Privacy
LinenInvite is designed around trusted guest experiences and careful tenant separation. This page summarizes the product posture; formal legal policy documents can be added before broad public launch.
Guest sites resolve through private links and privacy checks before private details are shown. Open, password, and guest-match modes are enforced on the server, including side routes such as RSVP, address collection, intent, and calendar links.
The platform uses row-level security as the tenant data boundary. Runtime code accesses data through repositories and tenant context rather than privileged database clients.
Guest-facing pages read the published guest site. Draft edits do not become public simply because someone has a link.
Public intake submissions land in a pending or duplicate-review state before they become official household, guest, invitation, or send records.
Export artifacts and share links are private, expiring, revocable, and audited. Limited vendor access is designed around resource-specific grants rather than broad workspace access.
Registry and cash-fund references use external links only. LinenInvite does not collect card data or process native gift payments in this stage.
Product analytics are separate from audit and store bounded event names plus safe context only. They do not collect passwords, raw guest details, invitation tokens, IP addresses, full user agents, or full referrer URLs.