Back to home

GDPR Data Processing Agreement

Data Processing Addendum

Last updated: December 14, 2025

1. Scope and purpose of the agreement

This GDPR Data Processing Agreement (Data Processing Addendum) forms an integral part of the contract between Anatole and the User. It applies to personal data processing operations carried out by Anatole on behalf of the User as part of the use of Anatole Services.

This document constitutes the GDPR Data Processing Agreement integrated into [Anatole's Terms of Service](/en/terms), in accordance with Article 7.3 of the Terms. It formalizes the respective obligations of the User (Data Controller) and Anatole (Data Processor) for the protection of Guests' personal data, pursuant to Article 28 of the GDPR.

The Parties acknowledge that, for these processing operations, the User is the Data Controller and Anatole acts as Data Processor within the meaning of Applicable Data Protection Regulations (GDPR and national laws).

The purpose of this Agreement is to define the conditions under which Anatole undertakes to process personal data on behalf of the User, as well as the rights and obligations of each party. It is concluded without separate signature, its acceptance being acquired through acceptance of the Terms of Service online.

Unless otherwise stated in this Agreement, the terms used have the definition given to them in the GDPR. In particular, "personal data", "data subject", "processing", "Data Controller", "Data Processor", "personal data breach" have the meaning attributed to them by Article 4 of the GDPR.

2. Description of processing operations carried out by Anatole

Anatole is authorized to process on behalf of the User the personal data necessary for the provision of Services as defined in the Terms of Service. The characteristics of these processing operations are summarized in the table below, in accordance with the requirements of Article 28 of the GDPR:

Categories of personal data processedProcessing purposesRetention periodAuthorized recipients
Identification and contact data of Guests (persons invited to the wedding): first name, last name, email address, phone number, relationship to the couple (family, friend, colleague), as well as any additional information provided by the User concerning their guests (e.g. dietary requirements, plus-one attendance, responses to different wedding moments, comments, gift registry contributions).Managing wedding organization and sending digital invitations. This includes sending invitations by email and SMS, tracking responses/RSVPs for each wedding moment (ceremony, cocktail hour, dinner, party, brunch), following up with non-respondents, communicating wedding-related information, managing the gift registry, and generally any purpose necessary for Anatole's service provision for the wedding. Data is processed only according to User instructions and is in no way used by Anatole for other purposes.Retention period: Guest data is retained for the duration necessary for wedding management, then deleted within a maximum of 90 days after the wedding date or contract termination, whichever comes first. The User can delete or extract Guest data at any time via the platform. In the absence of prior deletion by the User, data will be securely deleted according to the aforementioned timeline, subject to any longer legal retention obligations. Anatole may retain anonymized or aggregated data beyond this period for purely statistical purposes and service improvement (without identifiable personal data).Recipients: data is accessible only to: - Authorized Anatole personnel involved in service delivery (e.g. technical team for support or maintenance) bound by confidentiality obligations. - Anatole's sub-processors (secondary processors) involved in providing the Service, as detailed in section 4.4 below. - Legally authorized authorities who request it, in accordance with applicable law (e.g. judicial order), to the extent required by law. Anatole does not share Guest data with other categories of recipients and does not allow any access not authorized by the User.

Notes: The categories of data subjects concerned by these processing operations are mainly Guests designated by the User (family, friends, loved ones invited to the wedding). The User may also enter data concerning their co-organizers (e.g. contact details of a witness or family member helping with organization) on the platform – these User's user data generally fall under the User account itself and are processed as part of service operation (e.g. access management). Finally, the User's own data (such as their personal information, credentials) is processed by Anatole as Data Controller as part of contractual relationship management (see Anatole Privacy Policy), and is not detailed here as it falls outside the scope of this Agreement.

It is agreed that if the User uses the Services to process Data or categories of Data or for purposes other than those described above, they do so at their own risk. Anatole cannot be held responsible for non-compliance resulting from processing not provided for by the Parties. The User undertakes to use the platform only for the purposes for which it is intended, in accordance with the Terms of Service and this table.

3. User obligations (data controller)

As Data Controller, the User undertakes to:

  • Compliance and documented instructions: Fully comply with applicable personal data regulations (GDPR, national laws) for processing they carry out via Anatole. The User determines the purposes and means of processing entrusted to Anatole and guarantees that the instructions they give to Anatole are documented, compliant with the contract and regulations. Any User instruction exceeding the Service scope or contrary to regulations will not be executed by Anatole. The User will use the platform in accordance with contractual documents and will not instruct Anatole to process data in violation of laws.
  • Lawfulness of processed data: Ensure that personal data entrusted to Anatole has been collected and is processed by the User in compliance with the GDPR. This includes, without limitation: prior information to data subjects upon collection of their data, communicating all mandatory information (data controller identity, wedding invitation purpose, legal basis – consent or legitimate interest, data subject rights, etc.). The User must provide Guests with clear information, for example via their own privacy policy or text provided during email collection. When the legal basis for processing is consent (particularly for sending emails/SMS to individuals), obtain valid and demonstrable consent from each data subject prior to sending invitations. The User must be able to prove that the Guest has consented to receive invitations, or failing that, that sending is based on another valid legal basis (for example, legitimate interest with respected right to object). Take into account data subjects' objection rights (e.g.: if a Guest has objected to receiving solicitations, ensure they are no longer imported or invited). Generally, process via Anatole only adequate, relevant and limited data to what is necessary for the purposes pursued (minimization principle).
  • Accuracy and updating: Ensure the accuracy of Guest data and update it if necessary. Anatole provides tools allowing the User to rectify or delete data; it is the User's responsibility to respond to any rectification requests from data subjects. Anatole can, as far as possible, help the User maintain accurate data according to their instructions.
  • User security measures: Implement appropriate security measures on the User side to ensure data protection when using the platform. For example, the User must secure access to their account (strong passwords, two-factor authentication if available), and ensure data confidentiality when exporting or downloading information from Anatole.
  • Compliant platform use: Not misuse Anatole functionalities to collect or process sensitive or highly personal data without Anatole's prior agreement. The platform may contain free-form fields (for example, ability for the User to enter a personalized message) which are not intended to contain sensitive data (such as health data, racial origin, religious opinions, etc.). The User undertakes not to introduce such special data. Anatole disclaims all responsibility for non-compliant use of these fields by the User.
  • Cooperation: More generally, cooperate in good faith with Anatole to enable processing compliance. For example, in case of audit or information requests (see section 4.5), the User will participate within reason.

The User acknowledges that they retain full responsibility for Personal Data processed on their behalf. The User remains responsible for overall processing compliance vis-à-vis data subjects and authorities, as part of their obligations as Data Controller. Anatole assumes its Data Processor responsibility in accordance with Article 28 of the GDPR, particularly regarding security, confidentiality and cooperation. In case of violation by the User of their Data Controller obligations, the resulting financial and legal consequences fall under their responsibility, subject to Anatole's own responsibility as Data Processor.

4. Anatole obligations (data processor)

As Data Processor, Anatole undertakes to comply with the following obligations, in accordance with Article 28 of the GDPR:

4.1. Processing in accordance with instructions

Anatole will process Guests' personal data only on documented instruction from the User and for the sole purpose of providing the Services as defined in the Contract. This includes technical operations necessary such as hosting, storage, sending emails/SMS, formatting invitations, tracking responses, managing the gift registry, maintenance and support.

Anatole will not decide on the purposes or means of processing outside User instructions. Anatole will particularly refrain from any use of data for other purposes (own marketing, profiling, etc.), any sale or rental of data, and any merging of Guest data with other databases, except legal obligation to the contrary.

If Anatole considers that a User instruction constitutes a GDPR violation or other applicable provisions, it will promptly inform the User. Similarly, if Anatole is required by EU or national law to proceed with processing beyond instructions (e.g. disclosure by court order), it will inform the User before processing (unless law prohibits it for important public interest reasons).

4.2. Data confidentiality

Anatole guarantees that personal data processed on behalf of the User will be kept strictly confidential. To this end, Anatole undertakes to:

  • Only disclose Guest data to members of its staff, subcontractors or service providers who need access for Service execution purposes, and only to the extent strictly necessary for their intervention.
  • Ensure that these authorized persons are subject to a legal or contractual confidentiality obligation. Anatole incorporates confidentiality clauses compliant with this Agreement's requirements into employment or service contracts.
  • Not copy, reproduce or use Guest data for purposes other than those provided by the Contract, and not retain copies of data beyond what is necessary for the service or to comply with law.
  • Ensure that its staff processing data is trained in data protection requirements and sensitized to the importance of confidentiality.

This confidentiality obligation continues even after contract termination.

4.3. Processing security

Anatole will implement all appropriate technical and organizational security measures to guarantee a level of security adapted to the risk, in accordance with Article 32 of the GDPR. Anatole undertakes to maintain a security level compliant with state of the art. Taking into account the state of knowledge, implementation costs and the nature of data, Anatole particularly takes the following measures:

  • Logical data security: Protection of servers and databases against intrusions (firewalls, intrusion detection systems), communication encryption (e.g.: TLS for web interfaces, secure SMTP for outgoing emails), strict access control policies (data access reserved to authorized persons mentioned above, with strong authentication). Guest data stored on servers is hosted in a secure environment respecting industry standards (secured data centers, 24/7 monitoring, etc.).
  • Physical security: Data is hosted via cloud hosting services recognized for their security (see Sub-processing below).
  • Resilience and integrity: Regular data backups to prevent data loss, integrity testing, disaster recovery plan in case of major incident, to ensure User data availability as far as possible.
  • Security testing and audits: Anatole periodically performs security assessments of its platform (internal tests, external audits if necessary) to identify and correct vulnerabilities. These tests are conducted confidentially and results can be communicated to the User upon legitimate request, subject to confidentiality.

Anatole undertakes to notify the User of any personal data breach (security incident accidentally or unlawfully resulting in destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data) of which it becomes aware and concerning User data. This notification will be made within 24 hours after incident discovery. Anatole will provide the User with all relevant information on the breach nature, potentially affected data, probable consequences and corrective measures taken, to enable the User, if necessary, to notify this incident to the competent data protection authority (CNIL) and/or data subjects, in accordance with Articles 33 and 34 of the GDPR. The Parties will cooperate in good faith in case of incident to mitigate its effects.

4.4. Sub-processing (sub-processors)

The User expressly consents to Anatole engaging sub-processors (also called subordinate subcontractors or third-party service providers) to carry out specific processing activities on behalf of the User, as part of Service provision. These may include the following categories: cloud hosting, email and SMS sending services, technical analysis tools, AI data correction, etc.

Current sub-processors engaged by Anatole include (non-exhaustive list):

  • Supabase – Database & File hosting: Supabase is our application infrastructure provider. Role: hosting the PostgreSQL database containing Anatole data (accounts, weddings, invitations, responses, gift registry, etc.), and storing associated files (e.g. your wedding photos) in a dedicated space. Location: European Union. We use Supabase's European servers (EU region) so that all data and files are hosted exclusively in Europe. Stored data is encrypted at rest and is only accessible to Anatole applications and our authorized administrators.
  • Vercel – Front-end hosting: Vercel is the hosting platform for our application front-end (Anatole website and user interface). Role: delivery of the web application and static content to end users, via a global delivery network (CDN) for optimal performance. Location: primarily United States (Vercel Inc.), with CDN across the world (including servers in Europe). Transfer guarantees: Vercel is certified under the EU-US Data Privacy Framework and offers a standard Data Processing Addendum compliant with GDPR.
  • Bird – Transactional email sending: email service used to route emails generated by Anatole. Role: reliable sending of transactional emails related to the wedding (e.g. invitations, attendance confirmations, reminders, gift registry information) on behalf of the couple. Location: primarily United States, with redundant infrastructures. Transfer guarantees: Bird offers a standard Data Processing Addendum compliant with GDPR requirements and contractual guarantees for international transfers.
  • Bird – Transactional SMS sending: platform used for sending SMS (for example invitations or SMS reminders, or verification messages) to guests who have provided a phone number. Role: route SMS to your contacts' mobile operators. Location: Bird Inc. is a US company, but has presence in the EU. Transfer guarantees: Bird has Binding Corporate Rules (BCR) approved by European data protection authorities and offers a GDPR-compliant Data Processing Addendum.
  • CookieYes – Consent Management Platform: cookie consent management tool. CookieYes deploys the cookie banner on our site and records each user's choices regarding cookies. Role: ensure that non-essential trackers are only activated with consent, and retain proof of user consent or refusal. Location: CookieYes Limited is a company registered in the United Kingdom.
  • OpenAI – Artificial Intelligence: advanced AI service we use via API for specific functionalities (e.g.: correction of poorly formatted data, on-demand image generation). Role: algorithmic processing of content we submit to produce a result (corrected file or generated image) returned to Anatole. Location: United States (OpenAI, Inc.). Guarantees: In accordance with OpenAI API terms of use, the data we transmit is not used by OpenAI to train their AI models and is automatically deleted from their systems within a maximum of 30 days after processing.
  • OVH – Domain name & DNS management: OVHcloud is our registrar and DNS host for the anatole.wedding domain. Role: technical management of domain name, DNS records and hosting of certain ancillary functions. Location: France (OVH, French company). Personal data: very little data in reality – OVH essentially processes technical data (visitor DNS queries).

Anatole ensures that all its sub-processors have validated transfer mechanisms for third countries (BCR, Standard Contractual Clauses, adequacy decision) and that their standard DPAs comply with Article 28 GDPR requirements. Anatole undertakes that each sub-processor offers sufficient guarantees regarding implementation of appropriate technical and organizational measures, so that processing meets GDPR requirements and guarantees protection of data subjects' rights. Anatole concludes with each of these sub-processors a written contract imposing data protection obligations equivalent to those of this Agreement, particularly regarding confidentiality, security and breach notification.

Anatole remains fully responsible vis-à-vis the User for execution by its sub-processors of their data protection obligations. Anatole will supervise these sub-processors and remain the User's sole point of contact.

Information and right to object: Anatole will keep the User informed of any planned changes concerning addition or replacement of important sub-processors involving User personal data processing. This information will be provided via notification (for example, in the User's admin interface or by email) at least 15 days before the change. The User has the option to raise reasonable and legitimate objections to these changes within this 15-day period. An objection must be motivated in good faith, for example if the User believes that a new sub-processor presents insufficient compliance guarantees.

In case of unresolved objection concerning a new sub-processor, Anatole may, at its discretion, either refrain from engaging this sub-processor, or propose an alternative solution to the User. If no acceptable solution is found, the User may terminate the contract without penalty due to this objection. This termination will be considered legitimate and non-faulty on Anatole's side.

5. Data fate at contract end

At the end of the contractual relationship, i.e. in case of termination or expiration of the Terms of Service, the User has the option to retrieve all personal data processed on their behalf via Anatole. Anatole provides, upon User request, data in a standard readable format (for example, CSV export of guest lists and responses).

The User must exercise this return option before the contract end date or at the latest within 15 days following. Beyond that, Anatole will proceed with complete deletion of User personal data still in its possession, according to the following schedule:

  • Immediate active deletion: Immediately after contract end, Anatole will make User data inaccessible on the platform (deactivated account). Data may be temporarily retained in system backups.
  • Definitive erasure: In the absence of contrary User instruction, Anatole will erase all User personal data within a maximum of 90 days after the wedding date or contract termination, whichever comes first. This includes deletion of active databases and overwriting or encryption of backups still containing this data. Upon written User request, Anatole may attest in writing to effective data destruction once completed.

If the User wishes data return before deletion, Anatole may assist (this service may be charged if it generates significant cost). In any case, Anatole will not retain any User personal data beyond the mentioned period, except longer legal retention obligation. For example, Anatole may retain connection logs or transactions incidentally containing personal data if law requires it, but in this case such data will remain protected and archived separately.

Anatole's confidentiality and security obligations continue to apply as long as Anatole retains data.

In case of emergency termination (immediate suspension for serious breach), the User has 7 days to retrieve their data via automated export from their interface. After this period, the normal deletion procedure applies (maximum 90-day period according to the terms defined above).

6. Contact and data protection officer

For any question or instruction relating to personal data protection under this Agreement, the User can contact Anatole's data protection contact. This contact does not have DPO status within the meaning of Article 37 GDPR. Contact details are indicated in the Privacy Policy and/or on the Anatole website (e.g. a dedicated email address such as privacy@anatole.wedding).

Anatole undertakes to process any User request relating to this Agreement as quickly as possible.

7. Final provisions

7.1. Document hierarchy

This Agreement is part of the Terms of Service. In case of contradiction between a Terms provision and an Agreement provision concerning personal data processing, the Agreement will prevail. In case of conflict between contractual documents and mandatory legal obligations, the latter automatically prevail. Other Terms provisions remain fully applicable for everything not covered in the Agreement.

7.2. Duration

Anatole's obligations as Data Processor under this Agreement apply throughout the duration of Service provision involving personal data processing on behalf of the User, and until data deletion. Obligations that by nature continue (confidentiality, assistance, etc.) will survive as needed after contract end.

7.3. Applicable law and jurisdiction

This Agreement is subject to the same law as the Terms of Service (see Article 9 of Terms). Any dispute relating to its execution or interpretation will be settled according to the dispute resolution procedures provided in the Terms. Nevertheless, in case of specific data protection dispute, the Parties will cooperate in good faith to find a solution compliant with regulations and, if necessary, consult the competent supervisory authority (e.g. CNIL) for advice.

7.4. Entirety and modification

This Agreement constitutes the entire agreement of the Parties regarding data protection for Anatole Services. It may be supplemented or modified by a writing signed by both Parties (including by explicit electronic consent). Anatole reserves the right to propose updates to this Agreement in case of regulatory or Service evolution, following the same procedures as modification of Terms of Service. The User will be informed of any substantial modification and may refuse it by terminating the Service before its entry into force if it is detrimental.

In case of declaration of nullity of a clause by a court, the parties undertake to negotiate in good faith its replacement by an equivalent and lawful clause.

By signing or electronically accepting the Terms of Service, the User and Anatole acknowledge having read and understood this Agreement and undertake to comply with all its provisions.

KAWLET EURL Share capital: €1,000 15 Square Rameau 59000 Lille, France RCS Lille: 993 159 250 SIRET: 99315925000014 Email: privacy@anatole.wedding