1. Introduction

WeddingRunbook ("we", "our", or "us") is a wedding workflow management tool for photographers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at weddingrunbook.com.

WeddingRunbook's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2. Information We Collect

Account Information

When you sign up, we collect your email address and password through Amazon Cognito for authentication purposes.

Wedding & Business Data

You may enter wedding details (couple names, dates, venues, tasks), financial information (invoices, quotes, payments), and other business data. This data is stored securely and is only accessible to you.

Google Integrations (Calendar & Gmail)

If you connect your Google account, we store OAuth tokens to act on your behalf. Depending on which integrations you enable, we may access Google Calendar to create and manage events, and/or Gmail to send emails to your clients on your behalf. We request only the minimum scopes necessary for each feature and only access data required to perform the specific action you initiate or authorise.

Email Content

When the Gmail integration is active, we compose and send emails on your behalf to your clients. Outbound email content (recipient, subject, body) is processed transiently to complete the send and is not stored permanently in our systems beyond what is necessary to log the action within the app.

Uploaded Files

You may upload images (e.g., cover photos). These files are stored securely in Amazon S3 and are only accessible to your account.

3. How We Use Your Information

To provide and maintain the WeddingRunbook service
To authenticate your identity and secure your account
To sync events with your Google Calendar when you enable the integration
To send emails to your clients on your behalf via Gmail when you enable the integration
To send transactional emails (e.g., account notifications)
To improve the service based on usage patterns

We do not use Gmail data to serve advertisements. We do not allow humans to read your email content except as required to investigate a reported security issue, comply with applicable law, or provide support you have explicitly requested.

4. Data Storage & Security

Your data is stored in AWS infrastructure (DynamoDB, S3, Cognito) within secure, encrypted environments. All data is owner-protected — only you can access your own data. We use HTTPS for all data transmission. OAuth tokens for Google integrations are encrypted at rest and are never exposed to other users.

5. Third-Party Services

We use the following third-party services:

Amazon Web Services (AWS) — hosting, database, authentication, file storage
Google Calendar API — optional calendar integration (requires your explicit consent)
Gmail API — optional email integration for sending client emails on your behalf (requires your explicit consent)

We do not sell, trade, or share your personal data or your Gmail data with any third parties for marketing purposes. Google user data obtained via the Gmail API is used solely to provide the features described in this policy and is not transferred to any other party.

6. Google Calendar Integration

When you connect Google Calendar, we request the https://www.googleapis.com/auth/calendar.events and userinfo.email scopes. The calendar scope allows us to create, update, and delete events on your behalf; the email scope identifies the connected Google account. We:

Only push events you explicitly create (weddings, photoshoots, appointments, wedding day timeline items)
Do not read or access your existing calendar events
Store OAuth tokens securely in our database, associated with your account
Allow you to disconnect the integration at any time from Settings → Integrations

7. Gmail Integration

When you connect Gmail, we request the https://www.googleapis.com/auth/gmail.send and userinfo.email scopes. The send scope allows us to send emails on your behalf; the email scope identifies the connected Google account. Specifically, we use this access to:

Send client-facing emails (e.g., booking confirmations, questionnaire links, invoice notifications) from your Gmail address

Limitations on use of Gmail data:

Gmail data is used only to provide and improve the email features within WeddingRunbook
We do not use Gmail data for advertising or to build advertising profiles
We do not allow third parties to access Gmail data except as necessary to operate the service (e.g., AWS infrastructure)
Outbound email content is processed transiently and not stored beyond what is needed to log the action in the app
You can disconnect the Gmail integration at any time from Settings → Integrations, which immediately revokes our access

Our use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements.

8. Data Retention & Deletion

Your data is retained as long as your account is active. You may request deletion of your account and all associated data by contacting us. Upon deletion, all wedding data, files, and integration tokens will be permanently removed. Outbound email content processed via the Gmail integration is not permanently stored and is not retained after the send action is complete.

9. Your Rights

You have the right to:

Access and export your data
Correct inaccurate information
Delete your account and all associated data
Disconnect third-party integrations (Google Calendar, Gmail) at any time from Settings → Integrations
Revoke Google OAuth permissions directly from your Google Account permissions page

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page. For material changes, we will notify you via the Service or email.

11. Contact

If you have questions about this Privacy Policy, contact us at studio@weddingrunbook.com.