Privacy Policy

The data controller for the personal data described in this policy is The Muslim Studio. For any privacy questions or to exercise your rights, contact us at oneinvite@themuslimstudio.com.

• Contact details — the email address you provide to publish an invite, verify your identity, or receive notifications.
• Invite content — the names, dates, locations, messages and any images you add to an invitation you create and store with us.
• Payment data — when you purchase an unlock or custom work, payment is processed by Stripe. We receive confirmation of payment and limited transaction details, but we do not collect or store your full card number.
• Technical data — IP address, device and browser information, and basic usage data collected automatically to operate, secure and improve the Service.

We use your personal data to:

• create, store and display the invitations you design;
• send transactional emails such as verification codes, publishing confirmations and invite links;
• process payments and provide the features you have purchased;
• provide support and respond to your enquiries;
• protect the Service against fraud, abuse and security threats; and
• comply with our legal obligations.

We rely on the following legal bases under the UK GDPR:

• Contract — to provide the Service you have requested, including creating and delivering your invitations and processing payments.
• Legitimate interests — to secure, maintain and improve the Service, and to prevent abuse, balanced against your rights.
• Consent — where required, for example for any optional marketing communications, which you can withdraw at any time.
• Legal obligation — to comply with applicable laws, including tax and accounting requirements.

We do not sell your personal data. We share it only with trusted service providers who process it on our behalf, including:

• Stripe — payment processing;
• Email delivery provider — sending verification and notification emails;
• Hosting and infrastructure providers — operating the Service.

We may also disclose data where required by law or to protect our rights, users or the public.

We use cookies and similar technologies (such as browser local storage) to operate the Service, remember your preferences and — only with your consent — measure how the Service is used. The cookies we use fall into the following categories:

• Strictly necessary — these are required for the Service to function and cannot be switched off. They include a sign-in cookie that keeps you logged in to your account and a cookie that remembers your cookie-consent choice. We do not need your consent for these.
• Analytics (Google Analytics) — we use Google Analytics 4 to understand how the Service is used so we can improve it. These cookies are only set if you accept analytics in our cookie banner, and you can withdraw your consent at any time. Analytics is provided by Google, whose use of data is governed by the Google Privacy Policy at policies.google.com/privacy.
• Security (reCAPTCHA) — we use Google reCAPTCHA to protect our forms against spam and abuse. reCAPTCHA may set cookies and collect device and usage information, and is subject to the Google Privacy Policy and Terms of Service at policies.google.com/privacy and policies.google.com/terms.
• Payments (Stripe) — when you make a purchase, Stripe may set cookies to process the payment and help prevent fraud. These are governed by Stripe’s privacy policy at stripe.com/privacy.

You can manage your analytics choice at any time through the cookie banner, and you can block or delete cookies through your browser settings. Blocking strictly necessary cookies may stop parts of the Service from working.

Some of our providers may process data outside the UK or European Economic Area. Where this happens, we rely on appropriate safeguards such as UK adequacy regulations, the International Data Transfer Agreement or Standard Contractual Clauses to protect your data.

We keep your personal data only for as long as necessary for the purposes described above. Invite content is retained while your invitation remains active and for a reasonable period afterwards; transaction records are kept for as long as required by tax and accounting law. You can ask us to delete your data sooner, subject to any legal obligations we have to retain it.

Subject to applicable law, you have the right to access, correct, delete or restrict the processing of your personal data, to object to certain processing, to data portability, and to withdraw consent where we rely on it. To exercise any of these rights, contact us at oneinvite@themuslimstudio.com. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or your local supervisory authority.

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

The Service is not directed at children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. We will update the “last updated” date above and, where changes are material, take reasonable steps to notify you.

For any questions about this policy or your personal data, contact us at oneinvite@themuslimstudio.com.