Last updated: March 8, 2026
This Privacy Policy describes how Maivor AB ("Party Parrot," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the Party Parrot website and service at www.getpartyparrot.com (the "Service"). Maivor AB is a Swedish company (org. nr 559514-7553) that operates this US-focused service.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
We collect the following categories of personal information:
1.1 Account Information (provided by you)
- Full name
- Email address
- Phone number
Account registration is limited to parents and guardians who are 18 years of age or older. We do not allow children to create accounts.
1.2 Party Details (provided by you)
- Child's first name and age (for party planning purposes only)
- Party date, time, and location
- Party theme and preferences
- AI-generated theme images and the text prompts used to create them
1.3 Guest Information (provided by the party host)
- Guest names
- Phone numbers (used to send SMS invitations and reminders)
- Email addresses (used to send email invitations)
1.4 RSVP and Health-Related Information (provided by guests)
- RSVP responses (attending, not attending, pending)
- Dietary restrictions and allergy information (voluntarily provided)
Allergy and dietary information is considered sensitive health-related data. It is entirely optional, visible only to the party host, used solely for food and activity planning, and automatically deleted no later than 7 days after the party date. Where GDPR applies, the legal basis for processing this data is explicit consent (Art. 9.2a), provided by the guest filling in the field.
1.5 Payment Information
Payments are processed entirely by Stripe, Inc. Party Parrot does not receive, store, or have access to your full credit card number, debit card number, or bank account details. We receive only a transaction confirmation, the last four digits of your card, and the amount paid. For details, see Stripe's Privacy Policy.
1.6 Automatically Collected Information
- Usage analytics (Google Analytics 4): Page views, session duration, device type, browser type, approximate geographic location, and referring URL. Analytics are only activated after you provide consent via our cookie banner.
- Error and performance data (Sentry): Error reports, stack traces, browser and OS version, and session identifiers. Sentry is only activated after you provide consent.
- Server logs: IP address, request timestamps, and HTTP request metadata. These are retained for security and debugging purposes.
2. How We Use Your Information
We use personal information for the following business purposes:
- Providing the Service: Creating and managing party pages, sending invitations and RSVP reminders via SMS and email, tracking RSVPs, and managing guest lists
- Payment processing: Facilitating purchases of Party Pass and other premium features through Stripe
- AI theme generation: Processing your text prompts through Google Gemini to generate custom party theme images
- Address autocomplete: Using Google Maps/Geocoding to help you find and enter party locations
- Account communications: Sending transactional emails about your account, purchases, and service updates
- Security and fraud prevention: Monitoring for suspicious activity, enforcing rate limits, and protecting against abuse
- Service improvement: Analyzing usage patterns (with consent) to improve features and user experience
- Error resolution: Diagnosing and fixing technical issues using error tracking data (with consent)
- Legal compliance: Meeting our obligations under applicable laws and regulations
3. Third-Party Service Providers
We share personal information with the following third-party service providers, solely to operate and improve the Service:
| Provider | Purpose | Data Region |
|---|
| Supabase | Database, authentication, and storage | US (us-east-1) |
| Vercel | Website hosting and edge delivery | US |
| Stripe | Payment processing | US |
| Twilio | SMS invitations and reminders | US |
| Resend | Transactional email delivery | US |
| Google Gemini | AI party theme image generation | US |
| Google Maps / Geocoding | Address autocomplete | US |
| Google Analytics 4 | Usage analytics (consent required) | US |
| Sentry | Error tracking and performance monitoring (consent required) | US |
Each provider processes data only as necessary to perform its designated function. We do not authorize these providers to use your personal information for their own marketing purposes.
Information visible to guests: When you create a party and send invitations, guests will see the party details you choose to include (child's name, date, location, theme). Guest RSVP responses and dietary information are visible only to the party host.
4. Sale of Personal Information
Party Parrot does not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so. We do not sell or share personal information for cross-context behavioral advertising. This applies to all users, including California residents under the CCPA/CPRA.
5. Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.
Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
- Identifiers: Name, email address, phone number, IP address
- Personal information under Cal. Civ. Code 1798.80(e): Name, phone number
- Commercial information: Purchase history and transaction records
- Internet or electronic network activity: Browsing and usage data (with consent), error logs
- Geolocation data: Approximate location from IP address and party addresses you provide
- Sensitive personal information: Health-related data (dietary restrictions and allergies, voluntarily provided by guests)
Your Rights Under the CCPA
- Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom we share it.
- Right to delete: You may request that we delete personal information we have collected from you, subject to certain legal exceptions.
- Right to correct: You may request that we correct inaccurate personal information.
- Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required.
- Right to limit use of sensitive personal information: We only use sensitive personal information (dietary/allergy data) for the purpose for which it was provided.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied service for making a privacy request.
To exercise any of these rights, contact us at hello@getpartyparrot.com. We will verify your identity before processing your request and respond within 45 days.
6. Rights for Users in the European Economic Area (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).
Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract performance (Art. 6.1b): Processing necessary to provide the Service you signed up for, including managing parties, sending invitations, and processing payments
- Legitimate interest (Art. 6.1f): Security monitoring, fraud prevention, and service improvements, where our interests do not override your fundamental rights
- Consent (Art. 6.1a): Analytics (Google Analytics 4), error tracking (Sentry), and marketing communications. You may withdraw consent at any time.
- Explicit consent (Art. 9.2a): Processing of health-related data (dietary restrictions and allergies), provided by the guest voluntarily filling in the RSVP field
- Legal obligation (Art. 6.1c): Where required by applicable law, such as tax and accounting records
Your GDPR Rights
- Access (Art. 15): Obtain a copy of your personal data
- Rectification (Art. 16): Correct inaccurate personal data
- Erasure (Art. 17): Request deletion of your personal data
- Restriction (Art. 18): Restrict the processing of your personal data
- Data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interest
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
International Data Transfers
Your personal data is stored and processed in the United States. If you are located outside the US, your data is transferred to the US for processing. We rely on the following safeguards for international transfers:
- Our third-party service providers (Supabase, Vercel, Stripe, Twilio, Resend, Google, Sentry) maintain appropriate data protection measures, including Standard Contractual Clauses (SCCs) and, where applicable, participation in the EU-US Data Privacy Framework
- All data in transit is encrypted using TLS/HTTPS, and data at rest is encrypted by our infrastructure providers
The data controller for GDPR purposes is Maivor AB. To exercise your rights, contact us at hello@getpartyparrot.com.
7. Children's Privacy (COPPA Compliance)
Party Parrot is a service designed for parents and guardians who are 18 years of age or older. We do not knowingly collect personal information directly from children under 13 (or under 16 in the EEA).
- Only parents and guardians may create accounts and use the Service
- A child's first name and age may be provided by the parent or guardian solely for the purpose of planning and personalizing the party page
- We do not use children's information for marketing, advertising, or any purpose beyond displaying it on the party page
- Children do not interact with the Service directly; all information is entered by and accessible to parents and guardians
If we learn that we have inadvertently collected personal information from a child under 13, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at hello@getpartyparrot.com.
8. Cookies and Tracking Technologies
We use the following types of cookies and similar technologies:
Essential Cookies (no consent required)
- Authentication cookies: Maintain your logged-in session
- Cookie consent preference: Remember your tracking preferences
Optional Cookies (consent required)
- Google Analytics 4: Collects anonymous usage statistics including page views, session duration, device information, and approximate location. Analytics data is routed through our own domain before being processed by Google.
- Sentry: Sets session cookies for error tracking and performance monitoring. Used only to identify and fix technical issues.
Optional cookies are only activated after you provide consent via our cookie banner. You may change your preferences at any time by clearing your browser's local storage or by using the cookie settings link in our footer.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this policy. Specific retention periods are as follows:
Active Accounts
Your account data, party details, and guest lists are retained for as long as your account remains active. You may export your data at any time from your account settings.
Automatic Deletion Schedule
- Allergy and dietary information: Automatically deleted 7 days after the party date
- Verification codes (OTP): Deleted after 24 hours
- Email confirmation tokens: Deleted after 7 days
- Soft-deleted guests: Permanently purged after 30 days
- Incomplete registrations: Deleted after 90 days
Deleted Accounts
When you delete your account, all associated personal data (including parties, guest lists, RSVP data, and AI-generated images) is permanently purged within 30 days. An automated data retention cron job runs regularly to enforce these deletion schedules.
Certain data may be retained beyond these periods where required by law (such as transaction records for tax and accounting purposes).
10. Data Security
We implement industry-standard technical and organizational measures to protect your personal information:
- All data in transit is encrypted using TLS 1.2 or higher (HTTPS)
- Data at rest is encrypted by our infrastructure providers (Supabase, Vercel)
- Database access is controlled through Row Level Security (RLS) policies, ensuring users can only access their own data
- API endpoints are protected with authentication, rate limiting, and input validation
- Payment data is handled exclusively by Stripe, a PCI DSS Level 1 certified processor
- Sensitive data such as phone numbers and email addresses is redacted in application logs
While we take reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. If you become aware of any unauthorized access to your account, please contact us immediately.
11. Other US State Privacy Rights
In addition to California, residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws may have similar rights to access, delete, and correct their personal data, as well as to opt out of the sale of personal information and targeted advertising.
As noted above, we do not sell personal information or use it for targeted advertising. To exercise any rights under your state privacy law, please contact us at hello@getpartyparrot.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email and/or by posting a prominent notice on the Service prior to the changes taking effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.
13. Regulatory Authorities
If you believe your personal information is being handled improperly, you have the right to file a complaint with the appropriate regulatory authority:
- California residents: California Attorney General's Office, P.O. Box 944255, Sacramento, CA 94244-2550 — oag.ca.gov/privacy
- EEA residents: Your local data protection authority. A list is available at edpb.europa.eu
- Swedish residents: Integritetsskyddsmyndigheten (IMY), Box 8114, 104 20 Stockholm — imy.se
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us:
Maivor AB
Email: hello@getpartyparrot.com
We aim to respond to all privacy-related inquiries within 30 days. For CCPA requests, we will respond within 45 days as required by law.