Cofetti: privacy policy for creating and sending greeting cards and invitations with AI

Cofetti and Cofetti Party Shop are brands of Cofetti (“Cofetti”, “we”, “us”, “ours”). We are the place to go for custom digital invitations, including stationery, for event management tools and services that help people gather more easily and meaningfully in real life and virtually (collectively “Services”), and for purchasing related event supplies and decorations (collectively “Products”). We provide (i) Services globally through our website https://www.cofetti.ai (including mobile site and Cofetti Blog) (“Cofetti Site” or “Site”), and our mobile applications (“Apps”), (collectively “Sites” or “Apps”).

This Privacy Policy describes how Cofetti collects, uses, shares and otherwise processes personal data that we control in connection with providing our Services and Products to you, how you may share personal data through the Services, and the choices Users have concerning our privacy practices. We interact with three categories of individuals:

Users – individuals who use Cofetti to design and distribute invitations, order related Products, and facilitate and manage events.

Recipients – individuals who receive an invitation to an event or greeting through our Services.

Other visitors whose interactions with us are limited to browsing our Sites or Apps, or interacting with us on social media. We refer to Users, Recipients and other visitors, together as User or Users.

If you have any questions or concerns about our use of your personal data or would like to exercise your choices in relation to your personal data, please contact us using the contact details provided in this Privacy Policy.

This Privacy Policy does not apply to personal data we process when we provide Services to a business. In those instances, we process personal data related to Recipients and Users on behalf of the business in our capacity as a service provider/processor for the business. Our use of that data is governed by our contract with the business. Cofetti is not responsible for the privacy policies or privacy practices of business customers, and you should direct any questions or requests concerning that data to the business.

Personal Data That We Collect

The personal data you provide to us varies depending on how you interact with us:

All Users:

• If you submit a request through our Sites or otherwise contact us, you may provide us with your name, email address or other contact information to respond to you and resolve your request.

• If you interact with our pages on social media platforms, such as Facebook, Instagram, and Twitter, you or the platforms may provide us with information through the platform.

Users:

• When you register to use the Services and order Products, you voluntarily give us certain personal data, including your name, zip code, email address, and username. If you register for a Cofetti account by logging in using your social media account (including Facebook, Google and Apple), we receive information from these accounts according to your settings and the privacy policies and terms of service of the social media platforms, so please check those policies and terms to understand the privacy practices of those platforms.

• When you use the Services, you may provide event-related personal data including your name, email address, phone number, address book, messages with Recipients, photos, gifs, videos, graphics or other content (collectively “User Content”).

• If you buy Cofetti Coins (described in our Cofetti Terms of Service), or other Products on the Party Shop Site, one or more of our payment service providers will collect from you payment information (including payment card number, security code associated with the card, expiration date, zip code and country) (please see “How We Share Personal Data” section for more information).

• We collect information you choose to provide to us when you complete any “free form” boxes on our Sites or Apps (for example, our preference page, or a survey submission). We may collect personal data you disclose on other areas of our Sites and Apps, or when you contact us for help.

• You may order event-related Products, such as party decorations and party supplies on the Cofetti Party Shop Site. If you choose to make these purchases, you may provide us information related to the items you purchase, transaction and payment data, and shipping information.

• We will collect and store a history of events you have created, sent and received in your Cofetti account for future reference. This may include information from Event and Manage Pages, which contain relevant event information, User Content, and Recipient lists. Any Product order history will be stored in your Party Shop Site account.Recipients:

Recipients:

• If you click on an invitation link and voluntarily give us your personal data, such as your name and email address, your name will be added to the User’s Recipient list, which may be public.

• If you do not have a registered account, Cofetti may store the data associated with your email address, telephone number or other identifier. If you register for a Cofetti account in the future, we will populate your event history in your account dashboard.

• When you respond to an event through the Services, you may voluntarily provide personal data when messaging the User and other Recipients, or posting publicly on the Event Page. This personal data may include photos, gifs, videos, or other User Content.

Sensitive Personal Data

Our Services are not designed to collect sensitive personal data. To the extent you choose to provide this data – for example, if you include it in the title of your event or other User Content – we will handle this information as we would any other details you make public to your audience. We do not share personal data except as described in the “How We Share Personal Data” section of this Privacy Policy.

Automatically Collected Data

When you use the Services or order Products, the following information is created and automatically logged in our systems:

• Log Data. Information that your browser automatically sends whenever you visit the Sites, or that the Apps automatically send when you use them. Log data includes the device’s IP address, browser type and settings, the date and time of your request, and how you interacted with the Sites and Apps. Your geographic location determines which Services and Products, disclosures, features, and third-party content will be available to you.

• Cookies. Information from cookies and other technologies stored on your device (together, “Cookies”). A Cookie is a piece of information stored on your browser or device. We use Cookies to make it easier for you to use the Services during future visits by identifying your browser or device, and helps us monitor traffic on our Sites and Apps. Our third-party vendors and service providers may also place Cookies on your browser through your interaction with our Sites. These Cookies may be used to collect and store information about your browsing activities over time and across different websites.

• Device Information. Includes the type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. The information collected may depend on the type of device you use and its settings.

• Usage Information. We collect information about how you use our Services, and order our Products such as the types and categories of content that you view or engage with, the features you use, the actions you take, the other Users you interact with and the time, frequency and duration of your activities. For example, this includes whether you open and respond or act on an event invitation or marketing emails.

How We Use Personal Data

We use the personal data we collect for the following purposes:

To Provide and Support Our Services and Products

• We use personal data to perform our contractual obligations under our Terms of Service, such as:

• To authenticate Users, provide the Services and Products and related support, process transactions and respond to your requests;

• To send you real-time email or push notifications of certain actions related to your Event Page or Recipient activity;

• To manage our relationship with you, which includes sending you information relating to our Services and Products, or requesting you to review or respond to a survey.

To Improve, Monitor, Personalize, and Protect Our Services and Products

• It is in our legitimate interests to improve and keep our Services safe for our users, which includes:

• To administer and protect our business and the Services, prevent fraud, criminal activity, or misuse of our Sites and Apps, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support).

• To investigate and protect against fraudulent, harmful, unauthorized or illegal activity.

• To better understand how visitors interact with our Services, including to ensure that our Sites are presented in the most effective manner for you or your device.

• To conduct analytics to inform our Products and marketing strategy and enable us to enhance and personalize our communications and the experience we offer to our Users.

• To provide other customized Services, Products and communications that may be relevant or of interest to you.

• To create anonymized, de-identified and/or aggregated data for commercial, statistical and market research purposes.

• To conduct research.

To Enforce Our Agreements, to Comply with Legal Obligations and to Defend Us Against Legal Claims or Disputes

• We may use your personal data in our legitimate interests to enforce and comply with our Terms and Policies; protect our and others’ rights, privacy, safety, or property; to ensure the integrity of our Services; to defend ourselves against legal claims or disputes; and to recover payments due to us. Some processing may also be necessary to comply with a legal obligation, for example to keep records of transactions, or as requested by any judicial process or governmental agency.

For Marketing and Advertising Purposes

• Email Communications. We will send you updates and information about our new Services and Products or other promotions by email. Where required by law, we will only send Users marketing emails with their consent. You can unsubscribe or opt out at any time, via (1) the email preference page linked to the email, or (2) in your account settings on the Cofetti Site. If you opt out of receiving marketing emails, Users may continue to initiate emails to invite you to their events, and we may send you non-marketing emails regarding your Cofetti account, and in response to your requests. If you have any questions about the communications we may send you, please contact us.

• Offsite Targeted Advertising. We may use personal data to show you Cofetti advertising on other websites you visit, following your interaction with our Sites, and to measure the effectiveness of our advertising. We may use Cookies when you visit our Sites for these purposes. This allows us to tell you about new Services and Products you have expressed an interest in by browsing on our Sites, or that we believe will be of interest to you in the future, and to understand if you visited our Sites or purchased our Services or Products after seeing our advertising.

• Where required by law, if you choose to subscribe to our marketing and advertising, we process your personal data based on your consent, which you may withdraw at any time.

How We Share Personal Data

We share personal data and other information with certain third parties in the following circumstances:

Service Providers. We may share your personal data with third party companies and individuals that provide services and products on our behalf or help us operate our Services and provide our Products (such as customer support, analytics, email delivery, marketing, advertising measurement, and database management services).

Advertising Partners. We may share your personal data with third party advertising companies, including for the offsite Cofetti targeted advertising described above.

Business Users. If you use the Services as an authorized user on behalf of a business, we may share your account information, event information, and personal data with that business.

Professional advisors. We may share personal data with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, your personal data and other information may be transferred to a successor or affiliate as part of that transaction.

Legal Requirements. If required to do so by law, applicable regulation or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of Users, or the public, or (iv) protect Cofetti against legal liability.

How You May Share Personal Data on Cofetti

We allow Users to share their data (or direct us to share their data), including with other Users and the public. Users may share their personal data with:

• Other Users: by sharing event information, RSVPs and User Content with other Users, including Recipients.

• Social Media Platforms: by posting User Content related to your events and your use of our Services or Products to social media.

• Public: by establishing a public profile, you may share certain of your profile information publicly via our Apps and the Sites. This information may include your event information, RSVPs, and the Users you follow.

Your Rights and Choices

Updating Your Account. If you have an account, and need to change or correct your personal data, you may update it yourself in your account settings, on our Sites or in our Apps.

Communications and Service Choices. You have the following choices in connection with our Services:

• You may go to account settings on the Site (if you have a registered Cofetti account), app settings (if you have downloaded our Apps), or settings on your mobile device, and determine what, if any, real-time email, or push notifications you want to receive, including Event Page comments and private messages.

• You can opt out of receiving any associated event email communications, at any time via (1) the preference page linked in the footer of every email sent through the Services.

• You can withdraw consent to receive text messages by replying “STOP.” We will send you a text to confirm you have unsubscribed, and going forward, we will not send any text message invitations through our Services. Alternatively, you may respond to a text message with “HELP” to contact our Customer Support.

• As a User, you may choose whether the Recipient list, Recipient responses and comments are visible to other invited Recipients on the Event Page, or private to you.

• As a Recipient, if you prefer that your name not appear on the Event Page Recipient list, you may message the User.

Privacy Rights. We also offer you choices that affect how we handle the personal data that we control. You may request the following in relation to your personal data:

Information about how we have collected and used your personal data. We have made this information available to you without having to request it by including it in this Privacy Policy.

Access to a copy of the personal data that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.

Correction of personal data that is inaccurate or out of date for the purpose for which we collected or use this data.

Deletion of personal data that we no longer need to provide the Services, deliver Products, or for other lawful purposes.

Opt Out of Sharing of Your Personal Data. We share personal data with advertising partners that display offsite Cofetti targeted advertising to Users around the web. You can opt out of our targeted advertising by enabling the Global Privacy Control setting within the browser that you use to access our Site. We do not sell personal data.

Additional rights, such as to object to and request that we restrict our use of your personal data, and where applicable, you may withdraw your consent.

To make a request, please contact us using the information provided on the site. We may ask for specific information from you to help us confirm your identity. Depending where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Limits on Your Rights and Choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a feature of our Services you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may contact us. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals.

Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected and processed in accordance with our retention policies and applicable laws, or until you withdraw your consent (where applicable). You can also delete any Apps downloaded on your mobile devices.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications in accordance with our policies.

To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case it is no longer personal data.

International Data Transfers

Cofetti is based in the U.S. When you use the Services or order Products, you provide your personal data directly to us in the U.S. We may transfer your personal data to our affiliates and service providers, as described in the ‘How We Share Personal Data’ section above. These service providers and affiliates may be located in the U.S. and other jurisdictions that may not provide the same protections as the data protection laws in your home country. In these instances, where required by applicable law, we will ensure that relevant safeguards are in place to afford adequate protection for your personal data. For more information about how we transfer personal data internationally, please contact using the information provided on the Site.

Data Privacy Framework. Cofetti complies with the EU-U.S. and Swiss-U.S. Data Privacy Framework, and the UK Extension to the Data Privacy Framework, as set forth by the U.S. Department of Commerce regarding the transfer of personal data from the European Economic Area (“EEA”), Switzerland, and the UK to the U.S. Cofetti has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the policies in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.

We may be accountable for the personal data that we transfer to third-party service providers. If such service providers process personal data in a manner inconsistent with the Data Privacy Framework Principles, we are responsible for the harm caused.

Recourse, Enforcement, Liability. In compliance with the Data Privacy Framework Principles, we commit to resolve complaints about our collection or use of your personal data. EEA, Swiss, and UK individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us using the information on the Site.

We have further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules/.

If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For additional information, please visit: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

We are subject to investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to personal data received or transferred pursuant to the Data Privacy Framework.

Links to Other Websites

The Site may contain links to or integrations from other websites not operated or controlled by us (“Third Party Sites”), including social media websites and services such as the Shopify Shop Pay wallet feature on our Party Shop Site. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of such Third-Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.

Security

We maintain organizational, administrative and technical safeguards designed to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

Changes to Our Privacy Policy

We may change this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Services.