Privacy Policy

    Last updated: 11 July 2026

    Bimara ("we") provides a collaborative wedding planning app for couples. This policy explains what data we store, why, where, and what rights you have over it. We've tried to write this as plainly and honestly as we can — if anything is unclear, reach out at the address in the Contact section.

    What we store

    We store: (1) account data — your full name, email address, and password (stored as a hash, never as plain text); (2) wedding data — the couple's names, event date & venue, and other planning details you enter (checklist, budget, vendors, event rundown, savings, seserahan, uniforms); (3) guest data — the names and WhatsApp/phone numbers of guests you add for RSVP tracking, along with their attendance status; (4) photos/media you upload; (5) payment transaction records when you upgrade your account tier.

    Where data is stored

    Text data (accounts, wedding details, guests, checklist, etc.) is stored in a PostgreSQL database we run ourselves on Fly.io, in the Singapore region. Photos and media are stored on Cloudflare R2. We do not use Supabase or any other third-party database provider for this data.

    What data is used for

    Data is used only to run the planning features you use: showing your wedding dashboard, tracking guest RSVPs, sending transactional emails (account verification, partner-collaboration invites), and processing tier-upgrade payments. We do not sell your data, and we do not share it with third parties for advertising purposes.

    Who can see guest data

    Guest data (name, WhatsApp number, RSVP status) is only visible to you and the partner you share your wedding workspace with — that's the whole point of the collaborative planning feature. Guests themselves don't get an account; they only submit an RSVP through a public form/link.

    Third parties that process data

    To run the service, we use: Fly.io (server & database hosting), Cloudflare R2 (photo storage), and Midtrans (payment processing — we never store your card number; that's handled directly by Midtrans). We currently do not use any third-party analytics service (e.g. Google Analytics, PostHog) to track your usage — this policy will be updated if that changes.

    Cookies & local storage

    We use your browser's localStorage to keep your login session (access & refresh tokens) so you don't have to log in repeatedly. This is purely functional — it is not used for cross-site tracking.

    How long data is kept

    Data is kept as long as your account is active. You can delete your wedding, or your entire account, yourself from Settings — this is permanent and immediate, no waiting period. Deleting a wedding also removes your partner's access to it. Payment/transaction records are kept (with the account/wedding reference removed) for bookkeeping, even after deletion.

    Your rights over your data

    You can view and edit most of your data directly in the app (profile, wedding details, guest list, etc). For full data-access requests, corrections, or deletions that can't be done in-app, contact us. We operate in compliance with Indonesia's Personal Data Protection Law (UU PDP).

    Security

    Passwords are stored as bcrypt hashes, authentication uses signed JWTs (RS256), and all communication with our servers is encrypted over HTTPS.

    Changes to this policy

    We may update this policy as we add features. We'll announce material changes by email or in-app notice.

    Contact

    Questions about privacy? Reach us at contact@bimara.web.id.