The Paigow Planning Platform

1. Who We Are and Scope of this Policy

This Privacy Policy explains how The Paigow Wedding Venue LLC, DBA "Pai" (collectively, "Pai," "we," "us," or "our") collects, uses, discloses, safeguards, and retains information related to visitors and users of Pai's website and services. It applies to information collected through our marketing site, our pre-beta and beta web applications, and any related tools or communications that reference or link to this Policy. By visiting our site, submitting information, or using Pai's services, you agree to the practices described here.

Pai operates exclusively in the United States. Pai does not target or knowingly serve users outside the United States at this time.

2. Eligibility and Children's Privacy

Pai is intended for individuals who are at least 18 years old. Pai is not directed to children under 13 and does not knowingly collect personal information from them, in accordance with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from anyone under 18, and our services are not directed to minors. If we learn that a minor under 18 submitted personal information, we will delete it. If you believe a minor has provided personal information to Pai, contact us at connect@thepaigow.com.

3. Information We Collect

Pai collects information that you provide directly, information collected automatically as you use our website and services, and limited information obtained from subprocessors and analytics related to our marketing website. Pai does not sell personal information under any circumstances.

3.1 Information You Provide

Pai collects personal information you provide voluntarily through forms, account creation, and direct interactions. This may include:

Account and Profile Data: Your name, email address, password, wedding date, and event preferences.

Guest and Event Information: Guest names, plus-one names, RSVP status, child flags, and notes you enter about your event. Pai does not require guest email addresses, phone numbers, or postal addresses for any features, and the system includes filters to discourage entry of such personally identifiable information (PII) in free-text fields.

Communications: Messages you send to Pai through our "Contact" or "Join Waitlist" forms, email correspondence, or other communications channels.

Payment and Subscription Information: Pai integrates with Stripe for payment processing. Pai does not store complete payment card numbers. Stripe handles financial data under its own privacy policy and applicable PCI standards.

AI Prompts and Content: Prompts entered into Pai's AI concierge and the resulting AI-generated outputs, which may contain contextual wedding information used for personalization.

Pai may also collect campaign-related metadata when you submit forms, including standard marketing parameters from URLs (e.g., utm_source, utm_medium, utm_campaign, utm_term, and utm_content) to help evaluate the effectiveness of our outreach.

You choose whether to provide this information. If you do not provide certain data, some Pai features may be unavailable.

3.2 Information Collected Automatically

When you visit Pai's platform or marketing pages, certain technical data is automatically collected through our systems to maintain service functionality, security, and performance. This includes:

Usage Information: Pages or features accessed, timestamps, referrer URLs, session duration, and error logs.

Device and Network Data: IP address, device type, operating system, browser type, and approximate location at the city or region level derived from the IP address.

Cookies and Local Storage: Pai uses cookies for authentication, analytics, and marketing. Details on categories and controls appear in Section 8 ("Cookies and Tracking Technologies").

This data is used to secure the platform, deliver core functionality, analyze performance, and detect misuse or abnormal behavior.

3.3 Information from Third Parties

Pai may receive limited data from trusted subprocessors solely to facilitate service delivery:

Stripe – Payment status, transaction identifiers, and metadata (no card details).

Supabase – Hosting and database infrastructure.

OpenAI – AI inference services; Pai sends limited contextual content for text generation, excluding guest contact information.

Pai does not purchase external marketing lists or enrich user data with third-party sources.

3.4 Information Collected from Website Visitors

When you visit Pai's website (outside the logged-in platform), Pai automatically collects limited analytics and interaction data to understand website performance, visitor engagement, and marketing effectiveness.

Data We Collect

Pai may automatically collect:

Pages visited and time spent on each page.
How you arrived at our site (for example, referring website, search engine, or marketing campaign link), including campaign tracking parameters such as source, medium, campaign name, keywords, and content identifiers.
Device type, operating system, browser type and version, and full browser identification string (called "User-Agent") used for device detection and filtering automated traffic.
General location (state and city level only) derived from your IP address.
IP address and browser information (used to recognize returning visitors when browser storage is unavailable, and to prevent spam and abuse). We generate a hashed identifier from this information that cannot be reversed to determine your actual IP address.
Buttons and links clicked (including button text, HTML element identifiers, and destination links).
Forms interacted with (which forms and which fields you interact with, but NOT the values you enter).

All website analytics data is collected anonymously and is not linked to any personal identifiers such as name or email address. We do not associate this browsing information with your identity unless you voluntarily provide your name and email — for example, by submitting a "Join Waitlist" or "Contact" form.

How We Use This Information

Pai uses website analytics information to:

Understand which pages, campaigns, and features visitors find most valuable.
Improve website usability, performance, and content relevance.
Measure the effectiveness of marketing campaigns, including Facebook and Instagram advertising.
Identify returning visitors using a browser-stored identifier or, when browser storage is unavailable, hashed IP addresses.
Detect and prevent bot traffic, spam, and abuse.

Data Storage and Retention

Website analytics and interaction data are stored securely in Pai's U.S.-based Supabase database.
Pai retains analytics data for up to 12 months for aggregate performance review and to understand long-term trends.
Your browser stores a visitor identifier in local storage that allows us to recognize you on return visits. You may delete this at any time through your browser settings.
IP addresses are cryptographically hashed and cannot be reversed. We use hashed IP addresses only when browser storage is unavailable.
After the retention period, analytics data is either deleted or fully anonymized for statistical use.

Your Rights (CCPA and Similar Laws)

Under the California Consumer Privacy Act (CCPA), the Texas Data Privacy and Security Act (TDPSA), and similar U.S. privacy laws, you have the right to:

Know what data Pai collects and how it is used.
Request deletion of your data.
Opt out of non-essential marketing data collection.

To exercise these rights, contact Pai at connect@thepaigow.com. Pai will verify your request and respond within the legally required timeframe.

3.5 Information Collected from Platform Users (Logged-In Accounts)

This section applies only to users who have logged into Pai's planning platform. It does not apply to website visitors or waitlist signups.

When you create an account and use Pai's platform, we collect analytics data to operate, secure, and improve our service. This collection occurs regardless of your browser's "Do Not Track" setting because it is necessary to provide the service you have contracted for under our Terms of Service.

What We Collect:

Session data (login times, duration, pages accessed within the platform)
Feature usage (which tools and features you use)
Error logs and debugging information (to fix issues you encounter)
Security monitoring data (to detect unauthorized access and fraud)
Performance metrics (page load times, system responsiveness)

Why We Collect This:

Security: Detect and prevent unauthorized access, fraud, and abuse
Service Quality: Fix bugs, improve performance, ensure platform stability
Product Development: Understand which features are valuable and improve user experience
Legal Compliance: Maintain audit trails and comply with legal obligations
Customer Support: Troubleshoot issues you report to our support team

What We Do NOT Collect for Logged-In Users:

We do not track your activity on external websites
We do not sell your data to third parties
We do not use this data for targeted advertising outside our platform

Your Rights:

California residents and users in other jurisdictions with privacy rights may request access to or deletion of their data by contacting connect@thepaigow.com. Some data may be retained as required by law or necessary for security and legal obligations.

3.6 Summary

Pai collects only the information necessary to operate, secure, and improve its services. Personal data is collected only with your consent, stored exclusively in the United States, and handled under strict privacy safeguards.

4. How We Use Information

Pai uses information only for legitimate and disclosed purposes. These include:

Account creation and management: To register accounts, authenticate users, maintain sessions, and provide core features.
AI-assisted planning: To personalize recommendations, generate wedding planning content, and support task organization. When using AI, Pai may include limited contextual event information such as guest names, plus-one names, RSVP status, and child flags, but not guest emails, phone numbers, or postal addresses.
Service delivery and improvement: To operate, maintain, secure, and enhance the website and application, including debugging, incident response, and quality assurance.
In-house analytics: To analyze aggregate usage trends, feature performance, and product adoption without selling personal information.
Communications: To respond to inquiries, send service announcements, notify users of policy updates, and administer account or billing notices where applicable.
Marketing: To measure the effectiveness of paid advertising campaigns, including Facebook and Instagram, by analyzing referral sources and campaign parameters from marketing links.
Security and fraud prevention: To protect accounts, investigate suspicious activity, prevent misuse, and comply with legal obligations.
Legal compliance: To satisfy applicable laws, regulations, lawful requests, and enforce our Terms of Service.

Pai does not sell personal information. Pai may share anonymized, aggregated metrics publicly, for example, high-level trends such as the most common planning tasks over a recent period.

5. How We Share Information

Pai shares information only as described below and only to the extent necessary to operate our services.

Service Providers and Subprocessors:

Supabase for data hosting and database services in United States regions.
Stripe for payment processing. Pai does not store full payment card data.
Render, Vercel, or similar hosting and delivery providers used for application and website operations.
OpenAI as a named subprocessor for AI inference via API. Pai sends limited contextual content for personalization, excluding guest emails, phone numbers, and postal addresses.
Pai may use Facebook and Instagram advertising technologies if marketing cookies are enabled. See Section 8 for details.

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, Pai may transfer information in connection with such a transaction, subject to continued protection consistent with this Policy.

Legal Requirements: Pai may disclose information where required by law, subpoena, or court order, or when we believe disclosure is necessary to protect rights, safety, or the integrity of our services.

With Your Direction: We may share information if you ask or authorize us to do so.

Pai does not sell personal information and does not rent personal information. Under certain state privacy laws, the use of marketing cookies for targeted advertising may be considered a "share." See Section 12 for your opt-out options.

6. AI-Specific Data Practices

This section applies only to users of Pai's AI planning features within the logged-in platform. It does not apply to website visitors or waitlist signups.

Pai's AI features personalize content using your profile and planning inputs. To manage privacy risks around AI processing, Pai establishes the following rules:

Limited Context Sent to OpenAI: Pai may include guest names, plus-one names, RSVP status, child flags, and event notes for personalization, but not guest email addresses, phone numbers, or postal addresses. Pai applies guardrails to discourage or block entry of sensitive identifiers in free-text prompts.
No Model Training Using Your Data: Pai does not train proprietary generative models using user or guest PII. Pai's integration with OpenAI uses API inference and does not grant Pai rights to train models on your personal information.
Local Storage of Prompt Logs: Pai stores prompt and response logs in Supabase for quality assurance, abuse prevention, and product improvement.
Public Metrics Are Aggregated Only: Pai may publish anonymized usage statistics, such as high-level trends, that cannot identify any couple or guest.
User Responsibility: Users remain responsible for verifying AI outputs and for avoiding entry of prohibited or sensitive information in prompts.

7. Data Storage, Location, and Security

Hosting Location: Pai stores data in the United States using Supabase and related infrastructure providers. Pai does not intentionally process data outside the United States.
Encryption: Pai encrypts data in transit using TLS and encrypts stored data at rest within the hosting provider environment. Pai uses industry-standard application-layer encryption (AES-256) to protect your personal information. Your name and email address are encrypted before being stored in our database. Your IP address is collected for security and fraud prevention purposes but is not encrypted.
Access Controls: Access to production data is limited to authorized employees who are bound by confidentiality and IP assignment obligations. Access is role-based and logged.
Monitoring and Logging: Pai maintains application and security logs for error analysis, system performance, and abuse detection.
Security Program: Pai follows security controls aligned with common SaaS practices and intends to pursue formal third-party security auditing in 2026.
Incident Response: If Pai becomes aware of a confirmed data breach affecting personal information, Pai will notify affected users without unreasonable delay and generally within seven days of confirmation, consistent with applicable law and the nature of the incident.

No system can be guaranteed to be perfectly secure. Pai implements commercially reasonable safeguards and continually improves its security posture.

8. Cookies, Local Storage, and Similar Technologies

Pai uses cookies and browser local storage to operate and improve the website and application. Categories include:

Essential Cookies: Required for authentication, core features, and security. Disabling essential cookies may prevent the service from functioning.
Preference Cookies: Remember settings and preferences like session choices.
Analytics Visitor Identification (localStorage): Pai uses browser local storage to assign a randomly generated identifier to website visitors. This identifier allows us to recognize returning visitors and measure how our website is used over time without relying on third-party cookies. The identifier does not contain any personal details such as your name, email address, or contact information, and cannot be used to track your activity across other websites. We do not share this identifier with third parties or use it for cross-site tracking. You can delete this identifier at any time by clearing your browser's local storage through your browser settings. If browser storage is unavailable (such as in private browsing mode), we use a temporary method based on your IP address and browser type, which is less persistent and resets when your network or browser changes.
Analytics Cookies: Support Pai's in-house measurement of usage and performance. Pai does not use third-party analytics platforms at this time.
Marketing Cookies: Pai may use marketing cookies to support paid advertising on Facebook and Instagram if enabled. These cookies or pixels may help measure conversions, attribute traffic sources, and improve ad relevance. Such use may be considered a "share" under certain state privacy laws.

Users can control cookies and local storage through browser settings. Blocking or removing cookies may impact site functionality. You can clear your analytics visitor identifier at any time through your browser's "Clear browsing data" settings. For information about marketing cookie opt-outs, see Section 12.

9. Data Retention and Deletion

Pai retains personal information only as long as necessary for the purposes described in this Policy or as required by law.

Active Accounts: We retain personal information for the life of the account.
Inactive or Non-Renewed Accounts: If your account is inactive or non-renewed, Pai will take steps to delete or anonymize personal information within twelve months of the earlier of inactivity, subscription expiration, or wedding date, consistent with the Terms of Service. Waitlist signups that do not convert to active platform accounts will be deleted or anonymized within twelve months of submission.
User-Initiated Deletion: Upon a valid deletion request or account deletion, Pai removes personally identifiable information from production systems and schedules encrypted backup deletion within ninety days.
Anonymization: Pai archives certain operational records and AI logs in anonymized form. Pai deletes the mapping that links anonymized records to a specific user identity, preventing reidentification. Anonymized, aggregate data may be retained indefinitely for analytics and service improvement.
Verification and Confirmation: Pai will verify account ownership for deletion requests and will provide a confirmation email once deletion is complete, describing what was deleted and what anonymized information may be retained.
Legal Holds: Where required for legal obligations or dispute resolution, Pai may preserve limited records for the minimum period necessary.

10. Your Rights and Choices

Your choices and rights may vary by state law, but Pai offers the following to all users in the United States:

Access and Correction: You may request a summary of your personal information and request correction of inaccuracies by emailing connect@thepaigow.com from the address associated with your account.
Deletion: You may request deletion of your personal information. Deletion removes PII and schedules related backups for purge within ninety days. Certain anonymized or aggregated information may be retained for analytics and security.
Marketing Opt-Out: You may opt out of marketing communications at any time by using the unsubscribe instructions in an email or by contacting connect@thepaigow.com.
Cookie Choices: You can manage cookies in your browser. See Section 8 for categories and implications.
Do Not Sell or Share: Pai does not sell personal information. Where state laws define targeted advertising or marketing cookies as a "share," you may opt out by contacting connect@thepaigow.com and adjusting browser settings to limit third-party cookies.
Data Portability: Pai does not provide automated exports of full account datasets at this time. If you request a copy of specific data elements, Pai will make reasonable efforts to provide them in a commonly used format where technically feasible and legally required.
Do Not Track: Pai respects the "Do Not Track" browser signal for website visitors. When DNT is enabled, we disable all analytics tracking on our marketing pages. Note that operational data collection continues for logged-in platform users as necessary to provide the service under our Terms of Service.

Pai will acknowledge privacy requests within seven days and will act on verifiable requests within a reasonable period, typically within forty-five days, subject to allowed extensions under applicable law.

11. State-Specific Disclosures

11.1 Texas Data Privacy and Security Act (TDPSA)

Pai complies with the Texas Data Privacy and Security Act to the extent applicable. Pai provides notice of data practices, allows reasonable access and deletion requests, honors opt-out requests related to targeted advertising cookies, and maintains safeguards appropriate to the sensitivity of data processed.

11.2 California Consumer Privacy Act (as amended by CPRA)

Pai does not sell personal information. Pai may use marketing cookies that could be deemed a "share" for targeted advertising. California residents may opt out of such sharing by contacting connect@thepaigow.com and by managing browser cookie settings. Pai will not discriminate against users for exercising their rights.

11.3 Colorado, Virginia, and Other States

Where state laws grant rights to access, delete, correct, or opt out of targeted advertising, Pai will honor those rights consistent with the processes described in this Policy. Requests can be submitted to connect@thepaigow.com.

12. Advertising, "Do Not Sell or Share," and Opt-Out

Pai may use marketing cookies to support paid advertising on Facebook and Instagram if enabled. This use may constitute a "share" under some state laws. You can opt out by any of the following:

Contact connect@thepaigow.com with the subject line "Marketing Opt-Out."
Adjust your browser to block third-party cookies and clear existing cookies from our website.
Use device-level settings or platform tools provided by Facebook and Instagram to limit ad personalization.
Browser "Do Not Track": Pai respects the Do Not Track (DNT) browser signal. When enabled, we disable all analytics tracking on our marketing website as described in Section 3.4, including: page visits, time tracking, referrer information, campaign parameters, device and browser detection, location data, IP logging, button and link clicks, scroll depth, and form interactions. Basic error logging for site functionality continues.

Pai does not sell personal information for money. Pai does not rent personal information.

Note:

For logged-in users of Pai's platform, operational data collection continues as described in Section 3.5 regardless of DNT settings, as this is necessary to provide the service under our Terms of Service.

13. Third-Party Links and User-Provided External Content

Pai may allow users to include links to third-party sites such as Pinterest or Instagram. Pai is not responsible for the content, privacy, or security practices of external sites. This Policy does not apply to third-party websites or services. Review the privacy policies of those sites before sharing or submitting information.

14. Law Enforcement, Fraud, and Safety

Pai may access, preserve, and disclose information to law enforcement or government authorities when required by law or in good faith belief that such action is necessary to protect users, investigate fraud or abuse, secure our services, or respond to lawful process. Disclosures are limited to the minimum information necessary to satisfy the request consistent with applicable law.

15. International Use

Pai currently operates only in the United States and does not intend to offer services to individuals located outside the United States. Pai does not transfer personal information internationally at this time.

16. Changes to this Privacy Policy

Pai may update this Privacy Policy from time to time to reflect changes in law, technology, or business operations. For material changes, Pai will notify users by email to the address associated with their account, display a notice at login, and require explicit acceptance in-product before continued access to the platform. Where feasible, Pai will provide seven days of advance notice for material changes. Non-material changes, such as corrections or formatting updates, are effective upon posting.

The version and effective date are listed at the top of this document. Pai retains records of accepted versions for audit and compliance purposes.

17. Data Subject Request Process

To exercise rights described in Section 10 or to submit privacy questions:

Email connect@thepaigow.com from the email address associated with your account.
Include your full name, account email, a clear description of the request, and any relevant context.
Pai will acknowledge receipt within seven days and respond within a reasonable period, typically within forty-five days, subject to permitted extensions where necessary.
For deletion requests, Pai will verify ownership and will send a confirmation email once deletion is complete, including a description of what was deleted and what anonymized information may be retained.

If you believe your request has not been handled in accordance with this Policy or applicable law, reply to the thread with "Request for Review" in the subject line, and Pai will conduct a secondary review.

18. Security Incidents and Notifications

Pai maintains controls intended to prevent, detect, and respond to security incidents. If Pai confirms a breach of security that results in unauthorized access to personal information, Pai will notify affected users without unreasonable delay and generally within seven days after confirmation, taking into account law enforcement needs and the nature of the breach. Pai may provide additional notices where required by law.

19. Data Integrity and Minimization

Pai collects and processes only the information necessary to operate and improve the service. Pai implements controls and guardrails designed to discourage the entry of unnecessary PII into AI prompts, including filters that detect obvious emails, phone numbers, or other sensitive identifiers. Users should avoid including sensitive or prohibited information in free-text inputs and remain responsible for the content they submit.

20. Your Responsibilities

You are responsible for maintaining the accuracy of your profile information, safeguarding your login credentials, and using Pai in accordance with the Terms of Service and Acceptable Use requirements. Do not upload or enter information you do not have the right to share. Do not misuse Pai to store or transmit sensitive information not required for event planning. Review and verify AI outputs before relying on them for any decision.

21. Contact Information

Questions or concerns about this Privacy Policy, Pai's data practices, or your privacy rights can be directed to:

Pai
Boerne, Texas, USA
Email: connect@thepaigow.com

Pai may update this contact information from time to time. The current contact details will be posted on our website.

22. Acknowledgment

By visiting our site or using Pai's services, you acknowledge that you have read this Privacy Policy and agree to its terms. If you do not agree, do not use Pai's website or services.