Terms of Service

By accessing or using Anvaya (“the Service”), operated by Automorphism LLC (“Anvaya,” “we,” “us,” or “our”), available at anvaya.love and all associated subdomains, you (“you,” “your,” or “User”) agree to be bound by these Terms of Service (“Terms”). If you do not agree to these Terms, you may not use the Service.

These Terms apply to all users of the platform, including couples, family members, contributors, guests accessing RSVP or invite pages, and those who interact with the Service via AI assistant integrations (such as ChatGPT, Claude, Cursor, Gemini, or other MCP-compatible clients). Connecting an AI assistant to your Anvaya account constitutes acceptance of these Terms on behalf of any actions that assistant performs.

Anvaya is a multi-tenant wedding planning platform that provides tools for managing guest lists, events, budgets, vendors, tasks, wedding websites, and related wedding planning activities. Each wedding receives its own subdomain (e.g., priya-arjun.anvaya.love) and a customizable public-facing website.

The Service also offers AI assistant integration through the Model Context Protocol (MCP) and OAuth 2.1, allowing authorized external AI assistants to read and modify your wedding data on your behalf within the scopes you authorize.

AI assistant features are provided as a convenience. The Service facilitates communication between you, your wedding data, and the connected AI assistant but does not control the AI assistant's responses, behavior, or accuracy.

You must be at least 18 years of age and have the legal capacity to enter into a binding agreement to use the Service. By using the Service, you represent and warrant that you meet these requirements.

By creating an account, you acknowledge that you have read and understood our Privacy Policy, which describes how we collect, use, and protect your personal information.

To use the Service, you must create an account with accurate, current, and complete information. You are responsible for maintaining the accuracy of your account information and for keeping your login credentials secure and confidential.

You are responsible for all activities that occur under your account, whether initiated by you directly, by a family member or contributor you have invited, or by an AI assistant you have authorized.

You must promptly notify us at legal@anvaya.love of any unauthorized use of your account, any security breach, or any compromise of your credentials.

You agree to:

• Provide accurate information when creating and maintaining your account
• Use the Service only for lawful purposes related to wedding planning
• Review and verify any changes made by AI assistants before relying on them for important wedding planning decisions
• Not attempt to circumvent security measures or access controls
• Not use the Service to store or transmit malicious content

Data Controller Duties (GDPR). If you enter personal information about your wedding guests (such as names, email addresses, phone numbers, dietary requirements, or mailing addresses) into the Service, you acknowledge and agree to the following:

• You are the data controller for the guest personal information you enter into Anvaya. Anvaya acts as a data processor on your behalf (see Section 9 for the full Data Processing Terms).
• Lawful basis. You must have a lawful basis under applicable data protection law (such as legitimate interest or consent) for entering each guest's personal data into the Service.
• Informing guests. You must inform your guests that their personal data is stored in Anvaya and direct them to our Privacy Policy so they can understand how their information is processed.
• Guest data requests. You are responsible for responding to or forwarding any data subject access requests, correction requests, or deletion requests from your guests. If you need assistance fulfilling such requests, you may contact us at legal@anvaya.love.
• Purpose limitation. You must not use Anvaya to process guest personal data for any purpose other than wedding planning and related communications.

You may not use the Service to engage in any of the following prohibited activities:

• Harassment, threats, intimidation, or abusive behavior toward other users, guests, or any individual
• Uploading, storing, or transmitting illegal, defamatory, obscene, or infringing content
• Misusing guest personal data, including selling, sharing, or disclosing it outside the wedding planning context
• Scraping, crawling, or automated access to the Service beyond authorized MCP integrations
• Attempting to access other users' wedding data, accounts, or subdomains without authorization
• Using the Service to send unsolicited or bulk communications to guests or any third parties
• Interfering with, disrupting, or placing an unreasonable burden on the Service or its underlying infrastructure

Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account without prior notice.

When you authorize an AI assistant to access your Anvaya account through OAuth 2.1 and the Model Context Protocol (MCP):

• OAuth scopes. You grant the assistant permission to access and modify your wedding data within the scopes you authorize. The wedding:read scope permits read-only access to your wedding data; wedding:write permits modifications including adding, updating, and deleting records.
• Attribution. Actions taken by the AI assistant are considered actions taken by you and are subject to these Terms. You are responsible for reviewing changes made by AI assistants.
• No accuracy guarantee. Anvaya does not guarantee the accuracy, completeness, or appropriateness of AI-generated suggestions, modifications, or responses.
• Revocation. You may revoke an AI assistant's access at any time, which immediately terminates its ability to interact with your data. Revocation does not undo changes the assistant has already made.

AI assistants connected to Anvaya are third-party services not operated or controlled by us. Anvaya is not responsible for:

• The accuracy or reliability of AI-generated content or suggestions
• Errors, omissions, or unintended modifications made by AI assistants to your wedding data
• The data handling practices of third-party AI assistant providers once data leaves our servers via API responses
• Service interruptions, outages, or discontinuation of third-party AI platforms
• Any decisions you make based on AI-generated suggestions, including but not limited to vendor selection, budget allocations, and event scheduling

We strongly recommend reviewing any changes made by AI assistants, especially for critical wedding planning details such as guest lists, event dates, budget amounts, and vendor contracts.

This section constitutes a Data Processing Agreement (“DPA”) between you (the “Controller”) and Automorphism LLC (the “Processor”), as required under Article 28 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This DPA applies to all processing of personal data that Anvaya performs on your behalf.

9.1 Scope and Roles

You, as the couple or wedding organizer, are the data controller for all personal data of your wedding guests that you enter into, upload to, or otherwise provide through the Service. This includes but is not limited to guest names, email addresses, phone numbers, mailing addresses, dietary requirements, plus-one information, RSVP responses, and any other personal data you store in Anvaya.

Anvaya (Automorphism LLC) is the data processor, processing guest personal data solely on your behalf and in accordance with your documented instructions for the purpose of providing the wedding planning Service.

9.2 Processing Instructions

The Processor shall process personal data only on documented instructions from the Controller. For the purposes of this DPA, documented instructions include:

• Actions you perform through the Service's user interface (adding guests, sending invitations, managing RSVPs, updating records)
• Actions performed by AI assistants you have authorized via OAuth, within the scopes you granted (wedding:read, wedding:write)
• Written instructions you provide to us via email at legal@anvaya.love

If we are required by applicable law to process personal data beyond your instructions, we will inform you of that legal requirement before processing, unless prohibited by law from doing so.

9.3 Confidentiality

All personnel of the Processor who have access to personal data processed under this DPA are bound by obligations of confidentiality, whether by contract or statutory duty. We ensure that access to personal data is limited to those personnel who require it to perform the Service.

9.4 Security Measures

The Processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption in transit via TLS for all data transmitted between clients, edge servers, and backend infrastructure
• Cryptographic integrity using SHA-256 hashing for webhook signatures (HMAC), token storage, and PKCE code verifiers
• Role-based access control (RBAC) with a four-tier permission hierarchy ensuring users can only access and modify data appropriate to their role
• OAuth 2.1 with PKCE for AI assistant authentication, ensuring secure token exchange without exposing credentials
• Token-based guest access with unique, non-guessable tokens for RSVP and invite links, preventing unauthorized access to guest data
• Infrastructure isolation with separate staging and production environments, dedicated database instances, and environment-specific secrets

For a complete description of our security measures, please refer to our Privacy Policy.

9.5 Sub-Processors

The Processor engages sub-processors to assist in providing the Service. A current list of sub-processors and their purposes is maintained in our Privacy Policy.

We will provide you with at least 30 days' prior written notice before engaging any new sub-processor that will process personal data on your behalf. This notice will be communicated via the email address associated with your account and/or by updating the sub-processor list in our Privacy Policy.

You have the right to object to the engagement of a new sub-processor on reasonable grounds related to data protection. If you object and we cannot reasonably accommodate your objection, either party may terminate the affected processing by deleting the relevant data and, if necessary, the account.

9.6 Data Subject Requests

The Processor will assist the Controller in fulfilling data subject requests under GDPR Articles 15–22 (access, rectification, erasure, restriction, portability, and objection). If we receive a request directly from one of your guests, we will promptly direct that guest to you as the data controller, unless we are legally required to respond directly.

We provide self-service tools (guest data export, guest deletion) and will respond to Controller assistance requests within a reasonable timeframe.

9.7 Breach Notification

In the event of a personal data breach affecting data processed under this DPA, the Processor will notify the Controller without undue delay after becoming aware of the breach. The notification will include, to the extent available:

• The nature of the personal data breach
• The categories and approximate number of data subjects and personal data records affected
• The likely consequences of the breach
• The measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects

We will cooperate with you and provide all information reasonably necessary to enable you to fulfil your own breach notification obligations under GDPR Articles 33 and 34.

9.8 Data Deletion

Upon termination of your account or upon your written request, we will delete all personal data processed on your behalf within 30 days, unless retention is required by applicable law. This includes all guest records, RSVP data, vendor communications, and any other personal data associated with your wedding.

Backup copies will be purged within 7 days following the completion of the primary deletion. We will provide written confirmation of deletion upon request.

9.9 Audit and Compliance

The Processor will make available to the Controller all information reasonably necessary to demonstrate compliance with the obligations set out in this DPA and GDPR Article 28.

The Processor will cooperate with reasonable audit requests from the Controller or the Controller's designated auditor, subject to reasonable advance notice (at least 30 days), confidentiality obligations, and conducted during normal business hours. The Controller shall bear the costs of any such audit unless the audit reveals material non-compliance by the Processor.

The Service relies on third-party providers to deliver its functionality. These providers operate under their own terms and privacy policies, and Anvaya is not liable for their outages, data handling practices, or policy changes.

• Cloudflare — content delivery, edge compute (Workers), object storage (R2), key-value storage (KV), email routing, and DNS
• Amazon Web Services (AWS) — relational database hosting (RDS PostgreSQL)
• OpenAI — AI-powered vendor data extraction from emails and documents
• PostHog — product analytics and usage tracking
• Google — Maps JavaScript API and Places API for venue search, location autocomplete, and geocoding
• Resend — transactional email delivery

We encourage you to review the terms and privacy policies of these providers. A current list is also maintained in our Privacy Policy.

The Service is currently offered free of charge during its early-access period. No payment information is collected.

We reserve the right to introduce paid features or subscription tiers in the future. If we do, we will provide reasonable advance notice, clearly communicate the pricing and scope of paid features, and update these Terms accordingly.

Regardless of any future pricing changes, your data will never be held hostage. You will always retain the ability to export your data and delete your account, even if you choose not to subscribe to a paid tier.

The Service, including its software, design, user interface, features, graphics, documentation, and branding (including the Anvaya name and logo), is the exclusive property of Automorphism LLC and is protected by copyright, trademark, and other intellectual property laws. All rights not expressly granted herein are reserved.

You retain full ownership of the content you create, upload, and store on the platform, including wedding details, guest information, photos, and custom text.

By using the Service, you grant Anvaya a limited, non-exclusive, royalty-free, worldwide license to use, store, display, reproduce, and process your content solely for the purpose of providing, maintaining, and improving the Service. This includes displaying your content on your wedding website, generating exports, and processing data through AI features you initiate.

This license terminates when you delete the specific content or delete your account, subject to the data deletion timelines described in Section 9.8. We will not use your content for marketing, advertising, or any purpose unrelated to providing the Service without your explicit consent.

Self-service deletion. You may terminate your use of the Service at any time by deleting your account through the account settings. Account deletion is immediate and will cascade to remove all associated wedding data, guest records, events, budget items, vendor information, and website content, subject to the deletion timelines in Section 9.8.

Export before deletion. Before confirming account deletion, you will be presented with a confirmation dialog reminding you to export your data first. Once deletion is confirmed, your data cannot be recovered.

AI assistant access. You may revoke any AI assistant's access independently without closing your account.

Service shutdown. If we decide to discontinue the Service entirely, we will provide at least 90 days' prior notice via the email address associated with your account, during which time you will be able to export all of your data.

Suspension for violations. We reserve the right to suspend or terminate accounts that violate these Terms, engage in abusive behavior, or pose a risk to the security or integrity of the Service or other users' data. Where possible, we will provide notice and an opportunity to remedy the violation before termination, except where immediate suspension is necessary to protect the Service or comply with legal obligations.

In the event of a confirmed data breach affecting personal information processed through the Service:

• GDPR (Art. 33). We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of natural persons, where Anvaya is the data controller.
• GDPR (Art. 34). Where the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the breach to affected individuals without undue delay, describing the nature of the breach, likely consequences, and measures taken or recommended.
• CCPA (Cal. Civ. Code §1798.82). We will notify affected California residents in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach.

For all users, breach notifications will be sent to the email address associated with your account and will describe: the nature of the breach, what information was affected, the steps we are taking in response, and recommended actions for you to protect your data. We will comply with all applicable federal, state, and international breach notification laws.

For data you control as a couple (guest personal data), we will also comply with our breach notification obligations under Section 9.7 of this agreement to enable you to fulfil your own notification duties.

The Service is operated from the United States. Your data, including personal data of your wedding guests, is processed and stored on servers located in the United States (AWS US-East) and distributed through Cloudflare's global edge network.

If you or your guests are located outside the United States, including in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, your use of the Service involves the transfer of personal data to the United States.

We implement appropriate safeguards for international data transfers as described in our Privacy Policy, including reliance on standard contractual clauses and adequacy decisions where applicable.

You agree to indemnify, defend, and hold harmless Automorphism LLC (doing business as Anvaya), its officers, directors, employees, contractors, and agents from and against any and all claims, losses, damages, liabilities, and expenses (including reasonable attorneys' fees and court costs) arising from or related to:

• Your violation of these Terms
• Your misuse of guest personal data or failure to fulfil your obligations as a data controller under Section 5
• Actions taken by AI assistants that you authorized to access your account
• Content you upload to or create through the Service
• Your violation of any applicable law or regulation

Anvaya reserves the right to assume the exclusive defense and control of any matter subject to indemnification by you, at your expense. You agree to cooperate with our defense of such claims.

To the fullest extent permitted by applicable law, Automorphism LLC and its officers, directors, employees, contractors, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, goodwill, or other intangible losses, arising from or related to:

• Your use of or inability to use the Service
• Actions taken by AI assistants connected to your account, including erroneous modifications to your wedding data
• Unauthorized access to or alteration of your data
• Any third-party conduct, content, or services
• Any interruption, suspension, or termination of the Service

Our total aggregate liability for any and all claims arising from or related to the Service shall not exceed the total amount you have paid to Automorphism LLC in the twelve (12) months preceding the event giving rise to the claim. If you have not paid any amounts, our total liability shall not exceed one hundred US dollars ($100).

This limitation of liability applies regardless of the legal theory on which the claim is based, whether in contract, tort (including negligence), strict liability, or otherwise, and even if we have been advised of the possibility of such damages.

The Service is provided on an “as is” and “as available” basis, without warranties of any kind, whether express, implied, or statutory, including but not limited to implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.

Without limiting the foregoing, Anvaya does not warrant that:

• The Service will be uninterrupted, timely, secure, or error-free
• The results obtained from the Service (including AI-generated content) will be accurate, reliable, or complete
• Any defects or errors in the Service will be corrected
• The Service will meet your specific requirements or expectations

You use the Service at your own risk. Some jurisdictions do not allow the exclusion of implied warranties, so some of the above exclusions may not apply to you.

Informal Resolution. Before filing any formal legal proceeding, you agree to contact us at legal@anvaya.love and attempt to resolve the dispute informally for at least 30 days. Most disputes can be resolved through good-faith communication.

Binding Arbitration. If informal resolution fails, any dispute, claim, or controversy arising out of or relating to these Terms or the Service shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted in the State of Delaware. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

Class Action Waiver. You agree that disputes will be resolved on an individual basis only. You waive any right to participate in a class action, class arbitration, or any other representative or consolidated proceeding.

Small Claims Exception. Notwithstanding the above, either party may bring qualifying claims in small claims court in the State of Delaware, provided the claim falls within that court's jurisdictional limits.

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any legal proceedings not subject to the arbitration provisions in Section 20 shall be brought exclusively in the state or federal courts located in Delaware.

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible and the remaining provisions shall remain in full force and effect. The unenforceable provision shall be modified to the minimum extent necessary to make it enforceable while preserving its original intent.

These Terms of Service, together with our Privacy Policy and Cookie Policy, constitute the entire agreement between you and Automorphism LLC regarding your use of the Service and supersede all prior or contemporaneous communications, proposals, and agreements, whether oral or written.

Automorphism LLC may assign or transfer these Terms, and any rights and obligations hereunder, in whole or in part, in connection with a merger, acquisition, sale of assets, reorganization, or by operation of law, without your consent and without notice, provided that the assignee agrees to be bound by these Terms.

You may not assign or transfer these Terms or any rights or obligations hereunder without the prior written consent of Automorphism LLC. Any attempted assignment without consent shall be null and void.

Neither party shall be liable for any failure or delay in performing its obligations under these Terms (other than payment obligations) to the extent that such failure or delay results from circumstances beyond the affected party's reasonable control, including but not limited to:

• Natural disasters, earthquakes, floods, hurricanes, or severe weather
• Acts of government, regulatory actions, embargoes, or sanctions
• Pandemics, epidemics, or public health emergencies
• War, terrorism, civil unrest, or armed conflict
• Labor disputes, strikes, or lockouts
• Power outages, internet or telecommunications failures, or infrastructure disruptions
• Acts or omissions of third-party service providers (including cloud hosting, DNS, and CDN providers)

The affected party shall use reasonable efforts to mitigate the impact and resume performance as soon as practicable.

We may modify these Terms at any time. When we make changes, we will update the “Last updated” date at the top of this page. For material changes (such as changes to liability, data processing, or dispute resolution provisions), we will provide additional notice via the email address associated with your account and/or a prominent notice within the Service.

Your continued use of the Service after the revised Terms take effect constitutes your acceptance of the changes. If you do not agree to the revised Terms, you should discontinue use of the Service and delete your account.

If you have questions, concerns, or requests regarding these Terms of Service or the Data Processing Terms, please contact us at:

Automorphism LLC
Email: legal@anvaya.love

For data protection inquiries, data subject requests, or DPA-related matters, please include “Data Protection” in the subject line of your email.