Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Mamahinga ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our wedding planning application at mamahinga.com (the "Service"). Mamahinga is operated from New South Wales, Australia.

We are committed to protecting your privacy and complying with applicable data protection laws, including the Australian Privacy Act 1988, the Australian Privacy Principles (APPs), and the European Union General Data Protection Regulation (GDPR).

1. Information We Collect

Information you provide directly

When you create an account and use the Service, we collect:

  • Account information: email address and password (passwords are encrypted and never stored in plain text)
  • Wedding details: partner names, wedding date, venue information, budget
  • Guest information: names, contact details, RSVP status, dietary requirements, meal preferences, seating assignments, and any notes you add
  • Supplier information: supplier names, contact details, pricing, booking status, payment records, and appointments
  • Planning data: checklist items, timeline events, gift records, and thank-you note content
  • Collaborator information: email addresses of people you invite to view your wedding plan

Information about third parties

The Service allows you to enter personal information about other people, such as wedding guests (names, contact details, dietary requirements, meal preferences) and suppliers (names, contact details). These individuals may not have accounts with us and may not have directly consented to our processing of their data.

We process this third-party data on your behalf and in accordance with this policy. You are responsible for ensuring that you have a lawful basis to provide this information to us — for example, that it is necessary for the legitimate purpose of planning your wedding. If any individual whose data you have entered contacts us to exercise their data protection rights, we will notify you and work with you to respond appropriately.

Information collected automatically

When you access the Service, we may automatically collect:

  • Usage data: pages visited, features used, actions taken within the app
  • Device data: browser type, operating system, screen resolution
  • Connection data: IP address, approximate location (country/region level only), access times

We do not use this data to identify you personally. It is used in aggregate to improve the Service.

Cookies and similar technologies

Essential cookies (currently active): We use cookies that are strictly necessary for the Service to function, including authentication session cookies that keep you logged in. These cannot be disabled without breaking the Service. No consent is required for essential cookies under GDPR or the Australian Privacy Act.

Analytics cookies (may be introduced): We may in future use analytics tools to understand how the Service is used. If and when we introduce analytics cookies, we will update this policy, provide clear notice within the Service, and — where required by law — obtain your consent before activating them. Analytics cookies will not track you across other websites.

Marketing and advertising cookies (may be introduced): We do not currently use marketing or advertising cookies. If we introduce them in the future, we will update this policy and obtain your explicit consent before they are activated. You will be able to opt out at any time.

Your browser controls: You can manage cookies through your browser settings at any time. Blocking essential cookies will prevent the Service from functioning correctly.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Sync your wedding data across devices and between collaborators in real time
  • Send transactional emails (account confirmation, password reset, partner invitations)
  • Send service-related communications (important updates, data retention notices, security alerts)
  • Monitor for security issues, prevent fraud, and enforce our Terms of Service
  • Understand how the Service is used so we can improve it
  • Comply with legal obligations

We do not:

  • Sell your personal information to third parties
  • Share your data with advertisers
  • Use your wedding data for marketing purposes without your explicit consent
  • Display advertising within the Service

Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. If we introduce any automated decision-making in the future, we will update this policy and, where required by GDPR, provide you with the right to opt out and request human review.

Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal information are:

  • Contract performance: processing necessary to provide the Service you signed up for
  • Legitimate interests: improving the Service, preventing fraud, ensuring security
  • Consent: where you have given explicit consent (e.g., marketing emails, non-essential cookies)
  • Legal obligation: where processing is required by law

3. How We Share Your Information

We share your information only in the following circumstances:

With your collaborators: When you invite a partner or viewer to your wedding plan, they can see the wedding data you have granted them access to. You control what each collaborator can see through the permissions you set at the time of invitation.

With service providers: We use a limited number of third-party services to operate the Service, including providers for:

  • Cloud database hosting and user authentication
  • Email delivery (transactional and marketing)
  • Web hosting and content delivery
  • Error monitoring and analytics

These providers process your data only on our behalf and under our instructions. They are contractually required to protect your data, use it only for the purposes we specify, and delete it when no longer needed. We select providers that maintain appropriate security standards and, where relevant, offer GDPR-compliant data processing agreements.

For legal reasons: We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is reasonably necessary to protect the rights, safety, or property of Mamahinga, our users, or the public.

Business transfers: If Mamahinga is acquired, merged, or sells assets, your information may be transferred as part of that transaction. We will notify you by email before your information becomes subject to a different privacy policy and give you the opportunity to delete your account before the transfer.

We do not share your information with any other third parties.

4. Data Storage and Security

Your data is stored on secure cloud infrastructure. We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encrypted password storage using industry-standard hashing
  • Row-level security ensuring users can only access their own wedding data
  • Regular security reviews of our infrastructure and codebase
  • Access controls limiting who can access production systems

While we take reasonable steps to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk.

Data location

Your data is processed and stored in data centres that may be located outside your country of residence, including in the United States. The specific countries where your data is processed may change as we update our infrastructure. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place as required by GDPR, including Standard Contractual Clauses or equivalent mechanisms. If the countries where we process data change materially, we will update this policy.

5. Data Retention

We retain your data as follows:

  • Active accounts: Your wedding data is retained for as long as your account is active and you are using the Service.
  • Inactive accounts: If your account is inactive for 18 consecutive months, it transitions to read-only mode. After a further 12 months of inactivity (30 months total), your data is scheduled for permanent deletion.
  • Account deletion: If you delete your account, your data is permanently removed within 30 days. Some data may persist in encrypted backups for up to 90 days before being purged.
  • Collaborator data: If the wedding owner deletes their account or wedding, all collaborators lose access to that wedding's data. Collaborator accounts themselves are not deleted — only their association with the deleted wedding.
  • Anonymised data: We may retain anonymised, aggregated data that can no longer identify any individual (such as average guest counts or feature usage statistics) indefinitely for the purpose of improving the Service. This data cannot be linked back to you or your account.

We will notify you by email before any data deletion occurs due to inactivity, giving you the opportunity to log in and reactivate your account.

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR
  • Notify the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme under the Australian Privacy Act
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Document the breach, its effects, and the remedial actions taken

7. Your Rights

All users

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your data in a portable format
  • Withdraw consent for optional processing (e.g., marketing emails, non-essential cookies)

Additional rights under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, United Kingdom, or Switzerland, you also have the right to:

  • Restrict processing of your personal information in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability — receive your data in a structured, machine-readable format
  • Lodge a complaint with your local data protection authority

Additional rights under Australian Privacy Act

If you are located in Australia, you have the right to:

  • Access your personal information held by us
  • Request correction of inaccurate information
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Australian Privacy Principles

To exercise any of these rights, contact us at hello@mamahinga.com. We will respond within 30 days (or within the timeframe required by applicable law).

8. Children's Privacy

The Service is not intended for anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will delete it promptly.

9. Marketing Communications

We may send you marketing emails about the Service if you have opted in or if you are an existing user (where permitted by law). Every marketing email includes an unsubscribe link. You can opt out at any time.

Transactional emails (password resets, account confirmations, partner invitations, inactivity notices) are not marketing and cannot be unsubscribed from while your account is active — they are necessary for the Service to function.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes — particularly changes to how we collect, use, or share your data, or changes to cookie practices — we will notify you by email or by displaying a prominent notice within the Service at least 14 days before the changes take effect.

The "Last updated" date at the top of this page indicates the most recent revision. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have a privacy concern, contact us at:

Email: hello@mamahinga.com

If you are not satisfied with our response, you may lodge a complaint with:

  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
  • EU/EEA: Your local data protection authority
  • UK: Information Commissioner's Office (ICO) — www.ico.org.uk