Privacy Policy
Last updated: April 22, 2026
This Privacy Policy explains how PartyNestPlan ("we," "us") handles personal data when you use our Service. We operate under the laws of the Grand Duchy of Luxembourg and, where applicable, comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
Data controller: PartyNestPlan, operated as a sole proprietorship based in Luxembourg. Full trader identity available upon request.
Contact: info@partynestplan.com
1. Summary — Our Approach
We have deliberately designed PartyNestPlan to collect and store as little personal data as possible. We do not maintain user accounts, we do not store generated party plans on our servers, and we do not keep a database of our customers' names, emails, or children's information. The sections below explain exactly what happens to the data you provide.
2. What Happens to Your Inputs
When you use PartyNestPlan, you provide inputs such as the child's first name, age, interests, and party details (guest count, duration, theme, venue).
- During your session, these inputs are held in your browser's session storage (a temporary memory area in your own browser). They never reach a database controlled by us.
- To generate the plan, we send these inputs to our AI provider (Google Gemini, accessed via Lovable AI Gateway). The provider processes the request to generate the plan and does not use your inputs to train models (per Gemini's enterprise API terms).
- When you close the browser tab, your inputs and the generated plan are erased from session storage. We have no copy.
3. What Happens at Checkout
Payment is handled entirely by Stripe, Inc. We never see or store your payment card information.
To associate the Stripe transaction with your party plan, we send a small amount of information to Stripe as Checkout Session metadata: your child's first name, the selected theme, and the plan mode. Stripe uses this to label the transaction for your receipt and our payment records. This data is stored by Stripe under Stripe's Privacy Policy.
Stripe also collects, on its own:
- Your email address (for the receipt)
- Billing name and country
- Payment method details
This information is collected and retained by Stripe as an independent data controller, according to their policies. We access it only via the Stripe dashboard when needed for customer support, refund processing, or accounting.
4. What We Do Not Do
- We do not maintain a database of users, emails, or purchase history of our own.
- We do not send you marketing emails (we have no mailing list).
- We do not track you across other websites.
- We do not sell or share personal data for advertising.
- We do not knowingly collect data from children under 13. The Service is intended for use by parents and guardians who are making purchasing decisions.
5. Cookies and Tracking
We use only essential browser storage (session storage) required for the Service to function. We do not currently use analytics cookies, advertising cookies, or cross-site tracking. If this changes in the future, we will update this policy and, where required, present a cookie consent banner.
6. Third Parties Involved in Providing the Service
The following providers help us operate the Service. Data flows to them only as strictly needed:
- Stripe, Inc. (USA) — payment processing. stripe.com/privacy
- Google (Gemini via Lovable AI Gateway) — AI generation of the plan from your inputs
- Lovable (EU) — hosting of the application
- Supabase, Inc. (USA/EU) — hosts the Edge Function that creates the Stripe checkout session (no personal data is stored in Supabase tables)
- Namecheap (USA) — domain registration and email forwarding for info@partynestplan.com
We do not use third-party analytics or advertising services at this time.
7. International Data Transfers
Some providers listed above are based in the United States. Transfers rely on appropriate safeguards, including EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
8. How Long Data Is Kept
- Your inputs and generated plans: kept only in your browser's session storage, erased when the tab closes. We retain nothing.
- Stripe transaction records (held by Stripe): retained according to Stripe's policies and applicable US financial regulations.
- Our access to Stripe records: we may review the Stripe dashboard for legitimate purposes (refunds, chargebacks, tax compliance) for as long as the Stripe account is active.
9. Your Rights under GDPR
You have the right to:
- Ask what personal data exists about you
- Request correction or deletion where data exists
- Object to or restrict processing
- Lodge a complaint with the Luxembourg data protection authority (CNPD — cnpd.public.lu)
Because we do not maintain a customer database, in most cases a request to us will confirm that we hold no data about you. Where Stripe holds transaction data associated with your purchase, you may also contact Stripe directly, or ask us to assist in locating the record.
Email info@partynestplan.com to exercise any right. We respond within 30 days.
10. California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information is collected and how it is used
- Request deletion
- Opt out of the "sale" or "sharing" of personal information — we do not sell or share personal information for cross-context behavioral advertising
- Non-discrimination for exercising these rights
To exercise California rights, email info@partynestplan.com with subject line "California Privacy Request."
11. Security
We use HTTPS/TLS for all traffic, industry-standard encryption, and do not store sensitive data on our servers in the first place (minimization is our primary security control). No system is 100% secure; use of the Service is at your own risk.
12. Changes to This Policy
We may update this policy. Material changes will be notified via the Service. The "Last updated" date reflects the latest revision. If we introduce any form of user accounts, email collection, or persistent storage of customer data, this policy will be updated before such changes take effect.
13. Contact
info@partynestplan.com
PartyNestPlan — sole proprietorship, Luxembourg