JCKFRUT (Pty) Ltd (“JCKFRUT,” “we,” “our,” or “us”) is a company incorporated in South Africa (Company Registration No.: K202006630707), with its principal place of business at 11th–14th Floor, Touchstone House, 7 Bree St, Cape Town City Centre, Cape Town, 8001.
We operate the wedding management platform at https://wedding.jckfrut.co (the “Platform”), which allows couples to create digital wedding invitations, manage guest lists, coordinate with vendors, and plan their wedding events.
This Privacy Policy explains how we collect, use, store, share, and protect personal information in connection with the Platform. It applies to all users of the Platform, including couples who create accounts, guests who submit RSVPs, and vendors or other individuals who are invited as collaborators.
JCKFRUT acts as the Responsible Party (as defined in POPIA) and as the Data Controller (as defined in the GDPR) for personal information we collect directly. For personal information about wedding guests that couples upload to the Platform, JCKFRUT acts as the Operator (POPIA) or Data Processor (GDPR) on behalf of the couple.
Our Information Officer can be contacted at privacy@jckfrut.co.
We only process personal information where we have a lawful basis to do so. Below are our processing purposes and the legal basis for each under POPIA and, where applicable, the GDPR.
Create and manage your wedding account and project
Data used: Names, contact details, event details, login credentials
Legal basis: Contract (POPIA s.11(1)(b)); Contract performance (GDPR Art. 6(1)(b))
Send and manage wedding invitations and RSVPs
Data used: Guest names, email addresses, RSVP responses
Legal basis: Legitimate interest (POPIA); Legitimate interests (GDPR Art. 6(1)(f))
Provide guest list, seating, dietary, and transport management tools
Data used: Guest names, dietary needs, seating assignments, transport requirements
Legal basis: Contract; legitimate interest (POPIA); Contract performance (GDPR Art. 6(1)(b))
Store and deliver in-platform chat and email notifications
Data used: Chat messages, email addresses
Legal basis: Contract; legitimate interest (POPIA); Contract performance; legitimate interests (GDPR Art. 6(1)(b) and (f))
Enable vendor and collaborator access controls
Data used: Vendor name, email, scoped access data
Legal basis: Contract; legitimate interest (POPIA); Contract performance (GDPR Art. 6(1)(b))
Process payments (via Paystack)
Data used: Transaction reference, tier selected, amount paid
Legal basis: Contract; legal obligation (POPIA); Contract performance; legal obligation (GDPR Art. 6(1)(b) and (c))
Send itinerary, thank-you, and event-related emails
Data used: Guest names, email addresses, event details
Legal basis: Legitimate interest; consent where required (POPIA); Legitimate interests (GDPR Art. 6(1)(f))
Maintain platform security and prevent fraud
Data used: IP addresses, login activity, usage patterns
Legal basis: Legitimate interest (POPIA and GDPR Art. 6(1)(f))
Improve platform performance and features
Data used: Usage data, cookies, aggregated behavioural data
Legal basis: Legitimate interest (POPIA and GDPR Art. 6(1)(f))
Comply with legal and tax obligations
Data used: Transaction records, invoices, account data
Legal basis: Legal obligation (POPIA s.11(1)(c)); Legal obligation (GDPR Art. 6(1)(c))
Send marketing communications
Data used: Account holder email address
Legal basis: Consent/opt-in (POPIA); Consent (GDPR Art. 6(1)(a))
Operate the Affiliate Program and pay commissions
Data used: Affiliate name, email, activity data, commission records, bank account details
Legal basis: Contract (POPIA s.11(1)(b)); Contract performance; legal obligation (GDPR Art. 6(1)(b) and (c))
We do not process personal information for purposes incompatible with those listed above without first obtaining consent or establishing a new lawful basis.
JCKFRUT is based in South Africa. Where we transfer personal information to, or store it in, countries outside South Africa, we ensure that appropriate safeguards are in place.
For transfers from South Africa: we comply with the requirements of POPIA Section 72. We only transfer personal information to countries that have adequate data protection laws in place, or where we have put appropriate contractual protections in place.
For transfers from the EEA or UK: where we transfer personal data outside the EEA or UK (including to South Africa), we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms such as the UK International Data Transfer Agreement (IDTA). Where an adequacy decision covers the relevant country, we will rely on that instead.
Where none of the above safeguards apply: we will seek your explicit consent before making the transfer.
Transfers to our Sub-Processors (including cloud hosting, email delivery, and AI service providers) are covered by data processing agreements that include the appropriate transfer mechanisms.
We retain personal information only for as long as is necessary for the purposes for which it was collected, or as required by applicable law.
Couple account information
Retention: Duration of account, plus a reasonable period thereafter
Reason: To fulfil contractual obligations, resolve disputes, and comply with legal requirements.
Invitation and event data (guest lists, RSVPs, seating, dietary, transport)
Retention: Event date plus 90 days
Reason: Standard post-event administrative period. Backup copies purged within 30 days of deletion from active systems.
Chat Records
Retention: 24 months after Event date
Reason: Retained as a verifiable communication record to assist in resolving vendor disputes.
Transaction records
Retention: 5 years minimum
Reason: JCKFRUT does not store payment card data. We retain only transaction records and invoices as required by South African tax and financial legislation.
Technical and usage data
Retention: Up to 12 months
Reason: Security monitoring, fraud prevention, and platform performance.
Backup copies
Retention: Up to 30 days after deletion from active systems
Reason: Standard backup cycle. Purged on schedule.
Affiliate account information
Retention: Duration of account, plus 30 days after account closure
Reason: To fulfil contractual and payment obligations.
Affiliate bank account details
Retention: Duration of account, plus 30 days after account closure
Reason: Used solely for processing commission payments by bank transfer. Not shared with Paystack. Deleted promptly after account closure.
Affiliate commission and payment records
Retention: 5 years minimum
Reason: Required by South African tax and financial legislation (SARS).
Early Deletion Requests
You may request deletion of your personal information at any time by contacting privacy@jckfrut.co. We will comply within 30 days unless a legal obligation requires us to retain it.
Legal and Compliance Holds
We may retain personal information beyond the standard periods above where required by applicable law, regulation, court order, or for the establishment, exercise, or defence of legal claims.
Secure Disposal
When personal information is no longer required, we securely delete or permanently de-identify it so it cannot be reconstructed.
The Platform includes AI-powered features, including AI Seating Suggestions and the Auto-build Itinerary tool. These features use guest data (such as names, household groupings, and RSVP status) to generate suggested outputs.
The outputs of these features are recommendations only. No legally or similarly significant decision about any individual is made solely through automated processing. All final decisions, including seating arrangements, are made by the couple. EEA and UK users’ rights under GDPR Article 22 are therefore not engaged.
Guest data used by AI features is processed only to provide the relevant suggestion within your wedding project. It is not used to train third-party AI models or shared with AI providers for any purpose beyond generating the requested output for your project.
We will only send you marketing communications (such as promotional emails or product updates) if you have explicitly opted in. You may withdraw consent at any time by:
• Clicking the unsubscribe link in any marketing email; or
• Contacting us at privacy@jckfrut.co.
Withdrawing marketing consent does not affect the service-related communications you receive (for example, account notices, RSVP updates, or chat notifications), which are necessary to provide the Services and cannot be disabled while your account is active.
We may update this Privacy Policy from time to time to reflect changes in the Platform, our business operations, or applicable law. When we make material changes, we will:
• Update the “Last Updated” date at the top of this policy.
• Post the revised policy on the Platform.
• For material changes, notify account holders by email at least 14 days before the changes take effect.
Your continued use of the Platform after the effective date of a revised policy constitutes acceptance of the changes. If you do not agree with the updated policy, you may close your account by emailing wedding.support@jckfrut.co.
Hello! It's good to have you here!
Please login to design, view and/or edit your invitation(s).
Register
One step closer to a lovely invitation
Look for corresponding annotations on the form and the invitation you will be making
Look for corresponding annotations on the form and the invitation you will be making
Look for corresponding annotations on the form and the invitation you will be making
