Privacy Policy.

Invyte is operated by Balder Sandstrøm, based in Denmark. We are the data controller for the personal data described in this policy. You can reach us at support@invyte.dk.

We collect only what is needed to run Invyte:

• Account data. Your name, email and authentication identifiers, handled by our auth provider Clerk.
• Content you create. Events, messages, photos, videos and reactions you share inside the app.
• Notification tokens. A device push token, via Google's Firebase Cloud Messaging, so we can deliver notifications about your events and chats.
• Purchase data. When you upgrade an event, our payments partner RevenueCat records which product you bought and a purchase identifier. Apple processes the payment itself — we never receive your card details.
• Usage data. Privacy-respecting product analytics (for example, that an event was created or a message sent) to understand how features are used and improve the app.
• Technical data. Basic logs (IP address, device type, timestamps) needed to keep the service running and secure.

We do not sell your data, do not show ads, and do not build advertising or marketing profiles about you.

We process your data to deliver the service you signed up for: letting you create events, invite friends, chat and share media. Our legal basis under GDPR is the contract between you and us Art. 6(1)(b) and, for security logs, our legitimate interest in keeping the service safe Art. 6(1)(f).

We rely on a small set of sub-processors. They only access data to run the parts of the service we use them for:

• Clerk. Authentication and account management (privacy).
• Convex. Application database and real-time backend (privacy).
• RevenueCat. In-app purchase management (privacy).
• PostHog. Product analytics (privacy).
• Google (Firebase Cloud Messaging). Push notification delivery (privacy).
• Mapbox. Map tiles and rendering (privacy).
• Bunny.net. Hosting and content delivery (privacy).

We keep your account and content for as long as your account exists. When you delete your account, we remove your identity and personal data — your name, email, profile photo, bio, your connections, your notifications and settings, and your private direct messages. This happens right away and cannot be undone; any remaining copies, including backups, are purged within 30 days. We keep only what we are legally required to (for example, security logs, for up to 90 days).

Content you shared with other people is not erased, because it is part of their experience too — for example, photos you added to a shared event, your messages in a group or event chat, and your posts in an event's feed. We keep that content but disconnect it from you: your name and profile are removed and it appears as a deleted user, so it no longer identifies you.

You can start a deletion from inside the app or from our account deletion page, which explains exactly what is removed and what stays.

Under GDPR you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. To exercise any of these, email us at support@invyte.dk and we will respond within 30 days. If you believe we are mishandling your data, you can also lodge a complaint with the Danish Data Protection Authority, Datatilsynet.

Invyte is not directed to children under 16. If you believe a child has created an account, contact us and we will remove it. For our full standards against child sexual abuse and exploitation, including how to report concerns, see our Child Safety Standards.

If we materially change how we handle your data, we will update this page and adjust the "last updated" date above. Continuing to use Invyte after a change means you accept the updated policy.