birthdays.app
Privacy Policy
Privacy Policy
1. Introduction
Confetti Labs LLC ("Company," "we," "us," or "our") operates birthdays.app ("App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the App globally via various communication channels. By using the App, you consent to these practices.
2. Information We Collect
2.1 User-Provided Data: We collect information you or others (with your authorization) provide, such as contact details, names, dates, or other data necessary to deliver the Service.
2.2 Automatically Collected Data: We may collect technical data (e.g., device info, IP address, usage patterns) to operate, improve, or secure the App.
2.3 Contact Syncing Data: If you opt into syncing your phone contacts (where available), we collect only the data you explicitly authorize.
2.4 Third-Party Data: We may receive limited data from payment processors or messaging services to facilitate the Service.
2.5 Advertising and Analytics Data: We use third-party advertising technologies such as:
- Meta Pixel (Facebook/Instagram)
- TikTok Pixel and Events API
- X Ads Pixel (formerly Twitter Ads Pixel)
- Google Ads (Global Site Tag / gtag.js)
These services may receive hashed user identifiers (e.g., phone numbers or emails), page interaction data, and event metadata (such as completed signups or referral link clicks) for purposes including:
- Conversion tracking (e.g., measuring leads or purchases)
- Audience retargeting or exclusion (e.g., not showing ads to users who already signed up)
- Campaign performance reporting
Where applicable, identifiers are hashed using SHA-256 before transmission. Data is used in aggregate to help us improve our marketing and is not used to directly identify individual users.
2.6 First-Party Cookies: We may use first-party cookies to help advertising partners (such as TikTok, Meta, and Google) measure conversions, build custom audiences, and improve targeting on our site. These cookies may store pseudonymous identifiers and session data to enhance ad relevance and campaign reporting.
2.7 Facebook Importer Chrome Extension Data: If you choose to use our Facebook Importer Chrome extension ("Export Facebook Birthdays to birthdays.app"), it processes birthday information (names and dates) visible to you in your Facebook account. This data flows directly from your browser to our servers via your authentication code. The extension:
- Only reads data you can already see in your Facebook account
- Does not collect or store Facebook login credentials
- Does not post to or modify your Facebook account
- Temporarily stores data in your browser until import completion
- Requires your explicit action to import selected birthdays
3. How We Use Google User Data
We request only the minimum Google OAuth scopes necessary to identify and import birthdays:
calendar.readonly– to identify potential birthdays from your calendars.userinfo.email– to link your Google account with your App profile.
We use this data solely to help you find and import birthday events. If you choose to import, we retain only the names and birthdays you select—stored as standard app data, no longer linked to Google. All other calendar data is deleted immediately after import, or within 30 days if you disconnect or do not proceed.
Calendar data and OAuth tokens are encrypted at rest. Access is tightly controlled and limited to essential operations, consistent with industry standards.
We comply with Google's Limited Use requirements, including restrictions on use, sharing, and data retention.
An in-product privacy notice appears before you connect your Google Calendar, explaining what we access and why. It links to this full Privacy Policy.
You can revoke access at any time via your Google Account permissions.
4. How We Use Facebook Importer Data
When you use our Facebook Importer Chrome extension, we access only the birthday information visible to you in your Facebook friends list. This data is used solely to help you import selected birthdays into the App.
Data flow and security:
- Birthday data is transmitted directly from your browser to our servers
- You must provide a valid authentication code to complete the import
- Only the birthdays you explicitly select are saved to your account
- Non-selected data is immediately deleted from browser storage after import
- We never access your Facebook credentials or post to Facebook
The extension operates entirely within your browser and requires you to be logged into Facebook. We are not affiliated with Meta Platforms, Inc. and the extension is not endorsed by Facebook.
5. Other Uses of Information
We use your information to provide, personalize, and improve the Service; manage accounts and payments; communicate with you; ensure security; and meet legal or business needs.
Data imported via our Facebook Importer Chrome extension is treated identically to manually entered or Google Calendar data—used only to send birthday reminders according to your preferences.
We may also use collected data—including event metadata and hashed identifiers—to enable advertising attribution, suppression (e.g., to avoid showing ads to users who already signed up), and campaign effectiveness via third-party platforms like Meta, TikTok, Google, and X (Twitter).
6. Data Sharing and Disclosure
6.1 Service Providers: We share data with third-party vendors (e.g., messaging or payment providers) only as needed to operate the Service. Data imported from external sources (Google Calendar, Facebook via our Facebook Importer Chrome extension) is not sold or disclosed to advertisers or unrelated third parties. It is only processed within our system and supporting infrastructure under confidentiality obligations. Imported friends' data (names, birthdays) may be processed to send reminders, also under strict confidentiality agreements.
We share limited, hashed data with advertising and analytics platforms (e.g., Meta, TikTok, Google, and X/Twitter) solely for campaign measurement, audience targeting, and optimization purposes. These partners are contractually required to use the data only for these purposes and to comply with all applicable privacy laws and platform policies.
6.2 Legal Requirements: We may disclose data if required by law, legal process, or to protect our rights, users, or others.
6.3 Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred under confidentiality protections.
7. Data Retention
Google Calendar data is deleted immediately after import unless you choose not to proceed, in which case it's removed within 30 days. Facebook Importer Chrome extension data follows the same policy: selected birthdays become part of your account, while non-selected data is deleted immediately from browser storage. Imported birthdays persist until deleted by you. Account-related data is retained while your account is active or required for legal or billing obligations.
8. Data Security
We implement administrative, technical, and physical safeguards to protect your data. OAuth tokens are encrypted at rest and never stored in publicly accessible locations. Calendar data is stored securely using encryption at rest. Birthday data imported via the Facebook Importer Chrome extension is transmitted over HTTPS and stored with encryption at rest, subject to the same access controls as all other account data. While accessible to authorized administrators for operational purposes, access is limited and logged under strict internal controls.
9. Your Rights
You may have the right to access, correct, delete, or restrict processing of your data under applicable laws (e.g., GDPR, CCPA). Contact us at sam@birthdays.app to make a request. We respond within 30 days.
10. Third-Party Services
We use third-party services for infrastructure (e.g., payment, messaging). Their policies apply to their handling of your data; we are not responsible for their practices outside of our contractual agreements with them.
Our Facebook Importer Chrome extension is not affiliated with or endorsed by Meta Platforms, Inc. Your use of Facebook remains subject to Facebook's terms and policies.
11. International Transfers
Your data may be processed in countries including the United States. We take reasonable steps to ensure such transfers comply with applicable data protection laws.
12. Children's Privacy
The App is not intended for users under 13. If we discover data collected from a child under 13 without verified consent, we will delete it promptly.
13. Updates to This Policy
We may revise this Policy periodically. We will notify you of material changes with at least 30 days' notice via the App or your contact info unless legally required to act sooner.
14. Contact Us
For questions or privacy-related requests, email us at sam@birthdays.app.