Privacy Policy
Last Updated: January 2, 2025
1. Introduction
This Privacy Policy describes how PartyPilotAI ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website at https://partypilotai.com and our AI party planning service.
**Who We Are**
PartyPilotAI is operated by Jacob, an independent developer committed to protecting your privacy.
**Your Rights**
We respect your privacy rights under GDPR (European Union), CCPA (California), and other applicable privacy laws. This policy explains how we handle your data and your rights regarding that data.
**Contact**
For privacy-related questions: jsdasww593@gmail.com
**Who We Are**
PartyPilotAI is operated by Jacob, an independent developer committed to protecting your privacy.
**Your Rights**
We respect your privacy rights under GDPR (European Union), CCPA (California), and other applicable privacy laws. This policy explains how we handle your data and your rights regarding that data.
**Contact**
For privacy-related questions: jsdasww593@gmail.com
2. Information We Collect
**2.1 Information You Provide Directly**
• **Account Information**: Email address, name (optional), password (encrypted)
• **Venue Photos**: Images you upload of your party space
• **Party Preferences**: Descriptions of your party vision, guest count, theme preferences
• **Communication Data**: Messages you send to customer support
**2.2 Automatically Collected Information**
• **Usage Data**: Pages visited, features used, time spent on the platform
• **Device Information**: Browser type, operating system, device type, IP address
• **Cookies & Analytics**: Via Google Analytics 4 (GA4)
**2.3 Payment Information**
• **Processed by Stripe**: Credit card information is handled directly by Stripe
• **We Store**: Transaction IDs, purchase amounts, credit balance
• **We Do NOT Store**: Complete credit card numbers or CVV codes
**2.4 AI-Generated Content**
• **Your Generated Designs**: Party visualizations, floor plans, shopping lists
• **Processing Logs**: Anonymized logs of AI generation requests
• **Account Information**: Email address, name (optional), password (encrypted)
• **Venue Photos**: Images you upload of your party space
• **Party Preferences**: Descriptions of your party vision, guest count, theme preferences
• **Communication Data**: Messages you send to customer support
**2.2 Automatically Collected Information**
• **Usage Data**: Pages visited, features used, time spent on the platform
• **Device Information**: Browser type, operating system, device type, IP address
• **Cookies & Analytics**: Via Google Analytics 4 (GA4)
**2.3 Payment Information**
• **Processed by Stripe**: Credit card information is handled directly by Stripe
• **We Store**: Transaction IDs, purchase amounts, credit balance
• **We Do NOT Store**: Complete credit card numbers or CVV codes
**2.4 AI-Generated Content**
• **Your Generated Designs**: Party visualizations, floor plans, shopping lists
• **Processing Logs**: Anonymized logs of AI generation requests
3. How We Use Your Information
We use collected data for the following purposes:
**3.1 Service Provision**
• Generating AI-powered party designs based on your uploaded photos and preferences
• Creating personalized floor plans and shopping lists
• Managing your account and credit balance
• Processing payments through Stripe
**3.2 Service Improvement**
• Analyzing usage patterns to improve AI algorithms
• Identifying and fixing bugs or technical issues
• Developing new features based on user behavior
• A/B testing of platform features
**3.3 Communication**
• Sending service-related notifications (design complete, low credits)
• Responding to customer support inquiries
• Notifying you of important changes to our service or policies
• **We do NOT send marketing emails unless you opt-in**
**3.4 Security & Fraud Prevention**
• Detecting and preventing fraudulent transactions
• Protecting against abuse, spam, and unauthorized access
• Monitoring for compliance with our Terms of Service
**3.5 Legal Compliance**
• Complying with legal obligations (tax reporting, law enforcement requests)
• Enforcing our Terms of Service
• Protecting our legal rights in disputes
**3.1 Service Provision**
• Generating AI-powered party designs based on your uploaded photos and preferences
• Creating personalized floor plans and shopping lists
• Managing your account and credit balance
• Processing payments through Stripe
**3.2 Service Improvement**
• Analyzing usage patterns to improve AI algorithms
• Identifying and fixing bugs or technical issues
• Developing new features based on user behavior
• A/B testing of platform features
**3.3 Communication**
• Sending service-related notifications (design complete, low credits)
• Responding to customer support inquiries
• Notifying you of important changes to our service or policies
• **We do NOT send marketing emails unless you opt-in**
**3.4 Security & Fraud Prevention**
• Detecting and preventing fraudulent transactions
• Protecting against abuse, spam, and unauthorized access
• Monitoring for compliance with our Terms of Service
**3.5 Legal Compliance**
• Complying with legal obligations (tax reporting, law enforcement requests)
• Enforcing our Terms of Service
• Protecting our legal rights in disputes
4. How We Share Your Information
We do NOT sell your personal data to third parties. We share data only as described below:
**4.1 Service Providers**
• **Supabase** (https://supabase.com): Database hosting and authentication
- Purpose: Storing account data and user-generated content
- Data shared: Email, account information, uploaded photos, generated designs
- Location: Varies by Supabase configuration
• **Stripe** (https://stripe.com): Payment processing
- Purpose: Processing credit purchases
- Data shared: Payment information, transaction amounts
- Location: United States and globally
• **Replicate** (https://replicate.com): AI image generation
- Purpose: Generating party visualization images
- Data shared: Venue photos, design prompts
- Location: United States
• **Google** (Google Analytics 4): Usage analytics
- Purpose: Understanding user behavior and improving the platform
- Data shared: Anonymized usage data, device information
- Location: United States and globally
**4.2 Legal Requirements**
We may disclose your information if required by law:
• To comply with subpoenas, court orders, or legal processes
• To enforce our Terms of Service
• To protect the rights, property, or safety of PartyPilotAI, our users, or the public
• In connection with investigation of fraud or illegal activity
**4.3 Business Transfers**
In the event of a merger, acquisition, or sale of assets:
• Your data may be transferred to the acquiring entity
• You will be notified via email and prominent notice on the website
• The acquiring entity must honor the commitments in this Privacy Policy
**4.4 With Your Consent**
We may share data for other purposes with your explicit consent (e.g., sharing your designs publicly if you opt-in).
**4.1 Service Providers**
• **Supabase** (https://supabase.com): Database hosting and authentication
- Purpose: Storing account data and user-generated content
- Data shared: Email, account information, uploaded photos, generated designs
- Location: Varies by Supabase configuration
• **Stripe** (https://stripe.com): Payment processing
- Purpose: Processing credit purchases
- Data shared: Payment information, transaction amounts
- Location: United States and globally
• **Replicate** (https://replicate.com): AI image generation
- Purpose: Generating party visualization images
- Data shared: Venue photos, design prompts
- Location: United States
• **Google** (Google Analytics 4): Usage analytics
- Purpose: Understanding user behavior and improving the platform
- Data shared: Anonymized usage data, device information
- Location: United States and globally
**4.2 Legal Requirements**
We may disclose your information if required by law:
• To comply with subpoenas, court orders, or legal processes
• To enforce our Terms of Service
• To protect the rights, property, or safety of PartyPilotAI, our users, or the public
• In connection with investigation of fraud or illegal activity
**4.3 Business Transfers**
In the event of a merger, acquisition, or sale of assets:
• Your data may be transferred to the acquiring entity
• You will be notified via email and prominent notice on the website
• The acquiring entity must honor the commitments in this Privacy Policy
**4.4 With Your Consent**
We may share data for other purposes with your explicit consent (e.g., sharing your designs publicly if you opt-in).
5. Data Security
We implement reasonable security measures to protect your personal information:
**Technical Measures**
• **Encryption**: All data transmitted over HTTPS/TLS
• **Password Protection**: Passwords hashed using industry-standard algorithms
• **Access Controls**: Role-based access to backend systems
• **Database Security**: Supabase Row-Level Security (RLS) policies
**Organizational Measures**
• Regular security audits of our codebase
• Prompt security patch deployment
• Limited access to personal data (need-to-know basis)
**Limitations**
Despite our efforts, no system is 100% secure. We cannot guarantee absolute security. You are responsible for:
• Maintaining the confidentiality of your password
• Using strong, unique passwords
• Logging out from shared devices
**Breach Notification**
In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide information about the breach and steps to protect yourself.
**Technical Measures**
• **Encryption**: All data transmitted over HTTPS/TLS
• **Password Protection**: Passwords hashed using industry-standard algorithms
• **Access Controls**: Role-based access to backend systems
• **Database Security**: Supabase Row-Level Security (RLS) policies
**Organizational Measures**
• Regular security audits of our codebase
• Prompt security patch deployment
• Limited access to personal data (need-to-know basis)
**Limitations**
Despite our efforts, no system is 100% secure. We cannot guarantee absolute security. You are responsible for:
• Maintaining the confidentiality of your password
• Using strong, unique passwords
• Logging out from shared devices
**Breach Notification**
In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide information about the breach and steps to protect yourself.
7. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
**Account Data**
• **Active Accounts**: Retained indefinitely while account is active
• **Deleted Accounts**: Personal data deleted within 30 days of account deletion
• **Backups**: Data may persist in backups for up to 90 days
**Venue Photos**
• **Uploaded Photos**: Stored while account is active
• **After Account Deletion**: Deleted within 30 days
• **Processing**: Photos processed by AI are not permanently stored by third-party services
**Generated Designs**
• **Active Accounts**: Retained indefinitely for your access
• **Deleted Accounts**: Deleted within 30 days
**Transaction Records**
• **Payment History**: Retained for 7 years for tax and accounting purposes
• **Transaction IDs**: Retained indefinitely for fraud prevention
**Analytics Data**
• **Google Analytics**: Retained for 26 months (default GA4 setting)
• **Anonymized Logs**: Retained for 12 months
**Legal Holds**
Data subject to legal proceedings or disputes may be retained beyond standard periods.
**Account Data**
• **Active Accounts**: Retained indefinitely while account is active
• **Deleted Accounts**: Personal data deleted within 30 days of account deletion
• **Backups**: Data may persist in backups for up to 90 days
**Venue Photos**
• **Uploaded Photos**: Stored while account is active
• **After Account Deletion**: Deleted within 30 days
• **Processing**: Photos processed by AI are not permanently stored by third-party services
**Generated Designs**
• **Active Accounts**: Retained indefinitely for your access
• **Deleted Accounts**: Deleted within 30 days
**Transaction Records**
• **Payment History**: Retained for 7 years for tax and accounting purposes
• **Transaction IDs**: Retained indefinitely for fraud prevention
**Analytics Data**
• **Google Analytics**: Retained for 26 months (default GA4 setting)
• **Anonymized Logs**: Retained for 12 months
**Legal Holds**
Data subject to legal proceedings or disputes may be retained beyond standard periods.
8. Your Privacy Rights
Depending on your location, you may have the following rights:
**8.1 GDPR Rights (EU/EEA Users)**
• **Right to Access**: Request a copy of your personal data
• **Right to Rectification**: Correct inaccurate or incomplete data
• **Right to Erasure** ("Right to be Forgotten"): Request deletion of your data
• **Right to Restriction**: Limit how we process your data
• **Right to Data Portability**: Receive your data in a portable format
• **Right to Object**: Object to processing based on legitimate interests
• **Right to Withdraw Consent**: Withdraw consent for data processing at any time
**8.2 CCPA Rights (California Users)**
• **Right to Know**: Request disclosure of collected personal information
• **Right to Delete**: Request deletion of your personal information
• **Right to Opt-Out**: Opt-out of the "sale" of personal information (Note: We do NOT sell personal data)
• **Right to Non-Discrimination**: No discrimination for exercising privacy rights
**8.3 How to Exercise Your Rights**
To exercise any of these rights, contact us at:
• Email: jsdasww593@gmail.com
• Subject line: "Privacy Rights Request"
• Include: Your account email and specific request
**Response Time**
• We will respond within 30 days (GDPR) or 45 days (CCPA)
• We may request additional information to verify your identity
**Verification**
To protect your data, we require identity verification before processing requests. This may include:
• Confirming your account email
• Answering security questions
• Providing additional identification (for deletion requests)
**8.1 GDPR Rights (EU/EEA Users)**
• **Right to Access**: Request a copy of your personal data
• **Right to Rectification**: Correct inaccurate or incomplete data
• **Right to Erasure** ("Right to be Forgotten"): Request deletion of your data
• **Right to Restriction**: Limit how we process your data
• **Right to Data Portability**: Receive your data in a portable format
• **Right to Object**: Object to processing based on legitimate interests
• **Right to Withdraw Consent**: Withdraw consent for data processing at any time
**8.2 CCPA Rights (California Users)**
• **Right to Know**: Request disclosure of collected personal information
• **Right to Delete**: Request deletion of your personal information
• **Right to Opt-Out**: Opt-out of the "sale" of personal information (Note: We do NOT sell personal data)
• **Right to Non-Discrimination**: No discrimination for exercising privacy rights
**8.3 How to Exercise Your Rights**
To exercise any of these rights, contact us at:
• Email: jsdasww593@gmail.com
• Subject line: "Privacy Rights Request"
• Include: Your account email and specific request
**Response Time**
• We will respond within 30 days (GDPR) or 45 days (CCPA)
• We may request additional information to verify your identity
**Verification**
To protect your data, we require identity verification before processing requests. This may include:
• Confirming your account email
• Answering security questions
• Providing additional identification (for deletion requests)
9. Children's Privacy
PartyPilotAI is not intended for users under 18 years of age.
**No Knowingly Collected Data**
We do not knowingly collect personal information from children under 18 (or under 13 in the US, per COPPA).
**Parental Responsibility**
If you are a parent or guardian and believe your child has provided us with personal information:
• Contact us immediately at jsdasww593@gmail.com
• We will promptly delete the child's account and data
**Age Verification**
By using the Service, you represent that you are at least 18 years old.
**No Knowingly Collected Data**
We do not knowingly collect personal information from children under 18 (or under 13 in the US, per COPPA).
**Parental Responsibility**
If you are a parent or guardian and believe your child has provided us with personal information:
• Contact us immediately at jsdasww593@gmail.com
• We will promptly delete the child's account and data
**Age Verification**
By using the Service, you represent that you are at least 18 years old.
10. International Data Transfers
PartyPilotAI is a global service. Your data may be transferred to and processed in countries other than your own.
**Data Storage Locations**
• **Supabase**: Depends on configuration (US, EU, or other regions)
• **Stripe**: United States and globally
• **Replicate**: United States
• **Google Analytics**: United States and globally
**Safeguards for EU/EEA Users**
Data transfers outside the EU/EEA are protected by:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• GDPR-compliant data processing agreements with service providers
**Your Consent**
By using PartyPilotAI, you consent to the transfer of your data to these jurisdictions.
**Data Storage Locations**
• **Supabase**: Depends on configuration (US, EU, or other regions)
• **Stripe**: United States and globally
• **Replicate**: United States
• **Google Analytics**: United States and globally
**Safeguards for EU/EEA Users**
Data transfers outside the EU/EEA are protected by:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• GDPR-compliant data processing agreements with service providers
**Your Consent**
By using PartyPilotAI, you consent to the transfer of your data to these jurisdictions.
11. Changes to This Privacy Policy
We may update this Privacy Policy to reflect:
• Changes to our data practices
• New features or services
• Legal or regulatory requirements
**Notification of Changes**
• Material changes will be notified via email and prominent notice on the website
• "Last Updated" date at the top will be revised
• Continued use after changes constitutes acceptance
**Review Regularly**
We encourage you to review this policy periodically to stay informed about how we protect your data.
• Changes to our data practices
• New features or services
• Legal or regulatory requirements
**Notification of Changes**
• Material changes will be notified via email and prominent notice on the website
• "Last Updated" date at the top will be revised
• Continued use after changes constitutes acceptance
**Review Regularly**
We encourage you to review this policy periodically to stay informed about how we protect your data.
12. Do Not Track Signals
Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals.
**Our Approach**
• We do not currently respond to DNT signals
• We use Google Analytics, which may track across websites
• You can opt-out of Google Analytics using: https://tools.google.com/dlpage/gaoptout
**Our Approach**
• We do not currently respond to DNT signals
• We use Google Analytics, which may track across websites
• You can opt-out of Google Analytics using: https://tools.google.com/dlpage/gaoptout
13. Contact Us About Privacy
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
**Email**: jsdasww593@gmail.com
**Subject Line**: "Privacy Inquiry"
**Data Protection Officer**
While we are not required to have a formal Data Protection Officer, privacy matters are handled directly by the operator Jacob.
**Response Time**
We aim to respond to all privacy inquiries within 72 hours.
**Email**: jsdasww593@gmail.com
**Subject Line**: "Privacy Inquiry"
**Data Protection Officer**
While we are not required to have a formal Data Protection Officer, privacy matters are handled directly by the operator Jacob.
**Response Time**
We aim to respond to all privacy inquiries within 72 hours.
Questions about this policy? Contact us at jsdasww593@gmail.com