Privacy Policy BETA

How we collect, use, and protect your personal information

Last Updated: January 15, 2026

Privacy Overview

At Laylaty, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our guest management platform.

Data Controller

Laylaty is operated by Rootroo. For contact details, visit rootroo.com

Information We Collect

Information You Provide
  • Account details (name, email, password, profile information)
  • Contact information you choose to provide
  • Social login information when you use third-party authentication
  • Event details and guest information you create
  • Content you upload (photos, videos, messages, wishes)
  • Guest responses and preferences (RSVPs, dietary requirements, etc.)
  • Payment information processed by third-party payment processors
Information We Collect Automatically
  • Usage data (how you interact with our platform)
  • Device and browser information
  • IP address and general location
  • Cookies and similar tracking technologies
  • Log data and analytics information

How We Use Your Information

  • Provide and improve our services
  • Communicate with you about your account and events
  • Process transactions and deliver features you use
  • Analyze usage to improve our platform
  • Ensure security and prevent abuse
  • Comply with legal obligations

Legal Basis for Processing

Contract Performance: Processing necessary to provide our guest management services.

Legitimate Interests: Analyzing usage data to improve our services, develop new features, enhance platform performance, ensure security, and provide better user experience. You have the right to object to processing based on legitimate interests.

Consent: Analytics and marketing communications where you have opted in.

Legal Compliance: Meeting legal and regulatory requirements.

Information Sharing and Third-Party Services

We do not sell your personal information. We only share data in these limited circumstances:

  • Event Guests: Guest information shared only with event organizers as necessary for event management.
  • Service Providers: Trusted third-party service providers who assist with cloud infrastructure, payment processing, email delivery, analytics, and other essential operational services.
  • Legal Requirements: When required by law or to protect our rights and safety.
  • Social Media Platforms: When you choose to log in via Google, Facebook, or Instagram, we receive basic profile information.

Third-Party Service Providers

We work with trusted third-party service providers for hosting, payments, email delivery, analytics, and other operational services.

These service providers only access your data to perform specific tasks on our behalf and are obligated to protect your information. Data is primarily processed within EU data centers, with some services processing data in other regions under appropriate safeguards.

Cookies and Tracking Technologies

We use cookies for essential functions, analytics, and advertising.

See our Cookie Policy for details and how to manage your preferences.

Data Retention

We retain your data as long as necessary for our business purposes, legal obligations, and dispute resolution:

  • Account data: While active and as needed after closure
  • Event data: Until you delete it or as required by law
  • Uploaded content: At least 30 days after deletion; longer if flagged for safety, incorporated into service improvements, or required by law
  • Payment records: As required by financial regulations (typically up to 7 years)
  • Analytics and aggregated data: As needed for service improvement
  • Security logs: As necessary for security and legal compliance

You can request deletion of your data at any time. Some information may be retained as required by law, for dispute resolution, or for legitimate business purposes including service improvement.

Your Rights

You can access and correct your data through your account settings. To request deletion or exercise other rights, contact us and we'll respond within 30 days.

Marketing Communications

You can opt out of marketing emails at any time by clicking the unsubscribe link in any email or adjusting your account preferences. This will not affect service-related communications.

Data Security

We use industry-standard security measures to protect your information, including encryption, secure authentication, and access controls. Payment processing is handled by PCI-compliant third-party processors.

No online system is 100% secure. Use strong passwords and keep your account secure.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law, typically within 72 hours of becoming aware of the breach.

International Data Transfers

Your data is primarily stored and processed within EU data centers. Some third-party service providers may process data in other regions for purposes such as analytics, advertising, and infrastructure services. When data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and other legally recognized transfer mechanisms.

Automated Processing and AI

We may use automated systems, artificial intelligence, and machine learning to improve our services, moderate content, provide recommendations, and enhance features. You have the right to object to automated decision-making that significantly affects you.

California Privacy Rights (CCPA)

California residents have additional rights under the CCPA. We do not sell, rent, or share your personal information for monetary consideration. You have the right to know what personal information we collect, request deletion, and access your data. Contact us to exercise these rights.

Legal and Law Enforcement Requests

We may disclose your information in response to lawful requests by public authorities, including law enforcement. We may be prohibited from notifying you of such requests.

Age Requirement

You must be at least 16 years old to use our service. We do not knowingly collect personal information from anyone under 16. If you believe we have collected such information, please contact us immediately and we will delete it.

Changes to This Policy

We may update this Privacy Policy at any time. We will notify you of material changes by email or platform notice at least 30 days before they take effect. Continued use constitutes acceptance.

Electronic Communications

By using our service, you consent to receive communications from us electronically. You agree that all agreements, notices, and other communications satisfy any legal requirement that such communications be in writing.

Interpretation

Section headings are for convenience only and do not affect interpretation. "Including" means "including but not limited to." The terms "we," "us," and "our" refer to Laylaty and its operators.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at rootroo.com.

We will respond to your request within 30 days.