Privacy Policy
Last updated: 11 July 2026
Bimara ("we") provides a collaborative wedding planning app for couples. This policy explains what data we store, why, where, and what rights you have over it. We've tried to write this as plainly and honestly as we can — if anything is unclear, reach out at the address in the Contact section.
What we store
We store: (1) account data — your full name, email address, and password (stored as a hash, never as plain text); (2) wedding data — the couple's names, event date & venue, and other planning details you enter (checklist, budget, vendors, event rundown, savings, seserahan, uniforms); (3) guest data — the names and WhatsApp/phone numbers of guests you add for RSVP tracking, along with their attendance status; (4) photos/media you upload; (5) payment transaction records when you upgrade your account tier.
Where data is stored
Text data (accounts, wedding details, guests, checklist, etc.) is stored in a PostgreSQL database we run ourselves on Fly.io, in the Singapore region. Photos and media are stored on Cloudflare R2. We do not use Supabase or any other third-party database provider for this data.
What data is used for
Data is used only to run the planning features you use: showing your wedding dashboard, tracking guest RSVPs, sending transactional emails (account verification, partner-collaboration invites), and processing tier-upgrade payments. We do not sell your data, and we do not share it with third parties for advertising purposes.
Who can see guest data
Guest data (name, WhatsApp number, RSVP status) is only visible to you and the partner you share your wedding workspace with — that's the whole point of the collaborative planning feature. Guests themselves don't get an account; they only submit an RSVP through a public form/link.
Third parties that process data
To run the service, we use: Fly.io (server & database hosting), Cloudflare R2 (photo storage), and Midtrans (payment processing — we never store your card number; that's handled directly by Midtrans). We currently do not use any third-party analytics service (e.g. Google Analytics, PostHog) to track your usage — this policy will be updated if that changes.
Cookies & local storage
We use your browser's localStorage to keep your login session (access & refresh tokens) so you don't have to log in repeatedly. This is purely functional — it is not used for cross-site tracking.
How long data is kept
Data is kept as long as your account is active. You can delete your wedding, or your entire account, yourself from Settings — this is permanent and immediate, no waiting period. Deleting a wedding also removes your partner's access to it. Payment/transaction records are kept (with the account/wedding reference removed) for bookkeeping, even after deletion.
Your rights over your data
You can view and edit most of your data directly in the app (profile, wedding details, guest list, etc). For full data-access requests, corrections, or deletions that can't be done in-app, contact us. We operate in compliance with Indonesia's Personal Data Protection Law (UU PDP).
Security
Passwords are stored as bcrypt hashes, authentication uses signed JWTs (RS256), and all communication with our servers is encrypted over HTTPS.
Changes to this policy
We may update this policy as we add features. We'll announce material changes by email or in-app notice.
Contact
Questions about privacy? Reach us at contact@bimara.web.id.