AI-powered processing have been obtained, where applicable.
(3) The Controller shall inform the Processor without undue delay if it identifies errors or irregularities in the processing of its data.
(4) The Controller is responsible for ensuring that data entered into the Service has been lawfully collected and that it is authorised to transmit such data to the Processor.
Section 15 — Liability
(1) The liability of the Parties shall be governed by the provisions of the GDPR, in particular Art. 82 GDPR, and by the provisions of the Main Agreement.
(2) The Processor shall be liable to data subjects for damages arising from data processing only if it has not complied with obligations of the GDPR specifically directed at processors, or if it has acted outside of or contrary to the lawful instructions of the Controller (Art. 82(2) GDPR).
(3) To the extent the Processor is held liable by data subjects or supervisory authorities for damages or violations attributable to an unlawful instruction, a missing legal basis, or other breach of duty by the Controller, the Controller shall indemnify the Processor, unless the Processor has independently committed a breach of duty.
Section 16 — Final Provisions
(1) Should any provision of this DPA be or become invalid or unenforceable, the validity of the remaining provisions shall not be affected. The Parties undertake to replace the invalid or unenforceable provision with a valid provision that most closely reflects the economic purpose of the invalid or unenforceable provision.
(2) Amendments and supplements to this DPA shall be made in text form.
(3) This DPA shall be governed by the laws of the Federal Republic of Germany. The jurisdiction clause of the Main Agreement shall apply to disputes arising out of or in connection with this DPA.
(4) This DPA shall enter into force upon execution of the Main Agreement.
Annex 1 — Register of Sub-Processors
As of: 15 March 2026
1. Approved Sub-Processors
| Nr. | Sub-Processor | Purpose | Location | Transfer | Safeguard |
|---|---|---|---|---|---|
| 1 | Google Ireland Ltd (Firebase Auth, Firestore, Storage, Hosting, Cloud Functions) | Authentication, database, file storage, hosting, server logic | Dublin, Ireland | Yes — partially Google LLC, USA | EU-U.S. DPF + SCCs + Google Cloud DPA |
| 2 | Google Gemini API — Google LLC | AI text extraction, translation, image generation | Mountain View, USA | Yes — USA | EU-U.S. DPF + SCCs + Generative AI DPA |
| 3 | Stripe Payments Europe, Ltd. / Stripe, Inc. | Payment processing | Dublin, Ireland / USA | Yes — partially USA | SCCs + EU-U.S. DPF + Stripe DPA |
| 4 | Sendinblue GmbH (Brevo) | Newsletter distribution | Berlin, Germany | No (EU) | Brevo DPA |
| 5 | Cal.com, Inc. | Appointment scheduling | San Francisco, USA | Yes — USA | EU-U.S. DPF |
2. Notes
(a) The Google Gemini API is used exclusively under the paid usage tier. Only under the paid tier do Google's Data Processing Addendum terms apply, ensuring that Customer Data is not used for training AI models. Use under the free tier is expressly prohibited, as the DPA terms do not apply under that tier.
(b) Google retains data processed via the Gemini API for a maximum of 55 days for abuse monitoring purposes. The data is automatically deleted thereafter.
(c) For Firebase services, primary data processing takes place within the European Union. Processing in the United States by Google LLC may occur in the context of maintenance, support, and infrastructure redundancy, and is covered by the safeguards described herein.
(d) Changes to this Annex shall be notified to the Controller in advance in accordance with Section 7(3) of this DPA.
Annex 2 — Technical and Organisational Measures (TOMs)
pursuant to Art. 32 GDPR
As of: 15 March 2026
Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor has implemented the following technical and organisational measures:
1. Physical Access Control
Measures to prevent unauthorised persons from gaining physical access to data processing facilities:
- The Service is operated entirely as a cloud-based SaaS service on Google Cloud infrastructure (Firebase). No proprietary servers or data centres are operated.
- Google Cloud maintains comprehensive physical security measures (access controls, video surveillance, security personnel, biometric access controls) for its data centres. Details can be found in Google's SOC 2 and ISO 27001 certifications.
- Development access to the Firebase console is carried out exclusively from secured devices with screen lock and up-to-date security software.
2. System Access Control
Measures to prevent data processing systems from being used by unauthorised persons:
- User authentication via Firebase Authentication using email/password combination. Passwords are stored using industry-standard hashing algorithms.
- Administrative access to the Firebase console and Google Cloud project is restricted to the Processor.
- Publicly accessible features (e.g. RSVP forms), which are intended to be used without authentication, are excluded from this restriction.
3. Data Access Control
Measures to ensure that authorised users can only access data within the scope of their access privileges:
- Role-based access control with three levels: system administration, customer management, and restricted end-user access. Each level has access only to data assigned to it.
- Firebase Firestore Security Rules: Document-based access rules that enforce at the database level that users can only access data assigned to them.
- Tenant separation: Logical separation of data through the Firestore database structure. Every data access is validated against the respective assignment.
- Access rights are reviewed where there is a specific reason to do so (e.g. changes to the role structure or security incidents).
4. Data Transfer Control
Measures to ensure that personal data cannot be read, copied, altered, or removed without authorisation during electronic transmission:
- Transport encryption: All data connections between client and server are carried out exclusively via HTTPS/TLS (minimum TLS 1.2).
- Encryption at rest: All data stored in Firebase Firestore, Firebase Storage, and Firebase Authentication is encrypted server-side using AES-256 (Google Default Encryption).
- API communication with sub-processors (Gemini API) is carried out exclusively via encrypted connections (HTTPS/TLS).
- API keys are not stored in the source code but are managed via Firebase environment variables or secure configurations.
5. Input Control
Measures to ensure that it can be subsequently verified whether and by whom personal data has been entered, modified, or removed:
- Google Cloud Admin Activity Logs for administrative operations (enabled by default).
- Firebase Authentication logs for sign-in events.
6. Instruction Control
Measures to ensure that personal data is processed solely in accordance with instructions:
- Contractual arrangements with all sub-processors (see Annex 1).
- Documented instructions pursuant to Section 4 of this DPA.
7. Availability Control
Measures to ensure that personal data is protected against accidental destruction or loss:
- Automatic data replication by Firebase/Google Cloud with geographic redundancy within the EU region. Additional backups may be configured as needed.
- The availability of the underlying Google Cloud infrastructure is governed by the applicable Google Cloud SLAs. The Provider does not provide an independent availability guarantee; Section 2(2) of the Main Agreement (GTC) shall apply.
8. Separation Control
Measures to ensure that data collected for different purposes is processed separately:
- Logical data separation through the Firestore database structure: Data is organised in tenant-specific subcollections.
- Firestore Security Rules enforce logical separation at the database level.
9. Measures for AI Data Processing (Google Gemini API)
- Use exclusively under the paid tier with a valid Data Processing Addendum.
- Under the paid tier, Google does not use Customer Data for training AI models.
- Data transmitted to the Gemini API is retained by Google for a maximum of 55 days for abuse monitoring purposes and is automatically deleted thereafter.
- Only data necessary for the respective processing purpose is transmitted to the Gemini API (data minimisation).
- Results of AI processing are stored exclusively within the context of the respective wedding project.
9a. Payment Data Processing Measures (Stripe)
- All payments are processed via Stripe, which is PCI-DSS Level 1 certified.
- Credit card numbers, expiration dates, CVV codes and IBAN are not processed or stored within the Service (Firebase).
- Only anonymized payment references are stored in Firestore (Stripe customer ID, subscription status, payment status).
- API communication with Stripe is exclusively conducted via HTTPS/TLS.
- Stripe API keys are managed via Firebase Cloud Functions Secrets (not stored in source code).
10. Additional Safeguards for Special Categories of Personal Data (Art. 9 GDPR)
In the course of using the Service, special categories of personal data may be processed (e.g. dietary data, information about ceremony type, and other sensitive information entered by the Customer in free-text fields). The following additional measures apply:
- Access restriction: Special categories of data are only visible within the context of the respective wedding project and accessible only to authorised users.
- Data minimisation: Data is collected only to the extent necessary for wedding planning.
- No profiling: Special categories of data are not used for profiling, analysis, or marketing purposes.
- AI processing: To the extent special categories of data are transmitted to the Gemini API in the course of AI features (e.g. translation, data extraction), they are subject to the Gemini API retention periods (maximum 55 days) and are used exclusively for the respective processing purpose.
- Encryption and deletion: The general measures set out in this Annex shall apply.
11. Review and Adaptation
The technical and organisational measures shall be reviewed where there is a specific reason to do so and adapted as necessary, in particular in the event of changes to the services employed or the risk landscape.