Data minimization
The intake asks for wedding constraints and contact details only. It should not request documents, card data, passports, or legal paperwork.
Trust
Data security and launch boundaries.
Wedding planning can involve sensitive preferences and financial context, so the V1 intake is intentionally minimized.
Backend boundary
API routes validate, persist to the configured production database, create admin review tasks, and audit submissions. If DATABASE_URL is missing, live submissions are refused rather than silently discarded.
Supplier access
Future supplier dashboards should use authenticated roles, scoped access, and audit trails before showing couple details.
AI review
AI-generated packages, quotes, and supplier messages should be source-checked and human-reviewed before customer reliance.
Consent gating
Non-essential analytics, advertising, and replay must be gated by region and Cookiebot consent in regulated regions.
Launch checklist
Before production: configure real processors, DPAs, retention rules, access controls, incident response, and legal notices.