Privacy Policy

Last updated: 2025

1. Introduction

This Privacy Policy describes how The Birthday Poster ("we," "our," or "us") collects, uses, and protects your personal information when you use our website at birthdayposter.com (the "Service").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This policy explains your privacy rights and how the law protects you.

2. Data Controller Information

The Birthday Poster is a personal project, not a commercial entity. For any privacy-related inquiries, you can contact us at:

Email: hello@birthdayposter.com

3. Information We Collect

3.1 Personal Information You Provide

When you create an account or use our Service, we may collect:

  • Account Information: Email address, name, and authentication data through secure authentication services
  • Profile Information: Information you provide when creating personalized posters
  • Communication Data: Information you provide when contacting us

3.2 Information Automatically Collected

We automatically collect certain information when you visit our Service:

  • Usage Data: Pages visited, time spent, clicks, and user interactions (via analytics services)
  • Device Information: Browser type, operating system, IP address (anonymized)
  • Cookies: Essential and analytics cookies as described in our Cookie Policy

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a)): For analytics tracking and non-essential cookies
  • Contract Performance (Article 6(1)(b)): To provide the Service and maintain your account
  • Legitimate Interest (Article 6(1)(f)): For essential website functionality and security

5. How We Use Your Information

We use your personal information for the following purposes:

  • Service Provision: To create and deliver personalized birthday posters
  • Account Management: To maintain your user account and authentication
  • Communication: To respond to your inquiries and provide support
  • Analytics: To understand how users interact with our Service and improve functionality
  • Security: To detect and prevent fraud, abuse, and security threats

6. Data Storage and Security

6.1 Data Storage

Your data is stored using the following services:

  • Database Services: User data and poster information (EU region)
  • Cloud Hosting: Website hosting and deployment infrastructure
  • Analytics Services: Analytics data (EU-hosted instance)

6.2 Security Measures

We implement appropriate technical and organizational security measures including:

  • Encryption of data in transit and at rest
  • Secure authentication systems
  • Regular security updates and monitoring
  • Access controls and data minimization principles

7. Data Sharing and Third Parties

We only share your data with the following trusted third-party services necessary for our operations:

  • Authentication Services: For secure user authentication
  • Analytics Services (EU): For website analytics (with your consent)
  • Database Services: For secure data storage
  • Cloud Hosting: For website hosting and performance

We do not sell, trade, or otherwise transfer your personal information to third parties for commercial purposes.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Until you delete your account or request data deletion
  • Analytics Data: Up to 1 year, or until consent is withdrawn
  • Session Data: Duration of your session or up to 30 days

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of Access (Article 15): Request copies of your personal data
  • Right to Rectification (Article 16): Request correction of inaccurate data
  • Right to Erasure (Article 17): Request deletion of your personal data
  • Right to Restrict Processing (Article 18): Request limitation of data processing
  • Right to Data Portability (Article 20): Request transfer of your data
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for analytics and non-essential processing

To exercise any of these rights, please contact us at hello@birthdayposter.com. We will respond within 30 days of receiving your request.

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

11. International Data Transfers

While we primarily use EU-based services, some data processing may occur outside the European Economic Area (EEA). When this happens, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Certification schemes and codes of conduct

12. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Any automated processing is limited to basic website functionality and analytics.

13. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws. You can find contact information for EU data protection authorities at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or prominent website notice
  • Obtain your consent where required by law

16. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: hello@birthdayposter.com

Response Time: We will respond to your inquiry within 30 days