Legal

Privacy Policy

Last updated: April 3, 2026

1. Who We Are

birthday.tools is an event planning platform that helps users create and manage celebrations, wishlists, and invitations. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller: birthday.tools
Contact: [email protected]

2. Data We Collect

Account Data

  • Name, email address, phone number (optional)
  • Password (hashed, never stored in plain text)
  • Language and currency preferences
  • OAuth provider data (Google ID, Apple ID) when using social login

Event Data

  • Event details: title, date, time, location, description
  • Guest lists: names, emails, RSVP status, dietary notes
  • Wishlist items, poll responses, potluck items
  • Budget and timeline entries
  • Uploaded photos and invitation cards

Technical Data

  • IP address (used for phone number placeholder detection, not stored)
  • Browser type and version
  • Session data (cookies)
  • Google Analytics data (anonymized)

3. How We Use Your Data

  • Service delivery: Creating and managing events, sending invitations and reminders
  • Authentication: Account creation, login, password recovery
  • Communication: Email notifications about events (RSVP updates, reminders, wishlist activity)
  • Improvement: Analytics to understand usage patterns and improve the platform
  • Security: Fraud prevention, abuse detection

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to provide the service you signed up for
  • Consent: Optional features like email notifications, push notifications, social login
  • Legitimate interest: Analytics, security, platform improvement

5. Third-Party Services

  • Google Analytics — anonymized usage analytics. Google Privacy Policy
  • Google OAuth — social login (we receive your name, email, profile ID). Google Privacy Policy
  • Apple Sign In — social login (we receive your name, email or relay email, user ID). Apple Privacy Policy
  • SMTP (Gmail) — email delivery for notifications and reminders

6. Cookies

We use essential cookies only:

  • Session cookie (PHPSESSID) — maintains your login session. HttpOnly, Secure, SameSite=Lax.
  • Apple OAuth cookies — temporary cookies for Apple Sign In flow. SameSite=None, deleted after use.
  • Google Analytics cookies — _ga, _gid for anonymized analytics.

We do not use advertising cookies or tracking pixels.

7. Data Retention

  • Account data is retained as long as your account is active
  • Event data is retained until the event is deleted by the organizer
  • You can delete your account and all associated data at any time by contacting us
  • Archived events are retained for 12 months, then automatically deleted

8. Your Rights (GDPR)

You have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data via your account settings
  • Erasure — request deletion of your account and data
  • Portability — receive your data in a machine-readable format (CSV export)
  • Restriction — request limitation of processing
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — opt out of notifications in your account settings

To exercise any of these rights, contact us at [email protected].

9. Data Security

  • Passwords are hashed using bcrypt
  • Sensitive data (event passwords) is encrypted with per-user keys
  • All connections use HTTPS/TLS
  • Session cookies are HttpOnly, Secure, SameSite=Lax
  • CSRF protection on all forms
  • Prepared statements for all database queries (SQL injection prevention)

10. Children's Privacy

birthday.tools is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top indicates the latest revision.

12. Contact

For any privacy-related questions or requests:

Email: [email protected]
Website: birthday.tools