party pelican
Set a Reminder

Privacy Policy

Effective date: 2026-04-26

We do not sell personal data. We do not share it with advertisers. We collect only what we need to run the site and the reminder service you signed up for. This page lays out exactly what that means.

Who runs this site

Party Pelican is operated by the Party Pelican Team (the "we," "us," "our" in this policy). For privacy questions or to exercise any of the rights below, email hello@partypelican.com. A real person reads them.

What we collect

From everyone who visits

  • Aggregate analytics via Cloudflare Web Analytics. No cookies, no device fingerprinting, no individual tracking. We see counts of page views and where they came from. That's it.
  • Server logs at our edge provider (Cloudflare) record IP address, timestamp, request URL, and user agent for each request. Used to defend against abuse and debug failures. Retained for 30 days, then discarded.

From people who sign up for the pet reminder service

  • Required: your email address, your pet's name, species, and at least one of birthday or Gotcha Day (month and day; year optional).
  • Optional: your first name, country, timezone, and additional pet details (breed, sex, size, diet notes, favorites, personality, household composition, and freeform notes). All optional fields can be left blank without affecting service.
  • Consent record: the IP address and user agent at signup, the timestamp, and the page URL where you signed up. Required by GDPR (Article 7) and CAN-SPAM as proof of consent. Retained as long as your subscription is active.
  • Email-event metadata: for each email we send to you, we record the subject, type (e.g. birthday-30, welcome, deals), send time, and delivery status (delivered, bounced, complained). Used so we can show you your own send history and so we honour bounce/complaint signals.
  • Optional Deals roundup: if (and only if) you tick the Deals checkbox at signup, we add you to a separate monthly Deals list. Defaults to unchecked.

What we do NOT collect

  • No payment information of any kind. We don't take payments.
  • No precise location. Country and timezone, only if you provide them.
  • No third-party tracking pixels in our emails. (Open tracking via SES is disabled.)
  • No data from social platforms. We have no Facebook pixel, no Google Tag Manager, no LinkedIn Insight tag.

Why we collect it (legal bases)

For EU/UK residents under GDPR, our lawful bases are:

  • Consent (Art. 6(1)(a)) for the reminder service and the optional Deals list. You give it explicitly at signup and confirm it via the email confirmation link (double opt-in). You may withdraw it any time via the one-click unsubscribe in every email.
  • Legitimate interests (Art. 6(1)(f)) for site security, fraud prevention, edge logs, and the suppression list (so deleted addresses are not accidentally re-added).

How long we keep it

  • Subscriber and pet records: while your subscription is active, plus 30 days after unsubscription for audit purposes, then deleted.
  • Edge logs (IP, request data): 30 days.
  • Email send log: 24 months from each send (used to investigate deliverability complaints), then deleted.
  • Suppression list (one-way SHA-256 hash of email): retained indefinitely. We keep the hash, not the address, so we can refuse to re-add an unsubscribed/bounced address without storing the address itself.

Your rights

Whatever jurisdiction you're in, here's what you can do:

  • Access (GDPR Art. 15 / CCPA right-to-know). Click the "Manage your pets" link in any email we've sent you, then "Download my data." You'll get a JSON file with everything we hold about you. Or email us and we'll do it manually within 30 days.
  • Deletion / erasure (GDPR Art. 17 / CCPA right-to-delete). Click "Delete my account" via any email's manage link, or email us. We hard-delete subscriber, pet, and email-history rows. We retain the SHA-256 hash of your email on the suppression list to prevent accidental re-add โ€” we cannot recover the address from the hash.
  • Rectification (GDPR Art. 16). Reply to any email with corrections. We update the record manually.
  • Object / opt out. One-click unsubscribe at the top of any email, or in the footer. Honoured within 48 hours per RFC 8058.
  • Portability (GDPR Art. 20). Same as access โ€” the JSON export is machine-readable.
  • Lodge a complaint. EU residents may complain to their national data-protection authority. UK residents to the ICO (ico.org.uk).
  • California residents. CCPA rights summary at oag.ca.gov/privacy/ccpa. We do not sell or share personal information for cross-context behavioural advertising.

Children

The reminder service is not intended for and may not be used by anyone under 16. If you believe a child has signed up, email us and we will delete the account immediately.

How we send email

Outbound mail is sent via Amazon Web Services (AWS) Simple Email Service in the us-east-1 region. AWS processes your email address and message content for the purpose of delivering the message to your inbox provider (Gmail, Outlook, etc.). See AWS's privacy notice for their handling. Bounce and complaint notifications are returned via Amazon SNS to a Cloudflare Worker that updates our database โ€” the only AWS region with our subscriber data is us-east-1, and only the message content + recipient address are sent.

Cookies

The site stores one thing in localStorage on your device: your theme preference (light/dark/system). No tracking cookies. Cloudflare may set a security cookie on Turnstile-protected forms to verify you're not a bot โ€” required for the signup form to work.

Third parties

Affiliate links to Amazon and Chewy may allow those companies to set their own cookies if you click through. We never see what you click beyond the aggregate analytics counter. Their privacy policies apply on their sites, not ours.

Security

Subscriber records live in a Cloudflare D1 database (encrypted at rest), served only over HTTPS, with the admin dashboard gated by Cloudflare Access. AWS API credentials are stored as Worker secrets, never in source code. We do not log message bodies.

Changes to this policy

If we make a material change to how we handle data, we will email every confirmed subscriber and update the effective date at the top of this page. We will not retroactively apply broader uses of data collected under a prior policy without fresh consent.

Contact

Privacy questions, deletion requests, or anything that's bothering you: hello@partypelican.com.