Kiddobash LogoKiddobash

Privacy Policy

Last updated: May 3, 2026

Kiddobash (“we,” “us,” or “our”) operates the website kiddobash.com (the “Service”). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service to plan children’s parties, send invitations, and manage RSVPs.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: When you sign up or log in via our authentication provider, we receive your name and email address.
  • Event details: Event name, date, time, location, host name, theme selection, and any personal message or comment you add to your event.
  • RSVP information: Guest name, RSVP status (Going, Not Going, Maybe), number of adults and kids attending.
  • Invitation details: Recipient names and email addresses when you send party invitations through our Service.
  • Phone number: If you choose to opt in to SMS notifications, we collect your mobile phone number. Providing your phone number is entirely optional.

1.2 Information Collected Automatically

  • Session data: We use a secure, HTTP-only session cookie to keep you logged in. This cookie contains an encrypted session identifier and does not track you across other websites.
  • Email engagement: Invitation emails include a tracking pixel and click-tracking link so event hosts can see whether an invitation was opened or the RSVP link was clicked. This data is stored only in connection with the specific invitation and is visible only to the event host.
  • Analytics: We use Google Analytics to understand how visitors interact with the Service (pages visited, session duration, device type). Google Analytics uses cookies and collects anonymised, aggregate data. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

1.3 Information We Do Not Collect

  • We do not collect payment information — Kiddobash is a free service.
  • We do not collect photographs or images of children.
  • We do not request or store physical addresses or government-issued IDs.

2. How We Use Your Information

We use the information we collect exclusively to provide and improve the Service:

  • Event management: Creating events, displaying event pages, and tracking RSVPs.
  • Communications: Sending invitation emails, RSVP confirmation emails, and thank-you emails on behalf of event hosts. If you opt in to SMS notifications, we also send transactional text messages such as RSVP confirmations and event reminders.
  • Authentication: Verifying your identity and maintaining your login session.
  • Host insights: Providing event hosts with guest lists, RSVP counts, and email engagement status.
  • Service improvement: Analysing aggregate, anonymised usage data to improve performance and user experience.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We share information only in the following limited circumstances:

  • With event hosts: When you RSVP to an event, the host sees your display name, RSVP status, and party size (adults and kids). For public events, other guests may also see your display name and RSVP status.
  • Service providers: We use AWS (infrastructure and database hosting), Amazon SES (email delivery), and Amazon Cognito (authentication). These providers process data on our behalf under their own privacy policies and are contractually obligated to protect it.
  • Analytics provider: Google Analytics receives anonymised, aggregate usage data as described in Section 1.2.
  • Legal requirements: We may disclose information if required by law, court order, or governmental regulation, or to protect the rights, safety, or property of Kiddobash, our users, or the public.

4. Data Storage and Security

  • All data is stored in Amazon DynamoDB and served via Amazon CloudFront with HTTPS encryption in transit.
  • Session cookies are encrypted, HTTP-only, use the SameSite=Lax attribute, and in production use the Secure and __Host- prefix for additional protection.
  • Authentication is handled via OAuth 2.0 with PKCE (Proof Key for Code Exchange) to prevent authorisation code interception.
  • We implement CSRF defences by verifying Origin and Referer headers on form submissions.
  • We apply security headers including Content Security Policy, Strict-Transport-Security, and Permissions-Policy.

5. Data Retention

  • Event data and associated RSVPs are retained for as long as the event exists in the system.
  • Session cookies expire after 7 days and are automatically deleted by your browser.
  • You may request deletion of your data at any time by contacting us (see Section 8).

6. Cookies

CookiePurposeDuration
__Host-kiddobash_sessionAuthentication session (encrypted, HTTP-only)7 days
_ga / _ga_*Google Analytics (anonymised usage data)Up to 2 years

You can control or delete cookies through your browser settings. Disabling the session cookie will require you to log in again on each visit.

7. SMS / Text Messaging

Kiddobash offers an optional SMS notification service (“Kiddobash Event Notifications”) for event hosts and guests who opt in.

7.1 Opt-In

You may opt in to receive SMS messages by checking the “Send me text message notifications” checkbox on the event creation form or the RSVP form and providing your mobile phone number. Consent is collected on a per-event basis and is not shared across events.

7.2 Message Types and Frequency

Messages include RSVP confirmations, event reminders, RSVP status updates for hosts, and post-event thank-you messages. Message frequency varies depending on event activity. We do not send marketing or promotional messages.

7.3 Message and Data Rates

Standard message and data rates from your mobile carrier may apply.

7.4 Opt-Out

You may opt out of SMS notifications at any time by replying STOP to any message you receive from Kiddobash. You will receive a one-time confirmation that you have been unsubscribed. After opting out, you will not receive any further SMS messages unless you opt in again.

7.5 Help

Reply HELP to any message for assistance, or contact us at privacy@kiddobash.com.

7.6 No Sharing

We will never sell, rent, or share your phone number with third parties for their marketing purposes. Your phone number is used solely for delivering Kiddobash event notifications.

8. Children’s Privacy

Kiddobash is a tool for parents and guardians to plan children’s parties. The Service is not directed at children under 13 and we do not knowingly collect personal information from children. All accounts are created by and intended for parents or guardians. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information — you can update your RSVP or event details at any time through the Service.
  • Delete your data — contact us to request deletion of your account and associated data.
  • Opt out of Google Analytics by using the browser opt-out add-on.

To exercise any of these rights, email us at privacy@kiddobash.com.

10. Third-Party Links

Event pages may contain links to external locations (e.g., Google Maps for venue directions). These third-party sites have their own privacy policies, and we are not responsible for their practices.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: privacy@kiddobash.com

See also: Terms & Disclaimer