Privacy Policy

Last updated: July 1, 2026

Nawarto ("we", "us", or "our") operates the Nawarto mobile application (the "App"), a service that enables hosts to design and send personalised event invitations via messaging and to manage guest RSVPs, dietary preferences, entry barcodes, and event changes.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights under the General Data Protection Regulation (GDPR) and other applicable privacy laws. By using the App, you acknowledge that you have read and understood this policy.

1. Who We Are (Data Controller)

For the purposes of GDPR, Nawarto is the data controller of personal data you provide as a host. For personal data belonging to your guests, you (the host) act as the controller and Nawarto acts as the data processor, processing that data on your instruction to deliver invitations and manage RSVPs.

Contact: contact@nawarto.com

2. Data We Collect and Why

The table below sets out each category of personal data we process, the purpose, and the legal basis under GDPR Article 6 (and Article 9 where applicable).

CategoryDataPurposeLegal basis
Account & identity Mobile phone number, display name / host name Authentication via OTP; identifying you as a host within the App Performance of a contract (Art. 6(1)(b))
Guest contact data Guest names and phone numbers imported from your device contacts (only those you select) Building invitation lists; delivering invitations via our messaging provider Legitimate interests of you as the host in inviting your own guests (Art. 6(1)(f)); you as host are responsible for any additional consent required from guests
Event data Occasion name, date, venue, venue link, custom message, language preference, media (header image or video, welcome audio) Creating and delivering personalised invitations; event management features Performance of a contract (Art. 6(1)(b))
RSVP & questionnaire data RSVP status (confirmed/declined), a timestamped response history, plus-ones count, dietary choice, notes to the host, conversation state Tracking guest attendance and preferences on the host's behalf; delivering follow-up prompts Performance of a contract (Art. 6(1)(b)); processing dietary data on the basis of explicit consent given by the guest when answering (Art. 9(2)(a))
Health-adjacent data (special category) Food allergies reported by guests Informing the host of guests' dietary restrictions for event planning purposes Explicit consent of the guest (Art. 9(2)(a)); guests provide this voluntarily during the RSVP questionnaire
Entry & check-in data Entry barcode token, check-in timestamps, check-in operator ID Managing gate entry at the event when the host enables the Entry Barcodes feature Performance of a contract (Art. 6(1)(b))
Delivery & messaging data Message IDs, delivery/read timestamps, failure codes received from our messaging provider Tracking invite delivery status; crediting hosts on failed deliveries; debugging Legitimate interests (Art. 6(1)(f)) — operating a reliable messaging service
Purchase & credit data Credit balance, transaction records (amount, type, timestamp); purchase receipt tokens (not raw payment card data) Managing prepaid credit packs; processing refunds for failed deliveries Performance of a contract (Art. 6(1)(b)); legal obligation for transaction records (Art. 6(1)(c))
Organizer data Phone number and name of co-organizers added by the host Granting scanner/check-in access to designated event organizers Legitimate interests (Art. 6(1)(f))
Usage analytics Your account identifier and in-app interaction events (e.g. invite created, invite sent, purchase completed, screens viewed) Understanding how the App is used to improve features and reliability Legitimate interests (Art. 6(1)(f))
Crash & diagnostic data Your account identifier, crash logs, and error diagnostics Diagnosing crashes and keeping the App stable Legitimate interests (Art. 6(1)(f))
Aggregated statistics Non-identifying, aggregated event and messaging outcome counters Measuring overall App usage and reliability Legitimate interests (Art. 6(1)(f))
Device / technical data Push notification token, device OS version, app version Delivering push notifications; crash diagnostics Legitimate interests (Art. 6(1)(f))

3. What We Do Not Collect

We do not sell your data or your guests' data to any third party, and we do not use it for advertising.

4. How We Use Your Data

5. Sharing Your Data With Third Parties

We share personal data only with the following categories of processors, each contractually bound to protect it:

We do not sell your data or your guests' data to any third party, and we do not share it for advertising purposes.

6. International Data Transfers

Our infrastructure runs primarily in the United States. If you are located in the European Economic Area (EEA), UK, or Switzerland, we transfer your personal data to the US on the basis of the European Commission's Standard Contractual Clauses (SCCs) incorporated into our agreements with our service providers. You may request a copy of these safeguards by writing to contact@nawarto.com.

7. Data Retention

8. Security

Personal data is stored on our cloud infrastructure, encrypted in transit (TLS) and at rest (AES-256). Database security rules ensure each user can only access their own events and guest data. We apply the principle of least privilege to all internal access.

No system is entirely secure. If you become aware of any security concern related to the App, please notify us immediately at contact@nawarto.com.

9. Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights. We will respond within 30 days of receiving a verifiable request.

To exercise any of these rights, contact us at contact@nawarto.com or delete your account directly in the App under Profile > Delete Account.

Note for hosts: You are the data controller for your guests' personal data. You are responsible for ensuring you have an appropriate legal basis (such as a legitimate interest in hosting a private event, or explicit consent) to collect and process guest information. You should inform your guests that their RSVP responses, dietary preferences, and allergy information are stored and used for event-planning purposes.

10. Children's Privacy

The App is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided data through the App, please contact us at contact@nawarto.com and we will promptly delete it.

11. Cookies and Tracking

The Nawarto mobile App does not use cookies. The App's hosted web pages (barcode, RSVP, calendar, and marketing pages at nawarto.com) do not use advertising or tracking cookies. Web pages load fonts from a third-party CDN, which may involve a network request to that provider's servers.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will update the "Last updated" date at the top of this page. For material changes, we will provide notice in the App. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy questions, data-rights requests, or concerns, please contact us:

Email: contact@nawarto.com

We aim to respond to all requests within 30 days.