Privacy Policy

Last updated: May 2, 2026

InYourWords.ai is operated by Big Push B.V., a private limited company registered in the Netherlands under KvK number 93211341, with its registered office at Johannes Verhulststraat 115 Hs, 1071MZ Amsterdam, The Netherlands.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the Dutch Implementation Act of the GDPR (UAVG), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable data protection laws.

This policy explains what data we collect, why we collect it, who we share it with, how long we keep it, and what rights you have.

1. What we collect

When you use InYourWords.ai, we collect the following categories of personal data:

Account and contact information

• Email address, required to deliver your speech and any transactional or support emails.

Payment information

• Card details and billing information are submitted directly to Stripe and never touch our servers. We never see, receive, or store your card number, CVV, or full billing details.
• We retain a Stripe customer ID, transaction ID, and amount charged for our records and tax compliance.

Intake content

• The stories, memories, names, and details you submit through our intake form to generate your speech.
• This includes information about the wedding couple, the speaker (you), and the people and events described in your memories.
• This is the most sensitive category of data we collect because it can include personal information about third parties (the couple, family members, friends).

Editor and refinement content

• After your speech is generated, you can use post-purchase editor tools to rewrite paragraphs, ask for coaching, generate cue cards, or refine specific sections. The text you submit through these tools is sent to a separate AI provider from the one that generates the original speech (see Section 3).

Technical and usage data (collected only when you consent to analytics cookies)

• IP address, used briefly for geographic location lookup and then immediately discarded by PostHog. We do not store your IP.
• Browser type, operating system, device type, screen size.
• Pages visited, time on page, click and scroll behavior.
• Referrer URL (the page or ad you came from).
• UTM campaign parameters when you arrive from a tracked link.

Session recordings (collected only when you consent to analytics cookies)

• We record visual playback of how you interact with the site, using PostHog Session Replay.
• All form input fields are automatically masked. This includes email fields, name fields, and the free-text areas where you write personal stories. We see that you typed something, not what you typed.
• See Section 5 for full details on session replay.

2. How we use your data

We use your personal data to:

1. Generate your wedding speech by sending your intake content to OpenAI’s API, using their GPT-5 model. This is the only purpose for which intake content is processed.
2. Provide post-purchase editor features (paragraph refinements) by sending the speech text you choose to refine to OpenAI’s API, using their GPT-5 model. These features are only available in the editor after your speech is generated.
3. Deliver your speech by emailing it to the address you provide, using Resend.
4. Process your payment through Stripe.
5. Provide customer support if you contact us.
6. Improve our service by analyzing aggregated usage patterns through analytics tools, only when you consent.
7. Measure advertising performance when you arrive from an ad we have placed on Meta platforms (Facebook, Instagram), only when you consent to advertising cookies.
8. Maintain service reliability through error tracking and performance monitoring. These run as legitimate-interest processing (GDPR Article 6(1)(f)) and do not require your consent because they are technically necessary to keep the site working.

We do not use your personal stories or memories to train AI models. We do not sell your personal information.

3. Data processors

We rely on the following third-party services to deliver InYourWords.ai. Each is a data processor under GDPR Article 28. We rely on each provider’s standard Terms of Service and the Standard Contractual Clauses incorporated therein for international data transfers; we have not signed separate Data Processing Agreements with these providers.

Speech generation (OpenAI)

When you submit your intake form, your content is sent to OpenAI to generate your speech. OpenAI is the only AI provider that receives your intake content.

OpenAI Privacy Policy | OpenAI API Data Usage Policy

Editor and refinement (OpenAI)

After your speech is generated, the editor lets you refine specific paragraphs. The text you submit through these refinement features is sent to OpenAI’s GPT-5 API — the same provider used for speech generation.

Payment

Card details are sent directly from your browser to Stripe and never pass through our servers.

Stripe Privacy Policy

Email delivery

Resend Privacy Policy

Hosting and infrastructure

• Vercel Privacy Policy
• Upstash Privacy Policy

Analytics (only with your consent)

We have configured PostHog to use the European Union region, so all analytics data and session recordings are hosted in the EU and do not leave the EU.

• PostHog Privacy Policy
• Google Analytics Privacy Policy
• Vercel Analytics Privacy

Advertising (only with your consent)

Meta Privacy Policy

Service monitoring (legitimate interest, no consent required)

These tools collect technical metadata and error information only. They do not collect your intake content. Sentry is configured to scrub user-submitted form content from error reports.

4. Cookies and tracking technologies

We use four categories of cookies and tracking technologies:

Essential cookies (always active)

These keep the site working: session management, security, basic navigation, and remembering your cookie preferences. You cannot disable these without breaking core functionality. They do not require your consent under GDPR Article 5(3) of the ePrivacy Directive.

Analytics cookies (require your consent)

We use PostHog, Google Analytics, and Vercel Analytics to understand how visitors find and use our site. These tools set cookies and collect the technical and usage data described in Section 1.

Advertising cookies (require your consent)

We use Meta Pixel to measure the performance of ads we run on Facebook and Instagram. The Meta Pixel sets cookies and shares limited event data (page views, purchases) with Meta.

Service monitoring (legitimate interest, no consent required)

Sentry and Vercel Speed Insights collect anonymous technical information needed to keep the site running and performant. No personal identifiers are collected.

Managing your cookie preferences

When you first visit our site, you see a cookie banner with three options:

• Accept: enables analytics and advertising cookies in addition to essential cookies.
• Reject: keeps only essential cookies; analytics and advertising are disabled.
• Manage preferences: opens a detailed view where you can review what each category does before deciding.

You can change your choice at any time. Use the Manage cookie preferences button below to re-open the consent banner.

We honor Global Privacy Control (GPC) signals as opt-out requests where this is legally required.

5. Session replay disclosure

We use PostHog Session Replay to record visual playback of how visitors interact with the site. This feature deserves separate disclosure because of how detailed the data is.

What is recorded:

• Mouse movement, clicks, scrolling, and page navigation
• Page load and rendering events
• The structure of the pages you view (HTML and CSS)

What is not recorded:

• The text you type into form fields. All input fields, including email and the free-text areas where you write personal stories, are masked. The recording shows that you typed something, not what you typed.
• Your IP address. PostHog discards it after geographic lookup; it is never stored in the recording.
• Your password (we do not have password fields, but if we ever do, they are automatically masked).

Other safeguards:

• Recordings are stored in the PostHog European Union region and do not leave the EU.
• Recordings are kept for 30 days, then permanently deleted.
• Session replay only runs when you have consented to analytics cookies. If you reject analytics, no recordings are made.

If you have specific concerns about session replay, contact us at support@inyourwords.ai and we will exclude your sessions from recording.

6. Data retention

We keep your data only as long as needed to deliver our service and meet legal obligations. Specific retention periods:

The longer retention window for speech and intake content (up to 180 days after your wedding) exists so you can return to your speech for review, edits, or as a keepsake during the period around your wedding day.

After the relevant retention period, your data is automatically deleted from our active systems. Backup copies may persist for up to 35 additional days due to backup rotation, after which they are also deleted.

You can request earlier deletion at any time. See Section 8.

7. International data transfers

Most of our processors are located in the United States. Following the Schrems II ruling (Court of Justice of the European Union, July 2020), the European Commission has not issued a standalone adequacy decision for the US covering all processors we use. International transfers therefore rely on:

• Standard Contractual Clauses (SCCs) as adopted by the European Commission, incorporated into each processor’s Terms of Service.
• Supplementary measures including encryption in transit (TLS 1.2 or higher) and encryption at rest where supported by the processor.
• EU data hosting where available: PostHog uses its European Union region so analytics data and session recordings stay in the EU.

If you have specific concerns about international transfers, contact us at support@inyourwords.ai.

8. Your rights under GDPR

If you are in the European Union, the European Economic Area, or the United Kingdom, you have the following rights under GDPR Articles 12 to 23:

• Right of access (Article 15): request a copy of the personal data we hold about you.
• Right to rectification (Article 16): request correction of inaccurate or incomplete data.
• Right to erasure (Article 17), also known as the right to be forgotten: request deletion of your data. We honor this except where retention is required by law (for example, Stripe payment records).
• Right to restrict processing (Article 18): request that we limit how we use your data.
• Right to data portability (Article 20): receive your data in a structured, machine-readable format.
• Right to object (Article 21): object to processing based on legitimate interest, including any profiling.
• Right to withdraw consent (Article 7(3)): withdraw your consent for analytics or advertising at any time. Use the Manage cookie preferences button on this page.

To exercise any of these rights, email us at support@inyourwords.ai. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl. You can also complain to the supervisory authority in your country of residence.

9. Your rights under US state laws

If you are a resident of California, Virginia, Colorado, Connecticut, Texas, or another US state with comprehensive privacy law, you have additional rights:

• Right to know: request information about the personal data we have collected about you and how it is used and shared.
• Right to delete: request deletion of your personal information, subject to legal retention requirements.
• Right to correct: request correction of inaccurate personal information.
• Right to opt out of “sale” or “sharing”: see below.
• Right to non-discrimination: we will not discriminate against you for exercising these rights.

On “sale” and “sharing” of personal information

We do not sell your personal information for money.

The Meta Pixel, when you have consented to advertising cookies, shares limited event data with Meta for advertising performance measurement. Under California’s CCPA as amended by the CPRA, this may qualify as “sharing for cross-context behavioral advertising.” If you are a California resident and want to opt out of this sharing, you can do so by:

1. Rejecting advertising cookies through our cookie banner (the Reject button or the Manage cookie preferences button on this page).
2. Sending an email to support@inyourwords.ai with the subject line “Do Not Sell or Share My Personal Information.”

We honor Global Privacy Control (GPC) signals as opt-out requests for residents of states where this is legally required.

Categories of personal information we collect (CCPA disclosure)

• Identifiers (email address, IP address temporarily, device identifiers via cookies)
• Personal stories and memories submitted through our intake form
• Commercial information (purchase records)
• Internet activity (browsing on our site, when you consent to analytics)
• Inferences (none drawn beyond service delivery)

How to exercise your rights

Email support@inyourwords.ai. We will respond within 45 days. We may need to verify your identity before disclosing or deleting data, typically by confirming you can receive email at the address tied to your purchase.

10. Children

InYourWords.ai is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to our service, contact us at support@inyourwords.ai and we will delete it.

11. AI-generated content disclosure

InYourWords.ai uses artificial intelligence to generate personalized wedding speeches and to power post-purchase editor features.

• Your intake content (the stories and details you submit) is sent to OpenAI’s API using GPT-5 to generate your speech. This is the only purpose for which intake content is processed.
• After your speech is generated, post-purchase editor refinements send the paragraph text you choose to refine to OpenAI’s API using GPT-5 — the same provider used for the initial generation.
• Your personal content is not used to train AI models. Per OpenAI’s published API data usage policy, content sent through the API is not used to train their general models.
• AI-generated content may not be eligible for copyright protection under current US law.
• You are responsible for reviewing your speech for factual accuracy before delivery.
• By purchasing, you receive a perpetual, non-exclusive license to use your generated speech for personal purposes.

12. Security

We protect your data through:

• Encryption in transit (TLS 1.2 or higher) for all connections.
• Encryption at rest where supported by our processors.
• Access controls limiting who at Big Push B.V. can view production data.
• Regular security updates to our software dependencies.
• Error tracking that scrubs user-submitted content from error reports.

No system is perfectly secure. If you believe your data has been compromised, contact us immediately at support@inyourwords.ai.

13. Changes to this policy

We may update this policy when our practices change or to reflect legal requirements. Material changes will be communicated through the website. The “Last updated” date at the top of this page reflects the most recent change. Your continued use of the site after a change constitutes acceptance of the updated policy.

14. Contact us

For privacy questions, requests, or to exercise your rights:

• Email: support@inyourwords.ai
• Mail: Big Push B.V., Johannes Verhulststraat 115 Hs, 1071MZ Amsterdam, The Netherlands
• KvK: 93211341

We aim to respond to all privacy inquiries within 30 days (45 days for US state-law requests).