Privacy Policy - PartyPlay
Effective Date: October 25, 2025
Last Updated: October 25, 2025
WHO WE ARE
PartyPlay is a party coordination platform that helps you create memorable celebrations.
WHAT WE COLLECT
When You Use PartyPlay:
- Email address (for account access)
- Party details (event name, theme, date)
- Photos/videos you upload (displayed during your party)
- AI prompts you submit (to generate party content)
- IP address (for security only)
What We DON'T Collect:
- ❌ We don't track you across websites
- ❌ We don't sell your data
- ❌ We don't show you ads
- ❌ We don't use analytics or behavioral tracking
HOW WE USE YOUR INFO
We use your information ONLY to:
- Run your party (display photos, generate content, coordinate activities)
- Communicate about your party
- Improve our service
- Prevent fraud and abuse
We NEVER:
- ❌ Sell or rent your data
- ❌ Use it for advertising
- ❌ Share it with third parties (except as below)
WHO WE SHARE WITH
AI Providers (For Content Generation)
When you use AI features, we send your text prompts to:
They receive: Only your text prompts (e.g., "create a superhero theme")
They DON'T receive: Your photos, email address, party details, or personal identifiers
Their policies: We configure APIs for minimal data retention where available
Data Processing Agreements: We maintain Data Processing Agreements (DPAs) with AI providers to ensure GDPR compliance
Your Responsibility: Review third-party AI provider privacy policies before using AI features. We are not responsible for their data practices.
Hosting Provider
- Vultr (Seattle, WA, USA) - Infrastructure provider only, no access to your data content
- Data Processing Agreement in place for GDPR compliance
- SOC 2 Type II certified data center
Payment Processors (If You Use Paid Features)
- Stripe or PayPal (if applicable)
- We do NOT store credit card information on our servers
- Payment data is handled directly by payment processors
- Subject to their respective privacy policies
No One Else
We do NOT share your data with:
- ❌ Advertisers or marketing companies
- ❌ Data brokers
- ❌ Analytics providers (we don't use analytics)
- ❌ Social media platforms
- ❌ Any third party for their own commercial purposes
Legal Disclosure
We may disclose information if required by:
- Valid subpoena or court order
- Government investigation or legal process
- Emergency involving danger to a person
- Enforcement of our Terms of Service
We will notify you of legal disclosure requests unless prohibited by law or court order.
DATA RETENTION
Automatic Deletion (72 Hours)
ALL party data is deleted 72 hours after your party ends, including:
- Party details
- Photos and videos
- AI-generated content
- Session data
What We Keep (Legal Compliance)
- Security logs: 30 days
- Account records: Until you delete your account
You Control Everything
- Delete your account anytime
- Download your data anytime
- Request immediate deletion
YOUR RIGHTS (GDPR, LGPD, PIPEDA, CCPA)
Under applicable privacy laws (GDPR, LGPD, PIPEDA, CCPA), you have the following rights:
Right to Access (GDPR Art. 15)
- Request a copy of all personal data we hold about you
- Receive information about how we process your data
- How: Email privacy@partyplay.me or view in Account Settings dashboard
Right to Rectification (GDPR Art. 16)
- Correct inaccurate or incomplete personal data
- How: Update in Account Settings or email privacy@partyplay.me
Right to Erasure / "Right to be Forgotten" (GDPR Art. 17)
- Request deletion of all your personal data
- We will delete within 24 hours (except legal retention requirements)
- How: Click "Delete All My Data" in Account Settings or email privacy@partyplay.me
Right to Data Portability (GDPR Art. 20)
- Download all your data in machine-readable format (JSON)
- Transfer your data to another service
- How: Click "Export Data" in Account Settings or email privacy@partyplay.me
Right to Restrict Processing (GDPR Art. 18)
- Limit how we process your data
- How: Email privacy@partyplay.me with specific restrictions
Right to Object (GDPR Art. 21)
- Object to processing based on legitimate interests
- How: Email privacy@partyplay.me
Right to Withdraw Consent
- Withdraw consent at any time (where processing is based on consent)
- Withdrawal stops future processing but doesn't affect past processing
- How: Email privacy@partyplay.me or delete your account
Right to Lodge a Complaint
- File a complaint with your data protection authority if unsatisfied with our response
- USA: Federal Trade Commission (ftc.gov)
- EU/EEA: Your national supervisory authority
- Canada: Office of the Privacy Commissioner (priv.gc.ca)
- Brazil: ANPD (gov.br/anpd)
We respond to all data rights requests within 30 days (or sooner as required by law).
No fee for requests unless clearly excessive or repetitive.
We may request verification of your identity before processing requests to protect your data.
DATA SECURITY
We protect your data with:
- ✅ Database encryption (AES-256)
- ✅ HTTPS/TLS for all connections
- ✅ Access controls (minimum necessary)
- ✅ Regular security updates
- ✅ No team access to your data
- ✅ SQL injection prevention (prepared statements)
- ✅ XSS protection (input sanitization)
Data Breach Notification
In the event of a data breach that affects your personal information:
- We will notify you within 72 hours of discovering the breach
- We will notify relevant authorities as required by law (GDPR Article 33, state breach notification laws)
- We will provide details on:
- Nature of the breach (what data was affected)
- Likely consequences
- Measures we're taking to address the breach
- Measures you can take to protect yourself
- Notification method: Email to your registered address plus website banner
We maintain an incident response plan to quickly detect, respond to, and mitigate data breaches.
AGE REQUIREMENTS & CHILDREN'S DATA
You must be 18+ to create an account.
If You're Under 18
PartyPlay is a general-purpose platform, not directed at children. However, if someone under 18 wishes to use the service:
Parent/Guardian MUST:
- Be at least 18 years old
- Create and control the account
- Provide explicit consent to data processing
- Supervise all use of the service
- Be present during parties if minors are using photo features
- Assume all responsibility and liability for the minor's use
We collect minimal data: Only party theme preferences and photos uploaded (no names, birthdates, addresses, or sensitive information about minors).
Parents retain all rights described in this policy on behalf of their children, including immediate deletion rights.
We Do NOT Knowingly Collect Data from Unsupervised Children
If we discover data was collected from a child under 18 without parental consent, we will delete it immediately. Contact us at privacy@partyplay.me if you believe this has occurred.
PHOTO PRIVACY
Important: When you upload photos to a party, they may include other people.
You're responsible for:
- Obtaining consent from people you photograph
- Respecting others' privacy preferences
- Using photos only in the private party context
We're responsible for:
- Storing photos securely
- Deleting after 72 hours
- Not sharing beyond your party
INTERNATIONAL USERS & DATA TRANSFERS
Data Location: Our servers are located in Seattle, Washington, USA (Vultr data center).
Cross-Border Data Transfers
If you use PartyPlay from outside the United States, your data will be transferred to and processed in the USA.
For EU/EEA users:
- We comply with GDPR (General Data Protection Regulation)
- Data transfers use Standard Contractual Clauses (SCCs) approved by the European Commission
- You have all rights under GDPR (access, rectification, erasure, portability, restriction, objection)
For Brazil users:
- We comply with LGPD (Lei Geral de Proteção de Dados)
- Data transfers to USA use safeguards under LGPD Article 33
- You have same rights as GDPR (access, correction, deletion, portability)
- Contact ANPD (National Data Protection Authority): gov.br/anpd
For Canada users:
- We comply with PIPEDA (Personal Information Protection and Electronic Documents Act)
- USA has substantially similar privacy protections (adequacy finding)
- Contact Office of the Privacy Commissioner: priv.gc.ca
Highest Standard Applied: Regardless of your location, we apply GDPR-level protections to ALL users globally.
By using PartyPlay, you acknowledge and consent to the transfer of your data to the United States for processing.
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
For Material Changes (affecting data collection, use, sharing, or your rights):
- We'll email you 30 days in advance at your registered email
- We'll display a prominent notice banner on our website
- We'll update the "Last Updated" date at the top of this policy
- For significant changes affecting children's data (if applicable), we'll obtain renewed parental consent
- You may review changes before they take effect
- Continued use after effective date = acceptance of new policy
For Non-Material Changes (typos, clarifications, contact info updates):
- We'll update the "Last Updated" date only
- No advance notice required
- Changes effective immediately upon posting
Version History & Transparency: Previous versions of this Privacy Policy are available upon request at privacy@partyplay.me. We maintain a changelog of all material policy updates for your review.
Your Options: If you disagree with updated policy:
- Stop using the service before the effective date
- Delete your account and all data
- Contact us with concerns at privacy@partyplay.me
Notification Methods: We will use the email address on file. It is your responsibility to keep your contact information current.
COMPLIANCE
We comply with:
- GDPR (EU General Data Protection Regulation)
- LGPD (Brazil Data Protection Law)
- PIPEDA (Canada Privacy Law)
- CCPA (California Consumer Privacy Act)
If you're unsatisfied: Contact your local data protection authority.
Last Updated: October 25, 2025 • Version: 2.0 - General Purpose