Privacy Policy

Last updated: October 11, 2025

Entity: Polyform Holdings LLC ("Polyform," "we," "us")

Address: 2108 N St #4598, Sacramento, CA 95816

Contact (privacy): info@pardon.party

Quick summary (plain English)

  • We built Pardon Party to be fun and low‑friction. There's no account required.
  • We store gift metadata, certificate metadata, optional sender messages, and basic logs/analytics.
  • We don't collect confessional free text.
  • We use Stripe (payments), AWS us‑west‑2 (hosting), Resend (emails), PostHog (analytics), and Meta/Google pixels on marketing pages.
  • You can request access and portability of your data. Additional rights may apply under state law (see California section).
  • This Policy applies to US users 18+.

1) Scope & audience

This Privacy Policy describes how Polyform collects, uses, and discloses personal information when you visit or use Pardon Party in the United States. The Service is intended for adults 18+.

2) What we collect

A) Information you provide

Purchases/Gifts: Gift type, theme, tone, allowed redemptions, expiration, and optional sender message and nickname.

Support: If you email us, we receive your email address and message content.

We do not ask for or store free‑form confessional text about "sins." The experience uses pre‑set categories and light prompts.

B) Information we collect automatically

Technical data: IP address, device/browser type, OS, pages viewed, timestamps, referral URLs.

Cookies & analytics: We use PostHog to understand aggregate usage (e.g., which buttons are clicked).

Marketing pixels: Meta and Google pixels may be present on marketing pages (e.g., landing/pricing). We do not place those pixels inside strictly necessary redemption flows where not appropriate.

C) Payment data

Payments are processed by Stripe. We receive limited info from Stripe (e.g., last 4 digits, card brand, transaction status). We do not store full card numbers.

3) How we use information

  • Provide, operate, and improve the Service (including generating certificates and validating redemptions).
  • Process payments and send transactional emails/links (via Resend).
  • Prevent fraud, abuse, security incidents, and misuse.
  • Measure and improve marketing performance on our marketing pages.
  • Comply with legal obligations, enforce terms, and protect our rights.
  • With your opt‑in, send newsletters/updates (you can unsubscribe anytime).

4) What we store and for how long (retention defaults)

We use AWS us‑west‑2. We keep data only as long as we need it for the purposes above, then delete or de‑identify it.

Gift metadata: Stored until the gift expires (180 days) plus 180 days for fraud/accounting, then minimized/anonymized.

Certificate metadata: Stored for 180 days after creation, then deleted.

Sender message with gift: Stored until the gift is redeemed or expires (180 days), then deleted within 30 days.

IP & device/usage logs: 30–90 days (security logs up to 90; routine web logs around 30), then deleted or aggregated.

Transactional emails (via Resend): Message metadata retained by the provider per their policies; we keep minimal references for delivery and support for up to 90 days.

Cookies/analytics events (PostHog): Event‑level data retained up to 12 months; aggregated analytics retained longer without identifiers.

We do not persist certificate images by default. Where a temporary image file is generated to fulfill a download/share, it uses a short‑lived path or signed URL and is removed within 24 hours.

These are defaults typical for services like ours. Some records may be kept longer if required by law (e.g., tax, accounting, security).

5) Legal bases (FYI)

While we operate only in the US, the ways we use data would generally rely on: performance of a contract (providing the Service), legitimate interests (security, analytics), consent (newsletter, cookies/pixels where required), and legal obligations (tax, fraud prevention).

6) Sharing/disclosure

We share information with:

Service providers:

  • Stripe (payments)
  • AWS (hosting/us‑west‑2)
  • Resend (transactional emails)
  • PostHog (analytics)

Marketing partners: Meta and Google pixels on marketing pages for ads measurement and optimization.

Legal & safety: When required by law, to respond to lawful requests, or to protect our rights or users.

Business transfers: If we undergo a merger, acquisition, or asset sale.

We do not sell personal information for money. We may "share" limited device/cookie data with advertising partners for cross‑context behavioral advertising on marketing pages. See the California section for opt‑out controls.

7) Your choices & rights

Access & portability (available to all users): Email info@pardon.party to request a copy of your personal information associated with your purchases or codes. We may need to verify you (e.g., via order email or code).

Marketing emails: You can unsubscribe at any time via the email footer or by contacting us.

Cookies/pixels: Use the cookie banner/preferences on our site to control optional cookies and pixels.

"Do Not Track": We currently do not respond to browser DNT signals. We honor Global Privacy Control (GPC) where feasible as an opt‑out of sale/sharing on our marketing pages.

Deletion: While our default global rights are Access and Portability, if your state law grants deletion rights, we will honor verified deletion requests as required. Contact info@pardon.party.

8) California notice (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) may give you additional rights:

  • Right to know/access categories and specific pieces of personal information we collected about you.
  • Right to delete personal information (subject to exceptions, e.g., security, fraud prevention, and required recordkeeping).
  • Right to correct inaccurate information.
  • Right to opt‑out of "sale" or "sharing" for cross‑context behavioral advertising. We do not sell personal information for money, but we may share device/cookie data with Meta/Google on marketing pages.
  • Right to limit use of sensitive personal information: We do not intentionally collect sensitive categories.

How to exercise:

  • Access/know, delete, correct: Email info@pardon.party.
  • Opt‑out of sale/sharing: Use our "Do Not Sell or Share My Personal Information" link (recommended route) or email us. We also endeavor to honor GPC signals on marketing pages.

We will not discriminate against you for exercising your rights. We do not knowingly sell or share the personal information of individuals under 16.

9) Children

The Service is for adults (18+) only. We do not knowingly collect personal information from children. If you believe a minor has provided information, contact info@pardon.party and we will delete it.

10) Security

We use reasonable administrative, technical, and physical safeguards (e.g., HTTPS/TLS in transit, access controls, least‑privilege on production systems). No method of transmission or storage is 100% secure. You are responsible for safeguarding any gift codes or links you purchase.

11) International transfers

We host in AWS us‑west‑2. Our providers may process data in other locations in order to provide their services (e.g., email routing). By using the Service, you understand that your information may be transferred, processed, and stored in the United States and, where applicable, other countries where our providers operate.

12) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, if changes are material, provide reasonable notice (e.g., on‑site banner). Continued use means you accept the updated Policy.

13) Contact

Questions or privacy requests? info@pardon.party

Abuse/misuse reports: info@pardon.party

DMCA/IP: info@pardon.party

← Back to Home