Ceranova
Ceranova

Privacy Policy

Last updated: 16 June 2026

1. Who we are

Ceranova is an all-in-one CRM for UK wedding and funeral celebrants. This service is operated by Samuel Stevens, trading as Ceranova (“we”, “us”, “our”).

Contact: hello@ceranova.co.uk
Registered address: 89 Havisham Drive, Swindon, SN25 1BS
ICO registration number: Registration in progress

2. Our two roles — controller and processor

It is important to be clear about who is responsible for which data, because Ceranova plays two different roles under UK data protection law:

  • Your account data — we are the controller. For the data about you as a celebrant (your email, name, business name and billing status), Ceranova is the data controller and decides how it is used.
  • Your clients’ data — you are the controller, we are the processor. For the personal data you enter about your own clients (couples, families and the deceased), you are the controller. Ceranova acts only as your processor, handling that data on your instructions to provide the service.

This policy explains what we do as a controller of your account data. As processor of your clients’ data, we act on your instructions — you remain responsible for giving your clients their own privacy information and for having a lawful basis to hold their data.

Because we act as your processor for your clients’ data, a Data Processing Agreement governs that relationship; it is available on request by emailing hello@ceranova.co.uk.

3. What we collect and why

  • Account data: your email address, name and business name. Sign-in is handled by Supabase Auth or by signing in with Google — we do not see or store your password.
  • Billing status: whether you are on a trial or have paid. Card payments are handled by Stripe — we never see or store your card number.
  • Client and ceremony data you enter: details of your clients, ceremonies, scripts, invoices, and any documents or files you upload. This may include special-category data (for example religious or belief details, or family and health context in funeral work), which we handle with extra care.
  • Technical and audit data: standard technical logs and an internal access audit log, kept to keep the service secure and to record key actions and changes to your data.

4. Our lawful bases

For the account data we control, we rely on:

  • Contract — to create your account and provide the service you have signed up for.
  • Legitimate interests — to keep the service secure, prevent abuse, and maintain our audit log.
  • Consent — only where we specifically ask for it, such as enabling optional AI features on a ceremony.

For your clients’ data, you set the lawful basis as the controller.

Where your clients’ data includes special-category data (Article 9 UK GDPR — for example religious belief, or health and family context), you as the controller must also have a separate Article 9 condition for holding it (for example explicit consent). Ceranova processes this data only on your instructions.

5. Sub-processors

We use a small number of trusted service providers to run Ceranova. Each only processes the data needed for its purpose:

ProviderPurposeLocation
SupabaseDatabase and file hostingLondon, UK
StripePayment processingUK / EU
ResendTransactional emailEU (Ireland)
VercelApplication hostingMay process outside the UK
Google (Gemini AI)AI features — only when you enable AI on a ceremony; the data sent is minimisedMay process outside the UK

Where Google or Vercel may process data outside the UK, this is done under appropriate safeguards: the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, and UK adequacy regulations where they apply.

6. How long we keep data

  • Client data automatically deletes 7 years after the relevant ceremony or closure.
  • Account data is kept while your account is active, and is deleted when you close your account.

7. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected (rectification);
  • have your data deleted (erasure);
  • restrict how we use your data;
  • receive your data in a portable format;
  • object to certain processing;
  • withdraw consent — where we rely on your consent (such as enabling optional AI features), you can withdraw it at any time, as easily as you gave it;
  • receive information about international transfers — where your data is transferred outside the UK, you can ask us for details of the safeguards in place.

Ceranova includes a built-in “Download all my data” export in your account settings, which covers your right to portability. To exercise any other right, email us at hello@ceranova.co.uk.

8. Cookies

We only use essential session and authentication cookies needed to keep you signed in and to keep the service secure. We do not use advertising or marketing trackers.

9. Security

Your data is encrypted in transit. Each user’s data is isolated at the database level using per-user row-level security, so one celebrant can never see another’s data. Key actions and changes to your data are recorded in an audit log.

10. Complaints

If you are unhappy with how we handle your data, you can complain to the UK’s data protection regulator, the Information Commissioner’s Office (ICO), at ico.org.uk (opens in a new tab). We would appreciate the chance to put things right first, so please contact us too.

11. Marketing list

When you request our free ceremony-script pack, we collect your first name and email address, with your explicit consent, to send you the pack and occasional Ceranova emails for celebrants (tips, product updates and offers). This is separate from any Ceranova account — you can be on the marketing list without being a customer.

  • Lawful basis (marketing emails): Consent (UK GDPR Article 6(1)(a); PECR). We only email you because you asked us to.
  • What we collect: your first name and email address — nothing else.
  • Retention: if you request the pack but never click the confirmation link, we delete the entry after about 30 days. If you unsubscribe, we keep a minimal record of your email address as a suppression entry — relying on our legitimate interest (UK GDPR Article 6(1)(f)) in making sure we never email you again. Confirmed subscribers are kept while the marketing list is active.
  • How to unsubscribe: click the unsubscribe link in any email we send, or email us at hello@ceranova.co.uk. We act on it straight away.
  • Right to withdraw consent: you can withdraw consent at any time, as easily as you gave it. Withdrawal does not affect any processing done before you withdrew.
  • Right to erasure: you can ask us to delete your details from the marketing list entirely by emailing hello@ceranova.co.uk. If we erase you, we no longer hold the minimal suppression record we would otherwise keep to ensure we never contact you again.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page.

Last updated: 16 June 2026