Privacy Policy

Blyn is a personal hobby project operated by a private individual based in Denmark. There is no company behind it. If you have any questions, reach out at hello@blyn.dk.

For GDPR purposes, the operator of this service is the data controller.

Blyn stores the following data to make the service work:

• Admin accounts— when you sign up you provide a first name, an email address, and a password. Passwords are never stored in plain text — Supabase Auth hashes them with bcrypt before saving. If you sign in with Google instead, we receive your email address and the display name on your Google account; we never see your Google password. If you use the passwordless “sign-in link” option, we send a one-time link to your email address — no password is ever stored.
• Event data — event names, descriptions, checklist items, date proposals, expenses, and poll questions and votes. Linked to the event admin's account.
• Guest names — the name you type when joining an event as a guest. Stored in localStorage in your browser (keyed per event slug) and in the event's data rows. It is never linked to an account or email address.

We do not use tracking cookies or analytics cookies of any kind.

We use:

• Session cookies — set by Supabase Auth when you sign in (email/password or Google). These expire when you sign out or your session ends. They are not used for tracking.
• localStorage — your guest name is saved locally in your browser under the key guest_name_<slug>. It stays on your device. You can clear it at any time by clearing your browser's local storage, or by clicking your name in the event page header.
• Consent flag — a single localStorage key (es_consent_v1) records that you dismissed this notice. No personal data is stored in it.

Event data is private by default. Only people who have the event's unique link can view it. Links are not listed or indexed anywhere.

The event admin (the person who created the event) can see all data submitted to their event, including guest names and contributions.

We do not sell, share, or disclose your data to any third party.

All event and account data is stored in the European Union on Supabase (hosted PostgreSQL, EU region). Data does not leave the EU.

Transactional emails (account confirmation, password resets, event invitations, and automated day-before reminders for events with a confirmed date) are sent via Resend. Resend processes the recipient address and email body solely to deliver the message and retains delivery logs for a short period.

The site is served by Vercel from edge locations worldwide. Vercel processes standard request metadata (IP address, user-agent) for routing and security; no personal data is stored there.

The optional “Describe your event” AI feature on the dashboard, and the “Add via text” shortcuts inside modules, send the description text you type to Groq (US-based) for parsing. Only the text you type in those inputs is sent — never RSVPs, comments, email addresses, or any data from other guests. Groq's free tier may use prompts to improve their models; see their privacy policy. Use of the AI feature is optional — every field can be filled in manually.

Because your data is hosted in the EU, the GDPR applies. You have the right to:

• Request a copy of data we hold about you
• Request correction or deletion of your account and event data
• Object to or restrict processing of your data
• Withdraw consent at any time
• Lodge a complaint with your national data protection authority

You can delete your own events from the dashboard at any time, which removes all associated event data. To delete your entire account (and every event you created), use the Account settings page — the option is in the “Danger zone” section at the bottom.

For any privacy questions, data access requests, or account deletion, email hello@blyn.dk.