Privacy Policy

Party Genius AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service. This policy applies to all users worldwide and complies with: • General Data Protection Regulation (GDPR) for EU/EEA users • California Consumer Privacy Act (CCPA) for California residents • UK General Data Protection Regulation (UK GDPR) • Other applicable data protection laws

We collect information in the following ways: Information You Provide: • Account information (name, email address) when you register • Profile information you choose to add • Party and event planning data you create • Payment information (processed securely by Stripe) • Communications you send to us Automatically Collected Information: • Device information (browser type, operating system) • IP address and approximate location • Usage data (pages visited, features used, time spent) • Cookies and similar tracking technologies Information from Third Parties: • Social login data (if you sign in with Google, etc.) • Payment confirmation from Stripe (no full card numbers)

We use your information for the following purposes: Service Provision: • To create and manage your account • To provide our party planning features • To process payments and subscriptions • To save and sync your data across devices Service Improvement: • To analyze usage patterns and improve features • To develop new features based on user needs • To fix bugs and technical issues Communication: • To send important account notifications • To respond to your inquiries and support requests • To send marketing communications (with your consent) Legal Compliance: • To comply with legal obligations • To enforce our Terms of Service • To protect our rights and prevent fraud

For users in the EU/EEA, we process your data based on: Contractual Necessity: • Processing required to provide the Service you requested • Account creation and management • Payment processing Legitimate Interests: • Service improvement and analytics • Fraud prevention and security • Customer support Consent: • Marketing communications • Non-essential cookies and tracking • Sharing data with third parties for advertising Legal Obligation: • Tax and accounting requirements • Responding to lawful requests from authorities • Compliance with applicable laws

We do not sell your personal information. We may share your data with: Service Providers: • Supabase (database and authentication) • Stripe (payment processing) • Vercel (hosting) • PostHog (analytics) • Anthropic (AI features - anonymized data only) These providers are contractually obligated to protect your data. Other Disclosures: • With your consent • To comply with legal obligations • To protect our rights, privacy, safety, or property • In connection with a merger, acquisition, or sale of assets We never share your: • Full payment card details • Passwords or authentication tokens • Private party data without your permission

We use cookies and similar technologies: Essential Cookies (Required): • Authentication and security • Session management • Load balancing Functional Cookies (Optional): • Preferences and settings • Theme selection (light/dark mode) • Language preferences Analytics Cookies (Optional): • Usage statistics (PostHog) • Performance monitoring • Error tracking Marketing Cookies (Optional): • Advertising effectiveness • Social media integration You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling essential cookies may impact Service functionality.

We retain your data for as long as necessary: Active Accounts: • Account data: Until you delete your account • Party data: Until you delete it or your account • Usage logs: 90 days After Account Deletion: • Most data: Deleted within 30 days • Backup systems: Purged within 90 days • Legal hold data: As required by law Anonymized Data: • Aggregated analytics may be retained indefinitely • This data cannot identify you

We implement robust security measures: Technical Safeguards: • TLS/SSL encryption for data in transit • AES-256 encryption for data at rest • Secure password hashing (bcrypt) • Regular security audits and testing Operational Safeguards: • Access controls and authentication • Employee security training • Incident response procedures • Regular backup and recovery testing Infrastructure Security: • Hosted on secure cloud platforms • DDoS protection • Firewall and intrusion detection • Regular vulnerability scanning While we strive to protect your data, no system is 100% secure. Please use strong passwords and keep your credentials confidential.

You have the following rights regarding your data: All Users: • Access: Request a copy of your data • Correction: Update inaccurate information • Deletion: Request deletion of your data • Portability: Export your data in a standard format EU/EEA Users (GDPR): • Restriction: Limit how we process your data • Objection: Object to certain processing activities • Withdraw consent: Revoke previously given consent • Lodge complaint: Contact your supervisory authority California Residents (CCPA): • Know: Learn what data we collect about you • Delete: Request deletion of your data • Opt-out: Opt out of data sales (we don't sell data) • Non-discrimination: Equal service regardless of rights exercised To exercise these rights, contact us at privacy@partygeniusai.com

Your data may be transferred to and processed in countries outside your residence: Transfer Mechanisms: • Standard Contractual Clauses (SCCs) for EU transfers • Adequacy decisions where applicable • Contractual protections with all service providers Locations: • Primary servers: United States • CDN: Global distribution for performance • Backups: Secure locations in US and EU We ensure appropriate safeguards are in place for all international transfers in compliance with applicable data protection laws.

Our Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected personal information from a child without parental consent, we will delete that information promptly. Note: While Party Genius AI helps plan children's birthday parties, the Service is intended for use by parents and guardians, not children themselves.

Our Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. Third-party services we integrate with: • Google (if using Google Sign-In) • Stripe (payment processing) • Social media platforms (if sharing features used) Each of these services has its own privacy policy that governs their use of your data.

We may update this Privacy Policy from time to time. We will notify you of any material changes by: • Posting the updated policy on this page • Updating the "Last Updated" date • Sending an email notification for significant changes • Displaying a notice in the Service Your continued use of the Service after changes constitutes acceptance of the updated policy. We recommend reviewing this policy periodically for any updates.

If you have questions about this Privacy Policy or our data practices: Email: privacy@partygeniusai.com Support: hello@partygeniusai.com Website: https://partygeniusai.com/contact Data Protection Officer (for EU inquiries): Email: dpo@partygeniusai.com For GDPR complaints, you may also contact your local supervisory authority. We aim to respond to all inquiries within 30 days.