auto_awesome Legal

Privacy Policy

Last updated: February 1, 2026

1. Overview

Reveal Party (reveal-party.com) ("we," "us," or "Service"), operated by Mikasa Labs, helps hosts create a gender-reveal guessing poll, collect RSVPs, and run a celebratory reveal. We are committed to protecting your privacy and only collect the minimum data needed to operate the Service.

This Privacy Policy applies globally and is designed to comply with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other international privacy regulations.

2. Information We Collect

2.1 Information You Provide

Event Hosts: Email address (for authentication), event details (event name, date, deadline), and optional customization settings.

Event Guests: Optional name and message when voting or RSVPing, depending on host settings. Guests are not required to create accounts.

2.2 Automatically Collected Information

Analytics (with consent): When you consent to analytics, we collect usage data through Google Analytics including pages visited, interactions, device type, browser type, and approximate location (city/region level).

Technical Data: IP address (anonymized for analytics), browser user agent, and timestamp of access for security and service operation purposes.

2.3 Payment Information

Payment processing is handled by Stripe. We do not store credit card information. Stripe processes payment data according to PCI-DSS standards. We receive only transaction confirmation data (payment status, transaction ID).

3. How We Use Your Information

We use collected information to:

  • Provide and operate the Service
  • Authenticate event hosts via email
  • Process payments for event activation
  • Send service-related communications (authentication links, payment confirmations)
  • Improve the Service through analytics (with your consent)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contractual Necessity: Processing required to provide the Service you requested
  • Consent: Analytics and optional features (withdrawable at any time)
  • Legitimate Interests: Service improvement, fraud prevention, and security
  • Legal Obligation: Compliance with applicable laws and regulations

5. Cookies and Similar Technologies

Essential Cookies: Authentication session cookies required for service functionality (no consent required).

Analytics Cookies: Google Analytics cookies are set only after you provide explicit consent through our consent banner. These cookies help us understand how the Service is used.

You can manage cookie preferences through our privacy preferences link in the footer or through your browser settings.

6. Data Sharing and Disclosure

We do not sell your personal data.

We share data only in the following circumstances:

  • Service Providers: Firebase (Google Cloud) for hosting and authentication, Stripe for payment processing, Google Analytics for usage analytics (with consent). All providers are contractually bound to protect your data.
  • Legal Requirements: When required by law, court order, or to protect our rights and safety.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you).

7. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for transfers outside your region
  • Adequacy decisions recognized by relevant authorities
  • Service provider compliance with applicable privacy frameworks

8. Data Retention

Event Data: Retained for 90 days after event date or license expiration, whichever is later, to provide recap access.

Authentication Data: Retained while your account is active and for up to 1 year after last login for security purposes.

Analytics Data: Retained according to Google Analytics settings (maximum 26 months).

Payment Records: Transaction records retained for 7 years for tax and accounting requirements.

9. Your Privacy Rights

9.1 Rights for All Users

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Opt-Out: Decline or withdraw analytics consent at any time

9.2 Additional Rights for GDPR (EEA/UK Users)

  • Data Portability: Receive your data in machine-readable format
  • Restrict Processing: Limit how we process your data
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
  • Lodge a Complaint: File a complaint with your local supervisory authority

9.3 Additional Rights for CCPA (California Users)

  • Know: Know what personal information is collected, used, and shared
  • Delete: Request deletion of personal information
  • Opt-Out of Sale: We do not sell personal information
  • Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights

9.4 Additional Rights for LGPD (Brazil Users)

  • Confirmation of processing and access to data
  • Anonymization, blocking, or deletion of unnecessary data
  • Portability to another service provider
  • Information about entities with which data is shared

9.5 Exercising Your Rights

To exercise any of these rights, contact us at the email address in Section 14. We will respond within the timeframes required by applicable law (typically 30 days, or 45 days for CCPA requests).

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Firestore security rules limiting data access to event owners only

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities as required by applicable law, typically within 72 hours of discovery for GDPR compliance.

12. Children's Privacy

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated by updating the "Last updated" date above. For significant changes, we may provide additional notice or request renewed consent where required by law.

Evolving Regulations: Privacy laws and regulations continue to evolve globally. We commit to updating this policy to maintain compliance with new and amended privacy legislation as it comes into effect.

14. Contact Information

For privacy questions, to exercise your privacy rights, or to file a complaint, contact us at:

hello-reveal-party [at] mikasa-labs.com

Data Protection Officer (where required): Same contact as above.

EU Representative: Mikasa Labs (contact address above).