Privacy Policy
Contents
1. Who We Are
Konfetti, Inc. ("Konfetti," "we," "us," or "our") operates the Konfetti platform at konfettiapp.com and the Konfetti mobile application (collectively, the "Platform"), which connects event planners with event service providers. Konfetti is the data controller for personal information processed under this Privacy Policy.
Questions about this policy: privacy@konfettiapp.com
2. Information We Collect
2.1 Information You Provide Directly
| Category | Examples |
|---|---|
| Account info | Name, email address, password, phone number, profile photo |
| Profile info | City/location, event preferences, event type, guest count |
| Vendor info | Business name, category, description, service area, website, business phone |
| Event info | Event type, date, venue location, guest count, budget |
| Booking info | Booking details, messages with Vendors, special requests |
| Payment info | Card details processed and stored by Stripe — we do not store raw card numbers |
| Communications | Messages, reviews, support requests, feedback |
| Identity verification | Government-issued ID, business documentation (for Vendor verification) |
2.2 Information Collected Automatically
| Category | Examples |
|---|---|
| Device & technical data | IP address, browser type, operating system, device identifiers, app version |
| Usage data | Pages viewed, features used, search queries, time on page, click patterns |
| Log data | Server logs including access times, error logs, referring URLs |
| Location data | Approximate location inferred from IP; precise location only if you grant permission in the mobile app |
| Cookies & similar technologies | Session cookies, preference cookies, analytics identifiers (see Section 5) |
2.3 Information from Third Parties
- Social sign-in (Google): When you sign in with Google, we receive your name, email address, and profile photo, subject to the permissions you grant.
- Payment processors: Stripe provides transaction status, payment method type, and fraud risk signals.
- Analytics providers: Aggregate data about Platform usage patterns.
3. How We Use Your Information
3.1 Providing & Improving the Platform
- Creating and managing your account;
- Facilitating Bookings between Planners and Vendors;
- Processing payments through Stripe;
- Personalizing your experience (e.g., showing vendors near your event location);
- Developing new features and improving existing ones;
- Troubleshooting technical issues.
3.2 Communications
- Transactional emails (booking confirmations, receipts, account notices);
- Service-related notifications (updates, security alerts);
- Marketing communications (with your consent where required by law);
- Responding to support requests.
3.3 Safety, Security & Legal Compliance
- Verifying Vendor identities and credentials;
- Detecting and preventing fraud, abuse, and Terms violations;
- Complying with applicable laws, court orders, and legal process;
- Protecting the rights and safety of Konfetti, Users, and the public.
3.4 Analytics & Research
- Understanding how the Platform is used in aggregate;
- Measuring feature and marketing effectiveness;
- Research to improve vendor matching quality.
3.5 Legal Bases (EEA/UK users)
Where required, our legal bases are: contract performance (to provide our services); legitimate interests (to improve the Platform, prevent fraud, and communicate with you); legal obligation (to comply with law); and consent (for marketing and certain optional features).
4. How We Share Your Information
4.1 Between Planners and Vendors
To facilitate a Booking, we share relevant information between the Planner and Vendor involved — including name, profile photo, event details, contact information, and messages. Once a Booking is confirmed, the Vendor will receive your contact information to coordinate service delivery.
4.2 Service Providers
We share information with trusted third-party service providers under strict data processing agreements:
- Stripe: Payment processing — see Stripe Privacy Policy;
- Amazon Web Services (AWS): Cloud infrastructure and storage;
- Google: Authentication services and analytics;
- Email service providers: Transactional and marketing emails.
4.3 Legal & Safety Disclosures
We may disclose your information when we believe in good faith that disclosure is necessary to: comply with applicable law or legal process; respond to lawful government requests; protect the rights, property, or safety of Konfetti, users, or others; enforce our Terms; or investigate violations.
4.4 Business Transfers
If Konfetti is involved in a merger, acquisition, asset sale, financing, or insolvency proceeding, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy.
4.5 Aggregated & De-identified Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably identify you with third parties for research, analytics, or marketing purposes.
5. Cookies & Tracking Technologies
5.1 What We Use
- Essential cookies: Required for the Platform to function (authentication sessions, security tokens). Cannot be disabled.
- Preference cookies: Remember your settings and preferences.
- Analytics cookies: Help us understand how the Platform is used in aggregate.
5.2 Your Choices
Most browsers allow you to refuse or delete cookies through browser settings. Disabling cookies may limit your ability to use certain Platform features. Our mobile app uses device-local storage for session information, not browser cookies.
5.3 Do Not Track
We currently do not respond to "Do Not Track" signals from browsers, as there is no industry standard for honoring them. We do honor opt-out requests for marketing communications.
6. Data Retention
We retain your personal information for as long as necessary to provide the Platform and fulfill the purposes described in this Privacy Policy, unless a longer period is required by law.
- Account data: Retained while your account is active and for up to 3 years after deletion to comply with legal obligations and resolve disputes.
- Transaction records: Retained for at least 7 years for financial, tax, and legal compliance.
- Messages and communications: Retained for up to 2 years after account deletion.
- Log and usage data: Typically retained for 12 months.
When we no longer need your information, we securely delete or anonymize it.
7. Data Security
We implement industry-standard technical and organizational security measures to protect your personal information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest;
- AWS enterprise-grade infrastructure security controls;
- Access controls limiting employee access to personal data on a need-to-know basis;
- Regular security reviews and monitoring.
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach affecting your rights or freedoms, we will notify affected users and relevant authorities as required by applicable law.
8. Your Rights & Choices
Depending on your location, you may have the following rights regarding your personal information:
| Right | What it means |
|---|---|
| Access | Request a copy of the personal information we hold about you. |
| Correction | Request that we correct inaccurate or incomplete data. |
| Deletion | Request deletion of your personal information (subject to legal retention obligations). |
| Portability | Receive your data in a structured, machine-readable format. |
| Restriction | Request that we restrict processing in certain circumstances. |
| Objection | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw consent | Where processing is based on consent, withdraw it at any time without affecting prior processing. |
To exercise these rights, contact us at privacy@konfettiapp.com. We will respond within 30 days (or within the timeframe required by applicable law). We may verify your identity before fulfilling a request.
8.1 Marketing Opt-Out
You can opt out of marketing emails by clicking "Unsubscribe" in any marketing email or updating notification preferences in the app. Opting out of marketing does not affect transactional communications.
8.2 Account Deletion
You may delete your account at any time through the Profile settings screen in the app. We will retain certain data as required by law or for legitimate business purposes as described in Section 6.
9. Children's Privacy
The Platform is not directed to, and we do not knowingly collect personal information from, children under the age of 18. If we learn we have collected personal information from a child under 18 without parental consent, we will delete it promptly. If you believe we may have such information, please contact us at privacy@konfettiapp.com.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the CCPA as amended by the CPRA grants you specific rights:
- Right to Know: The categories and specific pieces of personal information we have collected, the sources, our business purposes, and the third parties with whom we share it.
- Right to Delete: Deletion of personal information we have collected, subject to certain exceptions.
- Right to Correct: Correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information beyond what is necessary to provide our services.
To exercise your California rights, submit a request to privacy@konfettiapp.com. We will respond within 45 days. You may designate an authorized agent to make requests on your behalf.
Categories collected in the past 12 months: Identifiers, commercial information, internet/network activity, geolocation data, professional/employment information (for Vendors), and inferences drawn to create a profile. For each category, purposes and third parties are described in Sections 3 and 4.
11. International Data Transfers
Konfetti is operated from the United States, and our servers are located in the U.S. (AWS us-east-1). If you access the Platform from outside the United States, your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction.
For users in the EEA, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, for transfers of personal data to the U.S.
12. Third-Party Links
The Platform may contain links to third-party websites or services not operated by Konfetti. We are not responsible for their privacy practices and encourage you to review their privacy policies before sharing information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last updated" date and, for significant changes, by emailing your registered address. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
- Privacy inquiries: privacy@konfettiapp.com
- Legal inquiries: legal@konfettiapp.com
- General support: support@konfettiapp.com
If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.