Privacy Policy

1. Introduction

Giraffted LLC (“Giraffted,” “we,” “us,” or “our”) operates the website located at giraffted.com and the web application located at app.giraffted.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Who We Are / Data Controller

For the purposes of applicable data protection laws, Giraffted is the data controller responsible for your personal data.

If you are located in the EEA or UK and have questions about how we handle your data, you may contact us at the email address above.

3. Information We Collect

3.1 Information You Provide Directly

When you register for an account, use the Service, or contact us, we may collect:

• Account registration information: name, email address, and password
• Billing information: payment card details (processed securely through our payment processor — we do not store full card numbers), and billing address
• Event and layout data: event names, dates, booth configurations, vendor names, vendor contact information, and other content you create within the Service
• Communications: messages, support requests, feedback, and other correspondence you send us
• Profile information: any optional profile details you choose to provide

3.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical information, including:

• Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and date and time of access
• Device information: device type, unique device identifiers, and hardware settings
• Usage data: features used, actions taken, session duration, clicks, and navigation patterns within the Service
• Cookies and similar tracking technologies — see Section 8 for more detail

3.3 Information from Third Parties

We may receive information about you from third parties, including payment processors who provide transaction confirmation and fraud prevention signals, analytics providers, and any third-party services you connect to your account.

4. How We Use Your Information

4.1 To Provide and Operate the Service

• Create and manage your account
• Process transactions and send confirmations and invoices
• Enable you to create, save, edit, and share event layouts and vendor data
• Provide customer support and respond to your requests
• Send administrative messages, including updates to our terms or policies

4.2 To Improve and Develop the Service

• Analyze usage patterns and trends to improve functionality
• Conduct research and development for new features
• Debug and fix technical issues

4.3 Marketing and Communications

• Send promotional communications about Giraffted features and updates, where you have opted in or where we have a legitimate interest to do so
• You may opt out of marketing emails at any time by clicking the unsubscribe link or contacting us directly

4.4 Legal and Safety Purposes

• Comply with applicable laws and regulations
• Enforce our Terms of Service and other agreements
• Detect, prevent, and respond to fraud, abuse, and security incidents

5. Legal Basis for Processing Personal Data (GDPR / UK GDPR)

If you are located in the EEA or UK, we process your personal data under the following legal bases:

• Performance of a contract: Processing necessary to provide the Service, including account creation, event management, and billing
• Legitimate interests: Processing for our legitimate business interests, such as improving the Service and preventing fraud, provided these interests are not overridden by your rights
• Consent: Where we rely on your consent, such as for certain marketing communications or non-essential cookies. You may withdraw consent at any time
• Legal obligation: Processing necessary to comply with our legal obligations

6. How We Share Your Information

6.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including cloud hosting providers, payment processors (e.g., Stripe), analytics providers, email delivery providers, and customer support tools. These providers are contractually obligated to protect your information.

6.2 Shared Event Maps

Giraffted allows you to share event maps with others (vendors, staff, or the public). When you share a map link, the recipient can view the layout without an account. You control what is shared and with whom. Shared maps may include event names, booth layouts, and vendor names as you have configured them.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to a successor entity. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

6.4 Legal Requirements

We may disclose your information if required by law or in response to valid legal process, or to protect the rights, property, or safety of Giraffted, our users, or others.

6.5 With Your Consent

We may share your information with third parties when you have explicitly consented to such sharing.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

• Account data: Retained for the duration of your account and up to 90 days after closure to allow reactivation, unless you request deletion
• Event and layout data: Retained while your account is active and deleted within 30 days of account deletion
• Billing records: Retained for a minimum of 7 years as required by tax and financial regulations
• Log and usage data: Generally retained for up to 12 months
• Support communications: Retained for up to 3 years

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service.

Types of Cookies We Use

• Strictly necessary: Required for the Service to function. These cannot be disabled.
• Performance and analytics: Help us understand how users interact with the Service (e.g., Google Analytics). Can be disabled.
• Functional: Remember your preferences and settings to improve your experience.
• Marketing: Used to deliver relevant content and track campaign performance. Only used where permitted by law and with your consent where required.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Note that disabling certain cookies may affect the functionality of the Service. For users in the EEA and UK, we will request your consent for non-essential cookies.

9. International Data Transfers

Giraffted is based in the United States. If you are accessing the Service from outside the US, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For users in the EEA, UK, or Switzerland, where we transfer personal data to countries without adequate data protection, we rely on appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Agreement (IDTA) for transfers from the UK
• Other legally recognized transfer mechanisms

You may request a copy of the applicable transfer mechanisms by contacting us.

10. Your Privacy Rights

10.1 Rights Under GDPR / UK GDPR (EEA and UK Users)

If you are located in the EEA or UK, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data, subject to certain exceptions
• Right to restriction: Request that we limit how we use your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent at any time without affecting prior processing
• Right against automated decisions: Not be subject to decisions based solely on automated processing

To exercise any of these rights, contact us at support@giraffted.com. We will respond within 30 days. If you are unsatisfied, you have the right to lodge a complaint with your local data protection authority.

10.2 Rights Under CCPA / CPRA (California Residents)

If you are a California resident, you have the following rights:

• Right to know: Request disclosure of the personal information we have collected, our sources, purposes, and who we share it with
• Right to delete: Request deletion of your personal information, subject to certain exceptions
• Right to correct: Request correction of inaccurate personal information
• Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To submit a request, contact us at support@giraffted.com. We will respond within 45 days.

10.3 Other US State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Texas, and other US states with applicable privacy laws may have similar rights. Please contact us to exercise your rights under applicable state law.

11. Data Security

We implement and maintain reasonable technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit using TLS (Transport Layer Security)
• Encryption of stored passwords using industry-standard hashing
• Access controls limiting employee access to personal data on a need-to-know basis
• Regular security assessments and monitoring

No method of transmission over the internet is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

12. Children’s Privacy

The Service is not directed to children under the age of 16 (or under 13 in the United States). We do not knowingly collect personal information from children under these ages. If you believe we have inadvertently collected information from a child, please contact us immediately at support@giraffted.com and we will take steps to delete the information promptly.

13. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy
• Notify you via email or via a prominent notice on the Service prior to the changes taking effect

Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

15. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please reach out:

We are committed to working with you to resolve any privacy concerns. If you are located in the EEA or UK and are not satisfied with our response, you may contact your local data protection authority.