How is my data encrypted?

Data in transit is protected with TLS. Data at rest is stored on encrypted volumes managed by our cloud provider.

Who processes payments?

Paddle is our Merchant of Record and processes all payments in compliance with PCI DSS. MomentInvites does not store full payment card details.

How do I delete my data?

Email support@momentinvites.com to request deletion. We will securely delete or anonymize your personal information in line with our retention policy.

How do I report a security issue?

Email support@momentinvites.com with details. We investigate all reports promptly and will respond with next steps.

Trust & Security

Last updated: June 18, 2026

1. Overview

This page is maintained by MomentInvites to answer common security, privacy, and trust questions about our service. It describes the controls and practices we have in place to protect your data and keep your events secure. This page is not an independent certification.

2. Access & Authentication

We use industry-standard authentication mechanisms to protect your account. Passwords are hashed and never stored in plain text. Sessions are managed with secure, signed tokens, and access to production systems is restricted to authorized personnel only. We support sign-in with email and Google.

3. Platform & Hosting

MomentInvites runs on modern cloud infrastructure designed for high availability and security. The application is served from a globally distributed edge runtime with automatic scaling and DDoS protection. Our database and storage providers maintain physical, network, and environmental security controls on our behalf.

4. Data Collection & Use

We collect only the data necessary to provide our service — account information (name, email), event details you create, guest lists, RSVPs, and any photos or media you upload. We do not sell your personal data. For a full description of what we collect, why, and your choices, see our Privacy Notice.

5. Data Handling & Storage

Event content (invitations, guest lists, RSVPs, uploaded photos) is stored in row-level-secured database tables and object storage buckets that scope access to the owning account and the specific guests you share links with. Preview/share links use unguessable tokens. Server-side handlers validate every read and write against these access rules.

6. Data Encryption

Data in transit is protected using TLS (HTTPS) between your browser, our edge runtime, and our backend providers. Data at rest is stored on encrypted volumes managed by our cloud database and storage providers. Secrets and API keys are stored in a managed secrets vault and never committed to source code.

7. Payments

All payments are processed by Paddle, our Merchant of Record. Paddle handles payment data in compliance with PCI DSS, manages tax collection where applicable, and issues receipts. MomentInvites does not see or store your full payment card details — we only receive the order status and a transaction reference.

8. Subprocessors

We rely on a small set of trusted subprocessors to operate the service: a cloud hosting and database provider, an object storage provider for uploads, Paddle for payments, and an email delivery provider for transactional and notification emails. Each is bound by their own terms and security commitments.

9. Cookies & Analytics

We use essential cookies to keep you signed in and maintain your session. We may use privacy-respecting analytics to understand aggregate usage and improve the product. You can manage cookie preferences through your browser settings.

10. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the service and meet legal obligations (for example, payment records). When you delete your account or request data removal, we securely delete or anonymize your personal information in accordance with our retention policy. Backups age out on a rolling schedule.

11. Your Rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data. To exercise any of these rights, email support@momentinvites.com from the address associated with your account.

12. Trust & Safety

MomentInvites is intended for legitimate event invitations and the people who organize them. We do not allow the platform to be used to harass, threaten, or defraud others; to upload illegal content (including CSAM); to send unsolicited bulk email; or to impersonate another person or brand. We act on credible reports and may suspend accounts or remove content that violates these rules.

If you see content or behavior on MomentInvites that you believe is abusive, illegal, or violates these rules, please report it to support@momentinvites.com with a link and a brief description. We aim to acknowledge reports within two business days.

13. Security Disclosure

If you discover a security vulnerability, please email support@momentinvites.com with a clear description and reproduction steps. Please give us a reasonable window to investigate and remediate before public disclosure. We take all reports seriously and will respond with next steps.

14. Support & Contact

For account, billing, privacy, or trust-and-safety questions, contact us at support@momentinvites.com. Related policies: Privacy Notice · Terms · Refund Policy.

15. Changes to This Page

We may update this page from time to time to reflect changes in our practices or service. The "Last updated" date above always reflects the most recent revision.