Privacy Policy
This policy explains how Nupta collects, uses, shares, retains, and protects personal data for couples, guests, vendors, and website visitors.
1. Who we are
Nupta provides wedding planning, vendor discovery, guest experience, budget, invitation, and vendor workspace tools. Nupta Rwanda is the service operator and data controller for personal data collected through the website, mobile app, vendor workspace, support channels, and related services.
Contact: support@nupta.rw. Business location: Kigali, Rwanda.
2. Personal data we collect
Account and identity data such as name, email address, phone number, role, language, login identifiers, and account settings.
Wedding planning data such as couple names, ceremony details, budgets, tasks, guest lists, invitations, team members, notes, preferences, saved vendors, and guest experience content you choose to create or upload.
Vendor data such as business name, contact details, service category, pricing, availability, portfolio media, verification materials, leads, reviews, quotes, payment records, and storefront settings.
Device, location, permission, and usage data such as IP address, app version, device identifiers, approximate location, feature events, crash logs, notification tokens, analytics preferences, and support messages.
Payment data may be processed by payment providers. Nupta stores transaction references, entitlement status, payment method category, and reconciliation details needed for support, fraud prevention, accounting, and legal compliance.
3. Why we process data
We process personal data to create accounts, provide planning workspaces, match couples with vendors, publish vendor profiles, process purchases, send invitations or notifications you request, provide customer support, prevent misuse, improve product quality, and comply with legal duties.
Where consent is required, we request it before using optional permissions or non-essential analytics. You may withdraw optional consent through app settings or by contacting us.
4. Legal bases and Rwanda DPP Law
Nupta handles personal data in line with Rwanda Law No. 058/2021 of 13/10/2021 relating to the protection of personal data and privacy, including purpose limitation, consent where required, data subject rights, processor contracts, records of processing, security controls, and safeguards for transfers or storage outside Rwanda.
Where users are located outside Rwanda, additional local laws may apply, including GDPR-style rights for European users and consumer privacy rights in other jurisdictions.
5. Sharing and processors
We do not sell personal data. We may share data with vendors you contact, invited collaborators, guests you invite, payment processors, hosting providers, analytics and crash reporting tools, notification providers, customer support tools, professional advisers, regulators, and law enforcement where legally required.
Service providers must process personal data only under written instructions, confidentiality duties, security obligations, and appropriate data processing terms.
6. Retention
We keep data only as long as needed for the service, user choices, legal obligations, dispute resolution, fraud prevention, accounting, backups, and audit logs.
Suggested retention schedule: account records for the account lifetime plus up to 24 months; wedding workspace data until deletion or account closure plus backup expiry; support records up to 36 months; payment and tax records as required by law; security logs up to 24 months unless needed for investigation.
7. Security
Nupta uses reasonable technical and organisational safeguards, including access controls, encryption in transit, secure credential handling, least-privilege permissions, audit logging for sensitive operations, vendor access controls, backups, and incident response procedures.
No online service can guarantee absolute security. Users should keep login details secure and report suspected unauthorized access promptly.
8. Children and guest data
Nupta is intended for adults planning or providing wedding services. If children appear in guest lists, media, or event details, users must have appropriate authority or consent to provide that information.
We do not knowingly create accounts for children under 16 without legally valid parental or guardian consent where required.
9. International transfers
If data is stored or accessed outside Rwanda, Nupta ensures the transfer or storage arrangement is lawful and supported by the necessary safeguards, authorisations, contracts, and security controls.
10. Your choices
You may request access, correction, deletion, restriction, portability, consent withdrawal, or objection by contacting support@nupta.rw. We may need to verify your identity before acting on a request.
You may also adjust app permissions, notification preferences, and analytics settings from your device or in-app settings where available.
