Said & Kept
Example keepsake

Legal

Privacy policy

Last updated: 25 May 2026

This policy explains what personal data Moken Digital Ltd, trading as Said & Kept (“we”, “us”, “our”), collects when you use the service, why we collect it, and what your rights are. We are the data controller for the information described below.

What we collect

From you, when you create an account

  • Your name and email address.
  • Your wedding details (names, date, location) — only what you choose to share.
  • Account password (stored hashed, never in plain text).

From your guests, when they leave a message

  • Their name (or whatever they choose to sign as).
  • The message they wrote.
  • Basic technical data (IP address, browser) to help us prevent abuse.

When you pay

Payment is handled by Paddle.com Market Ltd. We don’t see or store your card details. Paddle shares limited information with us so we can link your purchase to your account (your name, email, country, the amount paid). See Paddle’s privacy notice for details.

Automatically, when you use the site

  • Approximate location (country) from your IP address, used only to show you the right currency.
  • Basic analytics so we can understand how the service is used.

Why we use it

  • To run your account and your wedding message page.
  • To process your purchase and send purchase confirmations.
  • To send service emails (e.g. password resets).
  • To keep the service secure and prevent abuse.
  • To meet our legal obligations (e.g. tax records).

Legal basis

We rely on the following lawful bases under UK GDPR: contract (to provide the service you paid for), legitimate interests (to keep the service secure and improve it), consent (where we ask for it, e.g. marketing emails), and legal obligation (e.g. accounting records).

Children

Said & Kept isn’t intended for children. We don’t knowingly collect personal data from anyone under 16. If you think a child has used the service or left a message, please email hello@saidandkept.com and we’ll remove the data.

Marketing emails

We only email you about your account or your purchase (sign-in resets, receipts, important service updates). We don’t send marketing or promotional emails today. If that ever changes, we’ll only do so with your clear opt-in and you’ll be able to unsubscribe at any time.

No automated decisions

We don’t make any automated decisions about you that produce legal or similarly significant effects. There’s no profiling and no algorithm deciding anything important about your account.

Who we share it with

We use a small number of trusted suppliers to run Said & Kept. They only handle data on our behalf:

  • Supabase — database and authentication hosting.
  • Vercel — application and analytics hosting.
  • Paddle — payment processor and merchant of record.

We don’t sell your data or your guests’ messages, and we don’t share it with advertisers.

Where it’s stored

Your data is stored on servers in the European Union and the United Kingdom. Where any supplier transfers data outside the UK/EU, they do so under safeguards approved by the UK Information Commissioner’s Office.

How long we keep it

  • Account and message data: for as long as your account is active. You can delete your account at any time and we’ll remove the data.
  • Purchase records: kept for 7 years to meet UK tax-record requirements.

How we keep your data safe

We take reasonable steps to protect your data. In practical terms:

  • All traffic to and from Said & Kept is encrypted in transit (HTTPS / TLS).
  • Passwords are stored hashed, never in plain text.
  • Database access is locked down by row-level security so only the rightful account can read their own data.
  • We don’t handle card details at all — payment is processed by Paddle.

No internet service can be 100% secure, but if you ever think something looks wrong, email us and we’ll take it seriously.

If something goes wrong

If we ever discover a personal-data breach that’s likely to affect you, we’ll let you know without undue delay and report it to the UK Information Commissioner’s Office within 72 hours where the law requires it.

Your rights

Under UK GDPR you can ask us to:

  • Tell you what data we hold about you.
  • Correct any data that’s wrong.
  • Delete your data (subject to legal record-keeping).
  • Restrict or object to how we use it.
  • Send a copy of your data to another provider.

To exercise any of these, email hello@saidandkept.com. You can also complain to the UK Information Commissioner’s Office at ico.org.uk.

Cookies

We use a small number of essential cookies to keep you signed in. We don’t use advertising cookies. Paddle may set cookies during checkout — see Paddle’s privacy notice for details.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top tells you when it last changed. We’ll flag material changes by email.

Contact

Questions about your data? Email hello@saidandkept.com.

Company details

Moken Digital Ltd is a company registered in England and Wales.
Company number: 12831534.
Registered office: Apollo House, Hallam Way, Whitehills Business Park, Blackpool, England, FY4 5FS.

Privacy policy · Said & Kept · Said & Kept