Back to home

Anatole Privacy Policy

Last updated: December 13, 2025

1. Geographic and regulatory applicability

This privacy policy applies to all users of the Anatole platform located in the European Union, European Economic Area, and United Kingdom. It is designed to ensure compliance with:

  • Regulation (EU) 2016/679 (GDPR) and its national implementations
  • UK GDPR and the Data Protection Act 2018 (United Kingdom)
  • National data protection laws of all relevant member states, including:

This policy complies with the strictest requirements among all these jurisdictions to ensure optimal protection of your personal data.

2. Introduction

Welcome to Anatole, your digital wedding invitation platform. Anatole enables couples to create beautiful digital wedding invitations, manage their guests' RSVPs, and organize a gift registry for their wedding.

Protecting your personal data is our absolute priority. This privacy policy transparently explains how Anatole processes your data in full compliance with Regulation (EU) 2016/679 (GDPR) and applicable national laws.

We detail the purposes of data processing, our legal bases, the processors we work with, the security measures we implement, your rights, and how to exercise them.

Anatole is committed to respecting the principles of lawfulness, fairness, transparency, data minimization, and purpose limitation set forth in the GDPR. By using our platform, you remain in control of your data: we only use it for the explicit purposes described below and we never sell it.

3. Data controller & Data protection officer

The data controller for data collected via the Anatole platform is KAWLET, a single-person limited liability company with capital of €1,000.00, with its registered office at 15 Square Rameau, 59000 Lille, France, registered with the Trade and Companies Register of Lille Métropole under number 993 159 250, SIRET 99315925000014 (hereinafter "Anatole" or "we").

As data controller, we determine the purposes and means of processing related to the management of the website and user accounts. Furthermore, when we process guest data on behalf of our users (couples organizing their wedding), we act as a data processor in accordance with Article 28 of the GDPR (see "Data processing" section below).

Appointment of a Data Protection Officer: As a small company, Anatole is not legally required to appoint a DPO within the meaning of Article 37 of the GDPR. However, for transparency and continuous improvement of our practices, we have chosen to appoint a data protection officer.

Competent supervisory authorities: Depending on your place of residence, the competent supervisory authority is: - France: Commission Nationale de l'Informatique et des Libertés (CNIL) - United Kingdom: Information Commissioner's Office (ICO) - Germany: Länder data protection authorities and Bundesbeauftragte für den Datenschutz - Spain: Agencia Española de Protección de Datos (AEPD) - Italy: Garante per la protezione dei dati personali - Portugal: Comissão Nacional de Proteção de Dados (CNPD) - Poland: Urząd Ochrony Danych Osobowych (UODO) - Romania: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) - Netherlands: Autoriteit Persoonsgegevens (AP) - Belgium: Autorité de protection des données (APD/GBA) - Austria: Datenschutzbehörde (DSB)

For any questions regarding this policy or to exercise your rights (detailed below), you can contact our data protection officer: - Contact: privacy@anatole.wedding (or by mail to our registered office, attention: data protection officer)

4. Processing purposes and legal bases

We collect and process personal data only for specific, explicit, and legitimate purposes. Below is a detailed list of our processing purposes and the corresponding legal basis for each, in accordance with Article 6 of the GDPR:

  • Creation and management of your wedding page: Anatole enables couples to create a personalized wedding page with their information (names, date, location, schedule). This processing is necessary for the performance of the contract between us and you (Article 6(1)(b) GDPR).
  • Sending invitations and reminders: Anatole enables couples to send invitations by email (via Bird) and SMS (via Bird) to their guests, send reminders to non-respondents, or send follow-up notifications. This processing is necessary for the performance of the contract (Article 6(1)(b) GDPR).
  • RSVP and multi-moment management: Our platform processes guests' responses (confirmed attendance, declined, etc.) for each wedding moment (civil ceremony, religious ceremony, cocktail hour, dinner, brunch, etc.). This processing is carried out as part of the service provided, on a contractual basis (Article 6(1)(b)).
  • Dietary preferences management: If enabled by the couple, we collect guests' dietary restrictions and allergies to facilitate organization. Legal basis: performance of the contract (Article 6(1)(b)).
  • Gift registry management: Anatole allows guests to contribute financially to the couple's gift registry via Stripe. This processing includes collecting payment information and managing contributions. Legal basis: performance of the contract (Article 6(1)(b)).
  • Photo uploads and sharing: If enabled, guests can upload photos to the wedding album. This processing is based on the guest's consent (Article 6(1)(a)) and performance of the contract with the couple.
  • Contact import: Anatole offers a contact import feature to help couples easily integrate their guest lists. Legal basis: performance of the contract and legitimate interest (Article 6(1)(b) or (f)).
  • AI-assisted data correction and image generation: To improve user experience, we offer AI-assisted features via OpenAI. Note: Data transmitted to OpenAI is limited to what is strictly necessary and is automatically deleted within a maximum of 30 days after processing.
  • Anonymized statistics: Anatole may compile aggregated and anonymized statistics (response rates, etc.) to improve our services. Legal basis: legitimate interest (Article 6(1)(f)).
  • Payment processing: Anatole uses Stripe to process payments for premium offerings and gift registry contributions. Legal basis: performance of the contract (Article 6(1)(b)).
  • Cookie and consent management: On our website, non-essential cookies are only placed after obtaining your prior consent via our consent banner managed by CookieYes.

No automated decision-making or profiling within the meaning of Article 22 GDPR is implemented through our services.

5. Categories of data collected

Within the scope of the above purposes, Anatole may collect different categories of personal data:

  • Identification and contact data of couples: surname, first name, email address, phone number when creating the account.
  • Wedding-related data: names of the couple, wedding date, location(s), schedule of different moments (ceremony, cocktail hour, dinner, brunch, etc.).
  • Guest data: surname, first name, email address, phone number, invitation status, RSVP response per moment, number of plus-ones, dietary preferences if collected.
  • Contribution data (gift registry): contributor's name (or anonymous), amount, personal message, payment information processed by Stripe.
  • Uploaded photos: images uploaded by guests to the wedding album, associated metadata (date, time).
  • User-provided content: personalized invitation messages, wedding visuals, couple's logo or photos.
  • Technical and browsing data: IP address (anonymized for audience measurement), device and browser information, language preferences, connection logs, and cookies.

All data collected is obtained directly from you (organizing couple or guest) or from your use of the services.

6. Data recipients – Third-party disclosure

Your personal data is accessible to Anatole's authorized personnel only to the extent strictly necessary. Apart from this internal access, Anatole does not disclose your data to third parties, except to its technical service providers listed below:

  • Supabase – Database & File hosting: Hosting of the PostgreSQL database and file storage (photos, visuals). Location: European Union. Data is encrypted at rest.
  • Vercel – Front-end hosting: Hosting platform for the Anatole website. Location: United States with global CDN. Safeguards: EU-US Data Privacy Framework certified.
  • Bird – Transactional email delivery: Sending of email invitations, confirmations, reminders. Location: United States. Safeguards: GDPR-compliant DPA.
  • Bird – Transactional SMS delivery: Sending of SMS invitations and reminders. Location: United States with EU presence. Safeguards: Approved BCRs.
  • Stripe – Payment processing: Payment for premium offerings and gift registry contributions. Location: Stripe Europe (Ireland). Safeguards: GDPR and PCI DSS certifications.
  • CookieYes – Consent management platform: Cookie consent management. Location: United Kingdom (adequacy decision).
  • OpenAI – Artificial intelligence: Data correction and image generation. Location: United States. Safeguards: Data not used for training, deleted within 30 days.
  • OVH – Domain name & DNS management: Technical management of the anatole.wedding domain. Location: France.

Each service provider acts only on Anatole's instructions. We maintain control of your data.

7. Data processing and compliance (Article 28 GDPR)

Anatole ensures that all its processors provide robust contractual guarantees regarding data protection, in accordance with Article 28 of the GDPR. This means in particular that:

  • We authorize our processors to process data only for specific and documented purposes.
  • Each processor is bound by a strict confidentiality clause.
  • Our contracts require the implementation of all security measures required by Article 32 of the GDPR.
  • No sub-processor may be engaged without our prior authorization.
  • Upon completion of the service, processors must delete or return the data to us.

By working with an ecosystem of compliant and contractually committed service providers, Anatole ensures that data processing does not in any way weaken the level of protection applied to your data.

8. European hosting – Data sovereignty

Anatole places particular importance on data sovereignty and location. All your files and data are hosted exclusively within the European Union via our technology partner Supabase, whose European infrastructure guarantees strict data location within EU territory.

This European approach allows us to maintain optimal legal control over your information, with photos, guest lists, and wedding information physically remaining on European servers, subject to European regulation.

In summary, Anatole prioritizes European hosting that complies with digital sovereignty requirements, providing enhanced security and GDPR compliance.

9. International data transfers

Anatole aims as far as possible to avoid data transfers outside the European Economic Area (EEA). The general rule is that data is processed and stored within the EU.

However, as some of our processors are based outside the EU, limited international data transfers may occur:

  • No unregulated transfers: All our international flows are governed by mechanisms provided for by the GDPR (adequacy decision, Standard Contractual Clauses, BCRs).
  • US providers: Vercel (EU-US Data Privacy Framework certified), Bird (standard DPA), Bird (approved BCRs), OpenAI (API Data Processing Terms).
  • United Kingdom: CookieYes benefits from an adequacy decision from the European Commission.
  • Proportionality: We ensure that data sent outside the EU is minimized in relation to the purpose.

Anatole remains attentive to case law developments and recommendations from authorities to adjust its international transfer mechanisms.

10. Data retention periods

Anatole retains your personal data only for limited periods, proportionate to the purposes:

  • Wedding and guest data: Retained for the life of the active wedding on the platform, then deleted or anonymized 90 days after the wedding date or account termination, whichever comes first. Couples can export their data at any time.
  • User account data (couple): Retained as long as the account is active. Upon closure, deletion within 30 days after contract termination, except for legal retention obligations.
  • Contribution data (gift registry): Payment information is processed by Stripe according to their policies. Contribution histories are retained in accordance with accounting obligations (10 years for accounting documents).
  • Uploaded photos: Retained as long as the album is active, then deleted with other wedding data.
  • Technical logs: Retained for 12 months on a rolling basis for security purposes.
  • Analytics cookies: Maximum retention period of 13 months.
  • Backups: Retained for 30 rolling days before being overwritten.

At the end of the above periods, data is either securely deleted or irreversibly anonymized.

11. Data security

Anatole implements rigorous technical and organizational security measures to protect your data, in accordance with Article 32 of the GDPR:

  • Encryption in transit (TLS): All communications are protected by TLS 1.3 encryption.
  • Encryption at rest: Stored data is encrypted with AES-256.
  • Access control and enhanced authentication: Fine-grained role-based access control (RBAC), multi-factor authentication (MFA) for administrator accounts.
  • Security testing and audits: Regular penetration testing and vulnerability assessments. Our processors are ISO 27001 and SOC 2 Type II certified.
  • Development security: Security integrated from the design stage (privacy by design).
  • Staff confidentiality: Each employee is subject to a strict confidentiality obligation.

In the event of a personal data breach, we commit to following the legal procedure: notification to the competent authority within 72 hours if required (Article 33 GDPR) and communication to affected individuals if necessary (Article 34 GDPR).

12. Your rights as a data subject

In accordance with the GDPR, you have the following rights:

  • Right to be informed: Right to clear information about processing (the purpose of this policy).
  • Right of access: Obtain confirmation that we hold your data and obtain a copy.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Obtain deletion of your data in certain cases.
  • Right to restriction of processing: Request temporary suspension of processing of your data.
  • Right to object: Object to the processing of your data for reasons relating to your particular situation.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to withdraw consent: At any time, as easily as you gave it.

Exercising your rights: Contact us at privacy@anatole.wedding. We will respond within 1 month (extendable by 2 months if complex).

Complaint: You may lodge a complaint with the competent supervisory authority (CNIL for France: cnil.fr).

(Note: For guests whose data is managed via Anatole by a couple, you may address your requests either directly to the organizing couple or to Anatole at privacy@anatole.wedding.)

13. Cookies and trackers

The Anatole website uses cookies in accordance with the requirements of the ePrivacy Directive (2002/58/EC) and its national implementations.

Enhanced consent: During your first visit, a consent banner (CookieYes) allows you to accept or refuse non-essential cookies on a granular basis by category.

Cookies used are classified as:

  • Strictly necessary cookies: Essential for functionality (session, consent preferences). Do not require consent.
  • Performance and statistics cookies: Help understand site usage (with IP anonymization). Subject to consent.
  • Functionality cookies: Enhance your experience (display preferences, language). Subject to consent.

Retention period: Maximum 13 months for analytics cookies.

No monetization: We do not sell your browsing data.

You can change your choices at any time via the "Cookies" link available on the site.

14. Photo uploads and user responsibilities

Anatole allows guests to upload photos to wedding albums when this feature is enabled by the couple.

Consent and user responsibilities: Before uploading a photo, users must confirm: - That they have the right to share the content - That all identifiable individuals have given their consent - That they accept full responsibility for the content

Distribution of responsibilities: - The uploader is responsible for the content and obtaining permissions - The organizing couple is responsible for moderation if enabled - Anatole acts as a technical intermediary

Content removal: If you appear in a photo and wish to have it removed: - Contact the organizing couple directly - Use the reporting function - Contact privacy@anatole.wedding

Technical measures: GPS location metadata is automatically removed from uploaded photos for your privacy.

15. Gift registry and financial contributions

Anatole offers a gift registry feature (participatory wedding fund) allowing guests to contribute financially to the couple's project.

Data collected during a contribution: - Contributor's name (or choice to remain anonymous) - Contribution amount - Optional personal message - Payment information (processed directly by Stripe)

Payment processing: All transactions are processed by Stripe, which acts as data controller for banking data. Anatole never stores your card numbers.

Contribution privacy: The couple can see the total amount collected and the list of contributors (except anonymous ones). Individual amounts may be visible or hidden depending on the chosen settings.

Retention: Contribution histories are retained in accordance with accounting and tax obligations (10 years).

Refunds: In case of refund, associated data is retained for the time necessary to manage the transaction.

16. Protection of minors

Anatole is a service intended for adults (persons of legal age wishing to organize their wedding). We do not knowingly collect personal data from minors under 16 years of age.

If you are a parent or legal guardian and believe that your child has provided us with personal data, please contact us at privacy@anatole.wedding so that we can take the necessary steps.

17. Policy modifications

This privacy policy may evolve, particularly to reflect changes in our practices or to comply with any legal/regulatory changes.

In the event of substantial modification, we will inform you in advance via a notice on the site or by email, and if required by law, we will request your consent.

The updated version of the policy will always be accessible on our site in the "Privacy" section. We invite you to consult it periodically.

Effective date: This policy is effective as of December 13, 2025.

By choosing Anatole, you entrust your data to a platform that places privacy and security at the heart of its concerns. If you have any questions, please do not hesitate to contact us at privacy@anatole.wedding.

Thank you for your trust, and congratulations on your wedding!