Privacy Policy

Last updated: 14 July 2026

This explains, in plain English, what personal data Plan My Nikah collects when you use the site, why, and your rights under UK data-protection law (UK GDPR). Plan My Nikah, operated by PLAN MY GROUP LTD, is the data controller for the information described here.

Plan My Nikah is operated by PLAN MY GROUP LTD, a company registered in England and Wales under company number 17275878, with its registered office at 71 to 75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

What we collect

  • Account details: your name, email and account type (couple or vendor) when you sign up. If you sign in with Google, Google shares your basic profile (name and email) with us.
  • Enquiries: when you contact a vendor we collect your name, email, message, and any wedding date, guest count or package you provide.
  • Matched-quote requests: if you post your requirements to get matched quotes, we collect the wedding details you provide — location, date(s), events, guest numbers, budget and your description — together with any preferences you choose to state, such as halal catering, a no-alcohol venue, segregated seating, prayer space or female staff. Because these preferences can indicate your religious beliefs, they are special category data and we only process them with your explicit consent, which you can withdraw at any time by deleting the request or your account.
  • Vendor listings: if you list a business, the business details you submit (name, description, photos, pricing, contact details).
  • Optional browser alerts: if a vendor turns on matched-quote browser alerts, we store that browser's unique push endpoint, when and which version of the opt-in was accepted, and its server-side enabled or revoked status. We mark it revoked when the vendor turns alerts off, it expires, the push service reports that it has gone, or it is replaced after a key change. We send an empty push with no couple, request, category, city, date or quote data; the browser then displays fixed generic text. We delete disabled endpoints after 90 days and completed or failed delivery records after 30 days.
  • Saved items: the vendors you add to your shortlist.
  • Planning profile and wedding website: any couple profile photo, wedding website details, cover photo and gallery images you choose to add.
  • Anti-spam signal: to stop abuse of the enquiry form we store a one-way, salted hash of your IP address (never the IP address itself) for up to 24 hours, then it is deleted automatically.
  • Anonymous usage analytics: to understand which searches, categories and filters are most useful we record anonymous browsing events (e.g. "a search for caterers in Leeds returned 4 results"). These are tied to a random visit identifier that disappears when you close the tab (not to your name, account or IP address) and are deleted within 180 days.

Wedding website and photo visibility

Couple profile photos and wedding website cover or gallery images are stored at long, randomly generated media links. We prevent anonymous browsing or listing of those files, but anyone who has the exact media link can view the image. The media link does not expire automatically.

A wedding website passcode, the Website hidden setting and unpublishing control access to the wedding website page. They cannot withdraw a direct image link that somebody already obtained while the image was shared. Avoid uploading an image you would not want an invited guest to save or share.

Replaced or removed profile photos are deleted from file storage. Wedding website images removed from the editor are deleted after the next successful publish, so the currently published invitation is not broken by an unfinished draft. Unpublishing retains the site and its images for later republishing. Account deletion removes the account's stored files through our deletion workflow.

Why we use it (and our legal basis)

  • To run the marketplace and connect couples with vendors, to perform our service to you.
  • To deliver your enquiry to the vendor you chose, so they can reply, to perform our service.
  • To match your quote request with a small number of suitable vendors (we cap how many vendors see each request), to perform our service. Where your request includes faith-related preferences, we rely on your explicit consent to use them for matching, and matching never makes automated decisions about you — you always choose which vendors to talk to, and any moderation decision about a request is reviewed by a person.
  • To send operational matched-quote browser alerts that a vendor explicitly enables.
  • If a matched vendor chooses our AI quote-drafting tool, to help that vendor prepare an editable quote. The AI provider receives only a restricted structured summary of the request and that vendor's pricing — never your raw description, location, name, contact details or account/request identifiers. The vendor reviews the draft and nothing is sent automatically.
  • To prevent spam and abuse of the enquiry form, our legitimate interest in keeping the service usable.

Who we share it with

When you send an enquiry, its details are shared with the vendor you contacted so they can respond to you. When you post a quote request, its details (including any preferences you stated) are shared with the small number of matched vendors so they can quote — but never your name or contact details: vendors only see who you are if you choose to reply to them. We also rely on trusted service providers who process data on our behalf:

If you choose Compare with Hilal after receiving at least three quotes, we use the structured quote fields already shown to you to create neutral guidance. Our AI provider receives only opaque comparison fact labels, not vendor names, prices, terms, request text or contact details. PlanMyNikah inserts the exact figures from the stored quotes after the provider selects relevant labels.

  • Supabase: database, authentication and file storage (EU region).
  • Vercel: website hosting and serverless functions.
  • Resend: transactional email delivery (enquiry confirmations, vendor notifications).
  • Your browser push service (Google, Mozilla or Apple): receives an empty push request, with no couple or quote-request payload, to deliver fixed generic text only after a vendor opts in.
  • Sentry: error monitoring to help us fix technical problems (EU region, no personal data in error reports).
  • Cloudflare: bot and spam protection (Turnstile) on our forms.
  • DeepSeek: limited AI processing for optional planning and vendor quote-drafting features, with minimized inputs.
  • Google Analytics & Meta Pixel: optional marketing analytics, loaded only with your cookie consent (see Cookies & storage).
  • Google: only if you choose to sign in with Google.

We do not sell your personal data. Optional advertising analytics (Google Analytics and Meta Pixel) load only if you accept them in our cookie banner.

International transfers

Some of the service providers we use are based outside the United Kingdom, or use sub-processors outside the UK, so some of your personal data may be processed outside the UK. Several of our providers are headquartered in the United States, although some are configured to store data in the EU, for example our database, authentication and file storage (Supabase) and our error monitoring (Sentry) use EU regions.

Where personal data is transferred outside the UK to a country that does not have ‘adequacy’ status, we make sure the transfer is protected by an appropriate safeguard. Depending on the provider, this may be:

  • an applicable UK adequacy regulation, where the destination country or a certified recipient is covered by it;
  • the UK International Data Transfer Agreement (IDTA);
  • the UK Addendum to the EU Standard Contractual Clauses; or
  • another lawful safeguard permitted under UK data protection law.

Not every provider relies on the same mechanism. If you would like more information about the safeguards that apply to a particular transfer, email privacy@planmynikah.co.uk.

How long we keep it

  • The anti-spam IP hash is deleted automatically within 24 hours.
  • Anonymous usage events are deleted automatically within 180 days.
  • Enquiries are kept so the vendor can service your request and for their records.
  • Quote requests expire automatically (within 90 days, or on your event date if sooner) and stop being shown to vendors. We delete an expired request and its related quote data 30 days later; unfinished drafts are also deleted after 30 days. You can delete a request at any time from My matched quotes.
  • Account and listing data is kept while your account is active, and deleted on request.
  • Data-export download links expire after 24 hours. The private export files they point to are deleted automatically after the link has expired.
  • Administrative and security audit logs are kept for 12 months, then deleted automatically. We keep a relevant log for longer only while a documented legal hold or security investigation requires it.
  • When we act on a deletion request, your account, files and personal data are removed or anonymised straight away; copies in our encrypted database backups expire within the provider’s backup window (currently 7 days).

Your rights

Under UK GDPR you can ask us to give you a copy of your data, correct it, delete it, restrict or object to its use, or provide it in a portable form. To exercise any of these, email privacy@planmynikah.co.uk. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

How we handle your requests

When you make a request about your data, we will respond without undue delay and in any event within one month of receiving it. If your request is complex, or you have made a number of requests, we may extend this by up to two further months. If we need to extend the time, we will tell you within one month of your request and explain why.

We may ask you to verify your identity before we act on a request, where it is reasonable to do so to protect your information. Where we need that verification, or need to ask you to clarify your request, the one-month period may not start (or may pause) until we have the information we reasonably need.

You can exercise your rights, including deletion and a copy of your data, by emailing privacy@planmynikah.co.uk, or, if you have an account, from Account → Settings → Account requests.

Cookies & storage

We use essential storage to keep you signed in, remember your shortlist and run the site. We also use a random visit identifier in your browser tab for anonymous first-party usage analytics (described above), and this is not shared with advertisers.

With your consent, we load optional analytics cookies from Google Analytics and Meta Pixel to measure how people find and use PlanMyNikah and to improve our marketing. These tools receive only aggregated event data (for example which category was searched or that an enquiry was sent), never your name, email, phone number, message text or address. You can accept or reject optional cookies in the banner on your first visit; your choice is remembered in local storage.

For a full list of the cookies and similar technologies we use, including their provider, purpose, duration and which ones need your consent, see our Cookie Policy.

Changes to this policy

We may update this policy from time to time. When we do, we will update the date at the top of this page. Continued use of the site after a change constitutes acceptance of the updated policy.

Contact

Questions about your privacy? Email privacy@planmynikah.co.uk.