It’s getting spooky at the Party Shop with new Halloween party supplies to match your invitations. 🎃 Shop now.

Paperless Post Privacy Policy

Effective Date: October 12, 2021
Paperless Post and Paperless Post Party Shop are brands of Paperless Inc. (“Paperless Post”, “we”, “us”, “ours”). We are the place to go for custom digital invitations, including stationery, for event management tools and services that help people gather more easily and meaningfully in real life and virtually (collectively “Services”), and for purchasing related event supplies and decorations (collectively “Products”). We provide (i) Services globally through our website https://www.paperlesspost.com (including mobile site and Paperless Post Blog) (“Paperless Post Site” or “Site”), and our mobile applications (“Apps”), and (ii) Products in the U.S. through our website on the Shopify platform at https://partyshop.paperlesspost.com (“Party Shop Site”) (collectively “Sites” or “Apps”).
This Privacy Policy describes how Paperless Post collects, uses, shares and otherwise processes personal data in connection with providing our Services and Products, how you may share personal data through the Services and Products, and choices Users have concerning our privacy practices.

We interact with three categories of individuals:

  • Hosts – individuals who use Paperless Post to design and distribute invitations, order related Products, and facilitate and manage events;

  • Guests – individuals who use Paperless Post to design and distribute invitations, order related Products, and facilitate and manage events;

  • Other visitors whose interactions with us are limited to browsing our Sites or Apps.

We refer to Hosts, Guests and other visitors, together as User or Users.
When we provide Services to a business, we process information related to Guests or Hosts on behalf of that business in our capacity as a service provider/processor of the data. Our use of that information is governed by our contract with the business. Paperless Post is not responsible for the privacy policies or privacy practices of business customers.
If you have any questions or concerns about our use of your personal data or would like to exercise your choices in relation to your personal data, please contact us using the contact details provided in this Privacy Policy.
We provide additional information for European residents and California residents below.
Personal Data That We Collect
The personal data you provide to us varies depending on your purpose in interacting with our Services and Products:

Hosts:

  • When you register to use the Services and order Products, you voluntarily give us certain personal data, including your name, zip code, email address, and username. If you register for a Paperless Post account by logging in using your social media account (including Facebook, Google and Apple), we receive information from these accounts according to your settings and the privacy policies and terms of service of the social media platforms, so please check those policies and terms to understand the privacy practices of those platforms.

  • When you use the Services, you may provide event-related personal data including your name, email address, phone number, address book, messages with Guests, photos, gifs, videos, graphics or other content (collectively “User Content”).

  • If you buy Paperless Post Coins (described in our Paperless Post Terms of Service), or other Products on the Party Shop Site, one or more of our payment service providers will collect from you payment information (including payment card number, security code associated with the card, expiration date, zip code and country) (please see “How We Share Personal Data” section for more information).

  • We collect information you choose to provide to us when you complete any “free text” boxes in our forms (for example, our preference page, or a survey submission). We may collect personal data disclosed by you in other areas of our Sites and Apps, or when you contact us for help.

  • You may order event-related Products, such as party decorations and party supplies on the Paperless Post Party Shop Site. If you choose to make these purchases, you may provide us information related to the items you purchase, transaction and payment data, and shipping information.

  • We will collect and store a history of events created, sent and received in your Paperless Post account for future reference. This may include information from Event Pages, which contain relevant event information, User Content, and Guest lists. Any Product order history will be stored in your Party Shop Site account.

Guests:

  • If you click on an invitation link and voluntarily respond by giving us your personal data, such as your name and email address, your name will be added to the Host’s Guest list, which may be public.

  • If you do not have a registered account, Paperless Post may store the data associated with your email address, telephone number or other identifier. If you register for a Paperless Post account in the future, we will populate your event history in your account dashboard.

  • When you respond to an event through the Services, you may voluntarily provide personal data when messaging the Host and other Guests, or posting publicly on the Event Page, including photos, gifs, videos, or other User Content.

Automatically Collected Data

When you use the Services or order Products, the following information is created and automatically logged in our systems:

  • Log Data. Information that your browser automatically sends whenever you visit the Site, or that the Apps automatically send when you use them. Log data includes the device’s IP address, browser type and settings, the date and time of your request, and how you interacted with the Sites. Your geographic location determines which Services and Products, disclosures, features, and third party content will be available to you.

  • Cookies. Information from cookies and other technologies stored on your device (together,“Cookies”). Please see the ”Cookies” section below and our Cookie Policy to learn more about how we use Cookies and your choices regarding Cookies.

  • Device Information. Includes the type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.

  • Usage Information. We collect information about how you use our Services, and order our Products such as the types and categories of content that you view or engage with, the features you use, the actions you take, the other Users you interact with and the time, frequency and duration of your activities. For example, this includes whether you open and act on event invitation notices or marketing emails.

How We Use Data

We use the personal data we collect for the following purposes:

  • To Provide Our Services and Products and to Operate Our Business
    • To authenticate Users, provide the Services and Products and related support, process transactions and respond to your requests;

    • To send you real-time email or push notifications of certain actions related to your Event Page or Guest activity;

    • To better understand how visitors interact with our Sites and ensure that our Sites is presented in the most effective manner for you or your device;

    • To conduct analytics to inform our product and marketing strategy and enable us to enhance and personalize our communications and the experience we offer to our Users;

    • To manage our relationship with you, which includes sending account information to you relating to our Services and Products, changes to our terms, conditions, and policies, and requesting you review or respond to a survey;

    • To create anonymized, de-identified and/or aggregated data for commercial, statistical and market research purposes;

    • To conduct or assist research;

    • To administer and protect our business and the Sites, prevent fraud, criminal activity, or misuse of our Sites, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data); and

    • To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our subsidiary, you or other third parties, and to recover payments due to us.

  • For Marketing Purposes
    • Email Communications. We will send you updates and information about our new Services and Products or other promotions by email. Where required by law, we will only send Users marketing emails with their consent. You can unsubscribe or opt out at any time, via (1) the email preference page linked to every email sent through the Services (unsubscribe here), or (2) in your account settings on the Paperless Post Site (click here). If you opt out of receiving marketing emails, Hosts may continue to initiate emails to invite you to their events, and we may send you non-marketing emails regarding your Paperless Post account, and in response to your requests. If you have any questions about the communications we may send you, please Contact Us.

    • Offsite Targeted Advertising. We may show you Paperless Post advertising on other websites you visit, following your interaction with our Site, through the use of Cookies when you visit our Site. The purpose is to tell you about new Services and Products you have expressed an interest in by browsing on our Site, or that we believe will be of interest to you in the future. You can limit online tracking as described in our Cookie Policy.

How We Share Personal Data

We share personal data and other information with certain third parties in the following circumstances:

  • Service Providers. We may share your personal data with third party companies and individuals that provide services and products on our behalf or help us operate our Services (such as Customer Support, hosting, analytics, email delivery, marketing, and database management services), and provide our Party Shop Products for you to order and us to deliver.

  • Advertising Partners. We may share your personal data with third party advertising companies, including for the offsite Paperless Post targeted advertising described above. For details on the third parties that may place Cookies through our Sites, and information on your choices, please see our Cookie Policy.

  • Business Users. If you use the Services as an authorized user on behalf of a business, your account information, event information, and personal data may be shared with that business.

  • Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, your personal data and other information may be transferred to a successor or affiliate as part of that transaction.

  • Legal Requirements. If required to do so by law, applicable regulation or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of Paperless Post, (iii) act in urgent circumstances to protect the personal safety of Users, or the public, or (iv) protect Paperless Post against legal liability.

How You May Share Personal Data on Paperless Post

We allow Users to share their data (or direct us to share their data), including with other Users and the public. Users may share their personal data with:

  • Other Users: by sharing event information, RSVPs and User Content with other Users, including Guests.

  • Social Media Platforms: by posting User Content related to your events and your use of our Services or Products to social media.

  • Public: by establishing a public profile, you may share certain of your profile information publicly via our Apps and the Sites. This information may include your event information, RSVPs, and the Users you follow.

Your Choices

In this section, we describe the rights and choices available to all Users. Users who are located in California and the EU/UK can find additional information about their rights below.

  • As a Guest, if you open an invitation, you agree to receive that invitation and any associated event email communications, unless you withdraw consent by unsubscribing or opting out. You can opt out at any time via (1) the preference page linked in the footer of every email sent through the Services (unsubscribe here), (2) in your account settings on the Paperless Post Site (click here), or (3) Contact Us.

  • You can withdraw consent to receive text messages by replying “STOP.” We will send you a text to confirm you have unsubscribed, and going forward, we will not send any Text invitation messages through our Services. Alternatively, you may respond to a text message with “HELP” to contact our Customer Support.

  • As a Host, you may choose whether the Guest list, Guest responses and comments are visible to other invited Guests on the Event Page, or private to you.

  • You may go to account settings on the Site (if you have a registered Paperless Post account), app settings (if you have downloaded our Apps), or settings on your mobile device, and determine what, if any, real-time email, or push notifications you want to receive, including Event Page comments and private messages. Click here to find out more about account and app settings. If you do not have a Paperless Post account, you may Contact Us to suppress email or other notifications sent through the Services.

  • As a Guest, if you prefer that your name not appear on the Event Page Guest list, you may message the Host, or alternatively Contact Us to remove your name from the list.

  • While our Services are not designed to collect sensitive data, you may make certain sensitive data public if, for example, you send invitations relating to certain events, such as those associated with a political issue or campaign or religious activities or organizations. For EU/UK Users, we process this personal data on the basis that it has been manifestly made public by you.

Data Retention

We will keep your personal data until your account is deleted at your request, or for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g., for tax, legal, accounting or other purposes), whichever is the longer. You can also delete any Apps downloaded on your mobile devices. Click here to learn how to delete your account, or Contact Us if you do not have a registered account.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications in accordance with our policies.

To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case it is no longer personal data.

Update Your Information

If you have an account, and need to change or correct your personal data, you may update it yourself in your account settings, on our Sites or in our Apps, or Contact Us. We will address your request as required by applicable law.

Notice for California Residents

This section applies only to California residents. For purposes of this section, “personal data” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

Your California Privacy Rights. The CCPA grants individuals whose information is governed by the CCPA the following rights:

  • Information.You can request information about how we have collected and used your personal data during the past 12 months. We have made this information available to California residents without having to request it by including it in this Privacy Policy.

  • Access. You can request a copy of the personal data that we have collected about you during the past 12 months.

  • Deletion. You can ask us to delete the personal data that we have collected from you.

  • Opt Out of Sale of Your Personal Data. We do not sell personal data as the term is used in California law. Like many businesses, we use services that display offsite Paperless Post targeted advertising to users around the web. You can limit online tracking as described in our Cookie Policy. In addition, you may use Paperless Post to share information with others, as we explain in the section entitled “How You May Share Personal Data on Paperless Post.”

You are entitled to exercise the rights described above free from discrimination.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request.  If we deny your request, we will communicate our decision to you.

Exercising Your Rights. California residents can exercise the above privacy rights by submitting your request in your account settings on the Site, or if you do not have an account with us, Contact Us.

Verification. To protect your personal data from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete personal data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional personal data for verification. If we cannot verify your identity, we will not provide or delete your personal data.

Authorized Agents. You may submit a request to know or a request to delete your personal data through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us.

Additional Notices for California Residents

  • We may use Cookies on our Site that collect information about your browsing activities over time and across different websites following your use of the Sites. We may allow third party service providers and other third parties to do the same. Please see our Cookie Policy or Contact Us to learn more about how we use Cookies and your choices.

  • We currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received.

Notice for European Residents

Scope. This section applies if you are a User in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway, and, to the extent applicable, Switzerland) and the UK.

Data Controller. Paperless Inc. is the data controller for your personal data (except we act as a data processor for personal data that we process on behalf of our business customers). To find out our contact details and the contact information of our data protection representative in the EU/UK pursuant to Article 27 of the European Union General Data Protection Regulation, please see the Contact Us section below.

Legal Basis for Processing. We use your personal data only as permitted by law. Our legal bases for processing the personal data described in this Privacy Policy are described in the table below.

Processing PurposeLegal Basis
  • To authenticate Users, provide the Services and related support, process transactions and respond to your requests

Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal data based on our legitimate interest in providing the services you access and request.

  • To send you real-time email or push notifications of certain actions related to your Event Page or Guest activity
  • To better understand how visitors interact with the Site and ensure that our Site is presented in the most effective manner for you or your device
  • To conduct analytics to inform our product and marketing strategy and enable us to enhance and personalize our communications and the experience we offer to our Users
  • To manage our relationship with you
  • To conduct or assist research
  • To administer and protect our business and the Site, prevent fraud, criminal activity, or misuses of our Site, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data)
  • Sharing your personal data as described in this Privacy Policy

These activities constitute our legitimate interests. We do not use your personal data for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

  • To comply with law

Processing is necessary to comply with our legal obligations

  • With your consent

Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.

Use for New Purposes. We may use your personal data for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Your Rights. Subject to EU/UK law, you have the following rights in relation to your personal data:

  • Right to Access. If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.

  • Right to Rectification. If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible.

  • Right to Erasure. You may ask us to erase your personal data in some circumstances, such as where you want to close your account, we no longer need it or you withdraw your consent (where applicable). If we shared your data with others, we will alert them to the need for erasure where possible.

  • Right to Restrict Processing. IYou may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible.

  • Right to Data Portability. You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.

  • Right to Object. You may ask us at any time to stop processing your personal data (for example, through the Paperless Post email unsubscribe link), and we will do so:

    • If we are relying on a legitimate interest (described in the “How We Use Data” section above) to process your personal data. However, we may continue processing if we can demonstrate compelling legitimate grounds for the processing, or your data is needed to establish, exercise, or defend legal claims; or

    • If we are processing your personal data for direct marketing purposes. However, we may keep minimal data about you (for example, in a suppression list) as necessary, for our and your legitimate interest, to ensure your opt out choices are respected in the future and to comply with data protection laws.

  • Right to Withdraw Consent. If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.

  • Right to Lodge a Complaint with the Data Protection Authority. If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the data protection authority that is authorized to hear those concerns (in the UK, the Information Commissioner’s Office (ICO), who can be contacted at https://ico.org.uk/concerns).

At any time you may login to your account settings on the Site, and submit your privacy right(s) request. If you do not have a registered account please Contact Us to exercise your rights.

Processing of Personal Data in the US. Paperless Post is based in the U.S. The U.S. may have data protection laws less stringent than or otherwise different from the laws in effect in the EU and UK. Transfers of your personal data to Paperless Post in the U.S. are necessary to perform the agreement we have entered into, or are about to enter into, with you as the User.

Privacy Shield. Paperless Post complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the transfer of personal data from the EU/UK and Switzerland to the U.S. Paperless Post has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Frameworks, and to view our certification page, please visit https://www.privacyshield.gov/.

We may be accountable for the Personal Data that we transfer to third-party service providers (described in the “How We Share Personal Data” section above). If such service providers process Personal Data in a manner inconsistent with the Privacy Shield Principles, we are responsible for the harm caused.

Recourse, Enforcement, Liability. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. EU/UK individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at privacy@paperlesspost.com. Further contact information can be found at Contact Us.

We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules/.

If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

We are subject to investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to personal data received or transferred pursuant to the Frameworks.

International Users

This Privacy Policy applies when you are using our Services globally. If you are accessing the Services from a country outside the United States, your personal data may be transferred from your current location to the offices and servers of Paperless Post and its authorized third-party business vendors located globally, including in the United States, and processed globally. These countries may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your personal data out of the country in which you are located and are required to establish a legal justification for such transfer, we will take steps to protect the personal data with an adequate level of security protection and your rights continue to be protected.

Children

Paperless Post does not knowingly collect personal data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal data to Paperless Post through the Sites or Apps please Contact Us and we will endeavor to delete that information from our databases.

Links to Other Websites

The Site may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites and services such as the Shopify Shop Pay wallet feature on our Party Shop Site. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of such Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.

Security

We maintain administrative and technical safeguards designed to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet is 100% secure. Therefore, while we strive to protect your data, we cannot guarantee its absolute security.

Cookies

A Cookie is a piece of information stored on your browser or device. We use Cookies to make it easier for you to use the Services during future visits by identifying your browser or device, and helps us monitor traffic on our Site. Our third party vendors and service providers may also place Cookies on your browser through your interaction with our Paperless Post Site or our Party Shop Site. The Cookies may be used to collect and store information about your browsing activities over time and across different websites, following your interaction with our Sites.

Where required by applicable law, we will not place certain types of Cookies through our Sites Cookie Policy, without your consent.

If you are based in the EU or UK and interact with our Paperless Post Site, we will first prompt you for your permission regarding the use of certain types of Cookies as described in our Cookie Policy, and if you agree and continue to use our Site we will place Cookies.

For more detail about specific Cookies and how to opt out, please see our Cookie Policy.

Changes to Our Privacy Policy

We may change this Privacy Policy at any time and when we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use the Sites and the Apps or providing us with information after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.

Contact Us

If you have any questions about our Privacy Policy or our data practices, please contact us at privacy@paperlesspost.com, or by post at:

Paperless Inc.
115 Broadway
New York, NY 10006
USA

Paperless Post Customer Support
+1 877-605-8644

If you are an individual in the EU or the UK, you can also contact VeraSafe, who has been appointed as Paperless Inc.’s representative in the EU and the UK for data protection matters, pursuant to Article 27 of the European Union General Data Protection Regulation, and Article 27 of the United Kingdom General Data Protection Regulation. VeraSafe can be contacted in addition to Paperless Inc., only on matters related to the processing of personal data.

To make a personal data processing inquiry, VeraSafe can be contacted:

if you reside in the EU at,
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
Contact form: https://www.verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
if you reside in the UK at,
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Contact form: https://www.verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.