Privacy Policy

bestmen.ai is a best man speech writing service, operated as a UK-based business. For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller.

If you have any questions about how we handle your personal data, please contact us at: hello@bestmen.ai

We collect the following categories of personal data:

• Account data: your email address, used to send your magic link login and deliver your completed speech.
• Quiz responses: the answers you provide during the speech questionnaire — including names (yours, the groom's, the bride's), personal memories, anecdotes, and wedding details.
• Payment data: payment processing is handled entirely by Stripe. We do not store your card details. Stripe may share a transaction ID and billing email with us for order reference.
• Usage data: basic analytics such as pages visited, browser type, and device type. We do not use intrusive tracking or third-party advertising cookies.
• Communications: any correspondence you send us by email or via the refinement request form.

We use your personal data only for the following purposes:

• To provide the bestmen.ai service — generating your speech, delivering it by email, and processing refinement requests.
• To authenticate your identity via magic link (powered by Supabase).
• To process payments via Stripe.
• To respond to customer support queries.
• To comply with our legal obligations.

We do not use your quiz responses, speech content, or personal stories for any marketing, profiling, or advertising purposes. We do not sell your data to third parties.

Your quiz answers are passed to an AI language model (Anthropic Claude) to generate your speech. This processing is carried out on Anthropic's infrastructure. We do not retain your data on Anthropic's systems beyond the time needed to process your request. Anthropic's privacy practices are governed by their own privacy policy, available at anthropic.com/legal/privacy.

We do not use your personal data or generated speech to train AI models.

We rely on the following legal bases under UK GDPR:

• Contract performance: processing your quiz data and delivering your speech is necessary to fulfil our contract with you.
• Legitimate interests: basic usage analytics to improve the service, where this does not override your rights.
• Legal obligation: retaining transaction records to meet financial and tax obligations.

We share your data with the following processors only, under appropriate data processing agreements:

• Supabase — database and authentication infrastructure
• Stripe — payment processing
• Anthropic — AI speech generation
• Resend — transactional email delivery
• Vercel — hosting infrastructure

We do not share your data with any other third parties unless required to do so by law.

We retain your account data and speech content for as long as your account is active, or until you request deletion. Payment records are retained for seven years in accordance with UK financial regulations. Quiz answers and generated speeches are deleted upon account deletion request.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (right to erasure)
• Object to or restrict processing of your data
• Data portability — receive your data in a commonly used, machine-readable format
• Withdraw consent where processing is based on consent

To exercise any of these rights, email us at hello@bestmen.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use only essential cookies required for the service to function (authentication session tokens). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. You can disable cookies in your browser settings, though this may prevent you from logging in.

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and use of reputable third-party infrastructure. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. Where changes are material, we will notify users by email.