Last updated: 28 February 2026
Every byte exchanged between your device and EZWeddingz is encrypted using TLS 1.2 or TLS 1.3 (HTTPS). This applies to:
www.ezweddingz.com)HTTP Strict Transport Security (HSTS) is enforced — browsers will refuse to load the site over plain HTTP for one year after the first secure visit.
On top of database-level encryption, the following fields are additionally encrypted at the application layer before they ever touch the database, using AES-128 + HMAC-SHA256 (Fernet):
The encryption key is stored separately from the database. Even an attacker with full database access cannot read these fields without the application-layer key.
Every response from our API includes hardened security headers:
frame-ancestors 'none' — protects against clickjackingIf you believe you've found a vulnerability, please email security@ezweddingz.com. We acknowledge reports within 48 hours and aim to remediate critical issues within 7 working days.
Please don't publicly disclose until we've had a chance to fix it. We don't currently run a paid bug-bounty programme, but we'll acknowledge you in our security hall of fame and send a thank-you gift for substantive reports.

Discover & book verified wedding venues. Pin it to your home screen for one-tap access.