GDPR Compliance
Your data, your rights
GuestlistOnline is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page explains your rights and how we handle your personal data.
1. Your Data Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of any inaccurate personal data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Portability
Receive your data in a machine-readable format.
2. What Data We Collect
Account Information
- Name and email address
- Profile picture (optional)
- Phone number (optional)
- Company/organization name (optional)
Event Data
- Events you create or manage
- Guest lists and attendee information
- Check-in records
- Payment transactions
Usage Data
- Pages visited and features used
- Device and browser information
- IP address (anonymized for analytics)
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Providing our service | Contract |
| Processing payments | Contract |
| Sending service emails | Contract |
| Customer support | Legitimate Interest |
| Improving our service | Legitimate Interest |
| Marketing communications | Consent |
4. Data Retention
- Account data: Until you delete your account
- Event data: 2 years after the event, or until deletion
- Payment records: 7 years (legal requirement)
- Analytics data: 26 months (anonymized)
5. Data Security
We implement industry-standard security measures:
- 256-bit SSL/TLS encryption for all data transmission
- Encrypted storage for sensitive data
- Regular security audits and penetration testing
- Access controls and audit logging
- GDPR-compliant data centers in the EU
6. Data Sharing
We share your data only with:
- Event organizers: When you register for their event
- Payment processor (Stripe): To process payments
- Infrastructure providers: For hosting (Supabase, Vercel)
We never sell your personal data to third parties.
7. Where Your Data Is Stored (International Transfers)
Your personal data is stored in the European Union. Our primary database is hosted in the EU (AWS eu-central-1, Frankfurt, Germany). All guest information, event data, and account records are stored exclusively in EU data centers.
Our application uses a multi-region infrastructure that routes requests to the nearest data center for optimal performance. For users based in the European Union, all data processing occurs within the EU (Frankfurt, Germany). Users in other regions are routed to their nearest regional data center (e.g., Washington DC for North America).
Where we use subprocessors that may process data outside the EU (for example, payment processing via Stripe or email delivery), appropriate safeguards are in place. Our subprocessors who process data outside the EU operate under Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Self-service options in your account settings:
- Download all your personal data (JSON export)
- Update your profile information
- Delete your account and all associated data
- Email us at go@guestlistonline.com
- Use our contact form
We will respond to your request within 30 days.
9. Privacy Contact
For any privacy-related questions or to exercise your data rights, you can contact us at:
Email: go@guestlistonline.com
10. Complaints
If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).
Ready to streamline your event management?
Join thousands of organizers who trust GuestlistOnline for their events. Get started in minutes — no credit card required.