Privacy Policy

1. Who We Are and Scope of this Policy

This Privacy Policy explains how The Paigow Wedding Venue LLC, a Texas limited liability company doing business as The Paigow and Pai (collectively, "Pai," "we," "us," or "our") collects, uses, discloses, safeguards, and retains information related to visitors and users of Pai's website and services. It applies to information collected through our marketing site, our web applications, and any related tools or communications that reference or link to this Policy. By visiting our site, submitting information, or using Pai's services, you agree to the practices described here.

Pai operates exclusively in the United States. Pai is not intended for users located in the European Union (EU) or European Economic Area (EEA). Pai does not target or knowingly serve users outside the United States at this time.

2. Eligibility and Children's Privacy

Pai is not for use by individuals under 18 for any purpose. Pai is intended solely for individuals who are at least 18 years old. We do not knowingly collect personal information from anyone under 18, and our services are not directed to minors. Because Pai requires all users to be at least 18 years old, this policy inherently satisfies the requirements of the Children's Online Privacy Protection Act (COPPA), which protects children under 13.

If we learn that a minor under 18 submitted personal information, we will delete it. If you believe a minor has provided personal information to Pai, contact us at connect@thepaigow.com.

3. Information We Collect

Pai collects information that you provide directly, information collected automatically as you use our website and services, and limited information obtained from subprocessors and analytics related to our marketing website. Pai does not sell personal information under any circumstances.

3.1 Information You Provide

Pai collects personal information you provide voluntarily through forms, account creation, and direct interactions. This may include:

• Account and Profile Data: Your name, preferred pronouns, email address, phone number, password, wedding date, and event preferences.
• Guest and Event Information: Guest names, plus-one names, RSVP status, child flags, and notes you enter about your event. Pai does not require guest email addresses, phone numbers, or postal addresses for core features.
• Communications: Messages you send to Pai through email correspondence or other communications channels.
• Payment and Subscription Information: Pai integrates with Stripe for payment processing. Pai does not store complete payment card numbers. Stripe handles financial data under its own privacy policy and applicable PCI standards.
• AI Prompts and Content: Prompts entered into Pai's AI concierge and the resulting AI-generated outputs, which may contain contextual wedding information used for personalization.
• Campaign Metadata: Standard marketing parameters from URLs (e.g., utm_source, utm_medium, utm_campaign, utm_term, and utm_content) to help evaluate the effectiveness of our outreach.

You choose whether to provide this information. If you do not provide certain data, some Pai features may be unavailable.

3.2 Information Collected Automatically

When you visit Pai's platform or marketing pages, certain technical data is automatically collected through our systems to maintain service functionality, security, and performance. This includes:

• Usage Information: Pages or features accessed, timestamps, referrer URLs, session duration, and error logs.
• Device and Network Data: IP address, device type, device manufacturer and model, operating system and version, browser type and version, screen dimensions, and approximate location at the city or region level derived from the IP address.
• Cookies and Local Storage: Pai uses cookies for authentication and local storage for analytics and visitor identification. Details on categories and controls appear in Section 8.

This data is used to secure the platform, deliver core functionality, analyze performance, and detect misuse or abnormal behavior.

3.3 Information from Third Parties

Pai may receive limited data from trusted subprocessors solely to facilitate service delivery:

• Stripe: Payment status, transaction identifiers, and metadata (no card details).
• Supabase: Hosting and database infrastructure.
• OpenAI: AI inference services; Pai sends limited contextual content for text generation, excluding guest contact information.
• Resend: Transactional email delivery service; Pai sends email addresses to Resend solely to deliver account-related communications.

Pai does not purchase external marketing lists or enrich user data with third-party sources.

3.4 Information Collected from Website Visitors

When you visit Pai's website (outside the logged-in platform), Pai automatically collects limited analytics and interaction data to understand website performance, visitor engagement, and marketing effectiveness.

Data We Collect

Pai may automatically collect:

• Pages visited and time spent on each page
• How you arrived at our site (referring website, search engine, or marketing campaign link), including campaign tracking parameters
• Device type, operating system, browser type and version, and full browser identification string ("User-Agent")
• General location (state and city level only) derived from your IP address
• IP address and browser information for security monitoring, fraud prevention, and bot detection
• A cryptographically hashed identifier from your IP address and browser information to recognize returning visitors (cannot be reversed)
• Buttons and links clicked (including button text, element identifiers, and destination links)
• Forms interacted with (which forms and fields, but NOT the values you enter)

Website analytics data is not linked to your name, email address, or user account unless you voluntarily provide personal information.

How We Use This Information

• Understand which pages, campaigns, and features visitors find most valuable
• Improve website usability, performance, and content relevance
• Measure the effectiveness of marketing campaigns
• Identify returning visitors using a browser-stored identifier or hashed IP addresses
• Detect and prevent bot traffic, spam, and abuse

Data Storage and Retention

• Website analytics are stored securely in Pai's U.S.-based Supabase database
• Analytics data is retained for up to 24 months
• Your browser stores a visitor identifier in local storage (deletable through browser settings)
• IP addresses are encrypted at rest for security; hashed identifiers are also generated and cannot be reversed
• After retention period, data is deleted or fully anonymized

Your Rights and Choices

• Know what data Pai collects and how it is used
• Request deletion of your data
• Opt out of non-essential marketing data collection

To exercise these rights, contact connect@thepaigow.com. Pai will respond within forty-five days.

3.5 Information Collected from Platform Users (Logged-In Accounts)

This section applies only to users who have logged into Pai's planning platform. It does not apply to website visitors.

When you create an account and use Pai's platform, we collect analytics data to operate, secure, and improve our service. This collection occurs regardless of your browser's "Do Not Track" setting because it is necessary to provide the service.

What We Collect

• Session data (login times, duration, pages accessed)
• Feature usage (which tools you use, navigation patterns)
• Error logs and debugging information
• Security monitoring data (IP address and browser info, encrypted at rest)
• Device and browser information (type, model, OS, screen dimensions)
• Performance metrics (page load times, system responsiveness)

Why We Collect This

• Security: Detect and prevent unauthorized access, fraud, and abuse
• Service Quality: Fix bugs, improve performance, ensure platform stability
• Product Development: Understand which features are valuable
• Legal Compliance: Maintain audit trails and comply with legal obligations
• Customer Support: Troubleshoot issues you report

What We Do NOT Collect

• We do not track your activity on external websites
• We do not sell your data to third parties
• We do not use this data for targeted advertising outside our platform

Your Rights

California residents and users in other jurisdictions with privacy rights may request access to or deletion of their data by contacting connect@thepaigow.com.

3.6 SMS Messaging (Optional Feature)

If you opt in to SMS messaging, Pai may collect and process:

• Your mobile phone number in E.164 format (stored encrypted)
• SMS message content you send to Pai for AI processing
• Message timestamps, delivery status, and conversation history

SMS messages are processed through Twilio and OpenAI API as named subprocessors. Message content is stored for service delivery and quality assurance but is never used to train AI models. Phone numbers and message content are encrypted at rest.

You may opt out at any time by replying STOP. Standard message and data rates apply. Rate limits: 60 messages per hour, 180 messages per 24 hours per phone number.

3.7 Summary

Pai collects only the information necessary to operate, secure, and improve its services. Personal data is collected only with your consent, stored exclusively in the United States, and handled under strict privacy safeguards.

4. How We Use Information

Pai uses information only for legitimate and disclosed purposes:

• Account Creation and Management: Register accounts, authenticate users, maintain sessions, and provide core features.
• AI-Assisted Planning: Personalize recommendations and generate wedding planning content. When using AI, Pai may include limited contextual event information but not guest contact information.
• Service Delivery and Improvement: Operate, maintain, secure, and enhance the website and application.
• In-House Analytics: Analyze aggregate usage trends and feature performance without selling personal information.
• Communications: Respond to inquiries, send service announcements, and notify users of policy updates.
• Marketing: Measure the effectiveness of paid advertising campaigns by analyzing referral sources.
• Security and Fraud Prevention: Protect accounts, investigate suspicious activity, and prevent misuse.
• Legal Compliance: Satisfy applicable laws and enforce our Terms of Service.

Pai does not sell personal information. Pai may share anonymized, aggregated metrics publicly (e.g., high-level trends).

5. How We Share Information

Pai shares information only as described below and only to the extent necessary to operate our services.

Service Providers and Subprocessors

• Supabase: Data hosting and database services in United States regions
• Stripe: Payment processing (Pai does not store full payment card data)
• Render, Vercel, or similar: Application and website hosting
• OpenAI: AI inference via API (excluding guest contact information)
• Twilio: SMS messaging services
• Resend: Transactional email delivery
• Facebook and Instagram: Advertising technologies (if marketing cookies enabled)

Other Sharing

• Business Transfers: In mergers, acquisitions, or sales, information may transfer subject to continued protection.
• Legal Requirements: Disclosure when required by law, subpoena, or court order.
• With Your Direction: When you ask or authorize us to share.

Pai does not sell or rent personal information. Under certain state privacy laws, use of marketing cookies may be considered a "share." See Section 12 for opt-out options.

6. AI-Specific Data Practices

This section applies only to users of Pai's AI planning features within the logged-in platform.

Pai's AI features personalize content using your profile and planning inputs. To manage privacy risks:

• Limited Context Sent to OpenAI: Pai may include guest names, RSVP status, child flags, and event notes, but NOT guest emails, phone numbers, or postal addresses.
• No Model Training: Pai does not train models using your PII. OpenAI API inference does not grant rights to train on your data.
• Local Storage of Logs: Prompt and response logs are stored in Supabase for quality assurance and abuse prevention.
• Aggregated Metrics Only: Any published statistics are anonymized and cannot identify individuals.
• User Responsibility: You remain responsible for verifying AI outputs and avoiding sensitive information in prompts.

7. Data Storage, Location, and Security

• Hosting Location: Pai stores data in the United States using Supabase and related infrastructure. Pai does not intentionally process data outside the U.S.
• Encryption: Data in transit uses TLS. Data at rest is encrypted within the hosting environment. Pai uses Fernet (AES-128-CBC) for application-layer encryption of names and sensitive fields. IP addresses are encrypted at rest on both the marketing website and the logged-in platform.
• Access Controls: Production data access is limited to authorized employees with role-based, logged access.
• Monitoring and Logging: Application and security logs are maintained for error analysis and abuse detection.
• Security Program: Pai follows common SaaS security practices and intends to pursue third-party auditing in 2026.
• Incident Response: If a breach is confirmed, Pai will notify affected users within seven days of confirmation.

No system is perfectly secure. Pai implements commercially reasonable safeguards and continually improves its security posture.

8. Cookies, Local Storage, and Similar Technologies

Pai uses cookies and browser local storage to operate and improve the website and application:

• Essential Cookies: Required for authentication, core features, and security. Disabling may prevent the service from functioning.
• Preference Cookies: Remember settings and preferences like session choices.
• Analytics Visitor Identification (localStorage): A randomly generated identifier stored in your browser to recognize returning visitors. Does not contain personal details and cannot track you across other websites. Deletable through browser settings. If unavailable (private browsing), a temporary IP-based method is used.
• Analytics Cookies: Support in-house measurement. Pai does not use third-party analytics platforms.
• Marketing Cookies: May be used for Facebook and Instagram advertising if enabled. Such use may be considered a "share" under state privacy laws.

Users can control cookies through browser settings. Blocking cookies may impact functionality. See Section 12 for marketing cookie opt-outs.

9. Data Retention and Deletion

Pai retains personal information only as long as necessary:

• Active Accounts: Retained for the life of the account.
• Inactive Accounts: Deleted or anonymized within 12 months of inactivity, subscription expiration, or wedding date.
• User-Initiated Deletion: PII removed from production systems; backup deletion within 90 days.
• Anonymization: Operational records archived in anonymized form with the user-identity mapping deleted.
• Verification: Pai verifies account ownership and confirms deletion by email.
• Legal Holds: Records may be preserved where required for legal obligations.

10. Your Rights and Choices

Pai offers the following rights to all users in the United States:

• Access and Correction: Request a summary of your personal information and corrections by emailing connect@thepaigow.com.
• Deletion: Request deletion of PII. Backups purged within 90 days. Anonymized data may be retained.
• Marketing Opt-Out: Use unsubscribe links or contact us.
• Cookie Choices: Manage cookies in your browser (see Section 8).
• Do Not Sell or Share: Pai does not sell data. Opt out of marketing cookie "sharing" by contacting us.
• Data Portability: Pai does not provide automated exports. Reasonable efforts for specific data requests where legally required.
• Do Not Track: Pai respects DNT signals for website visitors. Logged-in operational collection continues per Terms of Service.

Pai will acknowledge requests within 7 days and respond within 45 days.

11. State-Specific Disclosures

11.1 Texas Data Privacy and Security Act (TDPSA)

Pai complies with the TDPSA to the extent applicable, providing notice of data practices, allowing access and deletion requests, honoring opt-out requests, and maintaining appropriate safeguards.

11.2 California and Other State Privacy Rights

Pai does not sell personal information. Marketing cookies may be deemed a "share" under some state laws. Users may opt out by contacting us and managing browser cookie settings. Pai will not discriminate against users exercising their rights.

11.3 Colorado, Virginia, and Other States

Where state laws grant rights to access, delete, correct, or opt out of targeted advertising, Pai will honor those rights. Requests: connect@thepaigow.com.

11.4 SMS Messaging Terms

Pai offers optional SMS messaging for AI wedding concierge access. By opting in (sending your first text), you agree to:

• Receive automated AI-generated responses via SMS
• Standard message and data rates apply
• Messages processed through Twilio and OpenAI API
• Message content stored for service delivery
• Phone numbers encrypted at rest (Fernet/AES-128-CBC)

SMS Controls

• Opt-Out: Reply STOP to unsubscribe
• Opt-In: Reply START to resubscribe
• Help: Reply HELP for support

Rate Limits and Technical Details

• 60 messages per hour, 180 per 24 hours per phone number
• Sessions expire after 12 hours of inactivity
• Message length: Up to 1,600 characters (10 SMS segments)

Pai Is Not Responsible For

• SMS delivery delays or failures by your carrier
• Carrier messaging costs
• AI response accuracy (responses are suggestions only)

Questions: connect@thepaigow.com

12. Advertising, "Do Not Sell or Share," and Opt-Out

Pai may use marketing cookies for Facebook and Instagram advertising if enabled. This may constitute a "share" under some state laws. You can opt out by:

• Emailing connect@thepaigow.com with subject "Marketing Opt-Out"
• Blocking third-party cookies in your browser
• Using Facebook and Instagram's ad personalization settings
• Do Not Track: Pai respects DNT signals, disabling all marketing analytics tracking when enabled

Pai does not sell personal information for money. Pai does not rent personal information.

Note: For logged-in platform users, operational data collection continues regardless of DNT settings, as necessary to provide the service.

13. Third-Party Links and User-Provided External Content

Pai may allow users to include links to third-party sites such as Pinterest or Instagram. Pai is not responsible for the content, privacy, or security practices of external sites. This Policy does not apply to third-party websites. Review their privacy policies before sharing information.

14. Law Enforcement, Fraud, and Safety

Pai may access, preserve, and disclose information to law enforcement or government authorities when required by law or in good faith belief that such action is necessary to protect users, investigate fraud, secure our services, or respond to lawful process. Disclosures are limited to the minimum information necessary.

15. International Use

Pai currently operates only in the United States and is not intended for users in the European Union (EU) or European Economic Area (EEA). Pai does not intend to offer services outside the United States or transfer personal information internationally at this time.

16. Changes to this Privacy Policy

Pai may update this Privacy Policy to reflect changes in law, technology, or business operations.

• Material changes: Pai will notify users by email, display a notice at login, and require explicit acceptance before continued platform access. Seven days advance notice where feasible.
• Non-material changes: Effective upon posting.

The version and effective date are listed at the top. Pai retains records of accepted versions for audit and compliance.

17. Data Subject Request Process

To exercise rights described in Section 10 or submit privacy questions:

1. Email connect@thepaigow.com from your account email address.
2. Include your full name, account email, a clear description, and relevant context.
3. Pai will acknowledge receipt within 7 days and respond within 45 days.
4. For deletion requests, Pai will verify ownership and confirm completion by email.

If you believe your request wasn't handled properly, reply with "Request for Review" in the subject line for a secondary review.

18. Security Incidents and Notifications

Pai maintains controls to prevent, detect, and respond to security incidents. If a breach is confirmed that results in unauthorized access to personal information, Pai will notify affected users within seven days, taking into account law enforcement needs. Additional notices may be provided as required by law.

19. Data Integrity and Minimization

Pai collects and processes only the information necessary to operate and improve the service. Pai implements controls to discourage unnecessary PII in AI prompts, including filters that detect obvious emails, phone numbers, and sensitive identifiers. Users should avoid including sensitive information in free-text inputs and remain responsible for content they submit.

20. Your Responsibilities

You are responsible for:

• Maintaining the accuracy of your profile information
• Safeguarding your login credentials
• Using Pai in accordance with the Terms of Service
• Not uploading information you don't have the right to share
• Not misusing Pai to store sensitive information not required for event planning
• Reviewing and verifying AI outputs before relying on them

21. Contact Information

Questions or concerns about this Privacy Policy can be directed to:

Pai may update contact information from time to time. Current details will be posted on our website.

22. Acknowledgment

By visiting our site or using Pai's services, you acknowledge that you have read this Privacy Policy and agree to its terms. If you do not agree, do not use Pai's website or services.