My Easy Party
Sign up

Draft — final copy pending legal review. This page is structurally complete with placeholder prose. Itta and counsel finalize the wording before public launch. Do not ship to production with this banner removed until copy is signed off.

Legal

Privacy Policy

How we collect, use, share, and protect the personal information you share with My Easy Party.

Last updated:

Information We Collect

When you use My Easy Party we collect: account data (name, email, phone), booking data (event date, address, party size), payment data (handled by Stripe — we never store full card numbers), communications (messages between customers and vendors), and technical data (IP, device, browser, pages viewed).

TODO (Itta + counsel):Counsel: enumerate every data category by source (user-provided, derived, third-party). Flag any sensitive categories (e.g. dietary info for catering bookings) and apply heightened protections.

How We Use Information

We use your data to operate the platform: matching you with vendors, processing bookings and payments, sending transactional email, preventing fraud, improving the product, and complying with legal obligations. We do not sell personal information.

TODO (Itta + counsel):Confirm lawful bases (contract, legitimate interest, consent) per information category. Reconcile with marketing-email opt-in flow when launched.

How We Share Information

We share information only as needed: with the vendor you book (to deliver the service), with our processors (Stripe for payments, AWS SES for email, our hosting and storage providers), with legal authorities when required, and with successor entities in the event of a merger or sale.

TODO (Itta + counsel):Counsel: maintain a current sub-processor list. Confirm cross-border transfer safeguards (AWS regions, Stripe data residency).

Cookies

We use cookies and similar technologies for session management, security, and basic analytics. See our Cookie Policy for the full list.

TODO (Itta + counsel):Decide on a cookie-consent banner (required in EU, best practice in Canada per OPC guidance) and wire it to gate any non-essential cookies.

Data Retention

We keep your data as long as your account is active and for a reasonable period afterwards to comply with tax, accounting, fraud-prevention, and dispute-resolution obligations. Anonymized analytics may be retained indefinitely.

TODO (Itta + counsel):Counsel: nail down concrete retention windows per data category. Canada Revenue Agency requires 6-year retention of financial records; align payment and invoice retention with that floor.

Your Rights

Depending on where you live, you may have the right to access your data, correct inaccuracies, delete your account, port your data to another service, restrict certain uses, and withdraw consent. To exercise any of these rights, contact us via the contact form.

TODO (Itta + counsel):Counsel: confirm PIPEDA-required rights (Canada) and add GDPR-equivalent rights for forward-compat with EU launch. Set internal SLAs for handling access / deletion requests (30 days standard).

Children's Privacy

My Easy Party is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe we have collected such data, contact us and we will delete it.

TODO (Itta + counsel):Confirm minimum age (18 versus 16 — relevant to teen-organized events). Add COPPA-style safeguards if onboarding minors is ever opened.

Security

We protect your data with industry-standard measures: encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, access controls, audit logging, and regular security review. No system is perfectly secure; in the unlikely event of a breach we will notify affected users as required by law.

TODO (Itta + counsel):Define breach-notification timelines (PIPEDA requires “as soon as feasible” for breaches creating real risk of significant harm). Document our incident-response runbook reference.

International Transfers

Your data is primarily stored on infrastructure located in Canada. Some processors (Stripe, AWS) may transfer or process data outside Canada in accordance with applicable safeguards.

TODO (Itta + counsel):Counsel: map every processor's data-residency posture. Note any third-country transfers (US, EU) and the legal basis for each.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes are announced on this page with a new “Last updated” date and, where required, by email or in-app notice before they take effect.

TODO (Itta + counsel):Align change-notice cadence with the equivalent clause in Terms of Service. Decide if past versions are archived publicly.

Contact

Privacy questions or rights requests? Reach our team via the contact form.

TODO (Itta + counsel):Designate a privacy officer (PIPEDA requirement once we have employees or routine personal-info processing). Publish contact email and postal address.