Privacy

How PartyGraph handles personal data

Last updated 17 May 2026

Draft — pending legal review. These pages are a working template adapted from UK ICO guidance and Stripe's requirements, intended as a starting point only. They have not been reviewed by a solicitor and must not be relied upon for compliance.

PartyGraph ("PartyGraph", "we") is a small AI-native startup based in Glasgow, Scotland, providing an event concierge platform via PartyGraph.co.uk. This policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018.

Who is the controller?

For the marketing website and for hosts who sign up to PartyGraph, we are the data controller. For data collected through events run by hosts on PartyGraph (guest uploads, messages, song requests), the host is the controller and PartyGraph acts as a processor on their behalf.

What we collect

  • Account data: email address, name, profile image and Google account identifier when you sign in via Google SSO.
  • Workspace data: workspace name, slug, plan, billing contact, Stripe customer reference.
  • Form submissions: contact form submissions including email, audience type and any message you send.
  • Event content: when hosts run events, guest uploads (photos, videos, text), feedback and song requests are stored on the host's behalf.
  • Photo Booth (Wedding tier · beta preview): the AI photo booth is an experimental feature offered as a beta preview and is not part of the guaranteed product. When a guest uses it, we keep both the original captured photo and the AI-generated version on our servers for the lifetime of the event so the host can review what guests have created. We retain these images until the host or our team archives the event, after which they are removed from storage. We never share these images outside the host's workspace.
  • Technical data: IP address, browser type, pages viewed, time of visit — collected via essential server logs. Analytics and marketing data is only collected if you grant consent via our cookie banner.

Lawful basis

We rely on the following lawful bases under UK GDPR:

  • Contract: to provide the service you have signed up for.
  • Legitimate interests: to run and improve our service, prevent fraud, and keep our platform secure.
  • Consent: for analytics and marketing cookies, and for any direct marketing emails.
  • Legal obligation: to comply with tax, accounting and law-enforcement requirements.

Where data is stored

Personal data is stored on infrastructure located in the UK and European Economic Area. We use Vercel (application hosting, US-based company with EU regions), IONOS (database, EU-based), Stripe (payments, EU/UK regions) and ElevenLabs (TTS, no guest data sent). We do not train general AI models on guest uploads.

Sharing

We share data only with the processors listed above, plus any host whose event you participated in. We do not sell personal data. We will disclose data when legally required.

Your rights

You have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. To exercise any of these rights, contact privacy@partygraph.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

Retention

Account data is retained while your account is active and for 12 months after closure for support and audit reasons. Event content is retained according to the host's configured policy (default 90 days after the event ends). Waitlist and contact submissions are retained for 24 months unless you ask us to delete them sooner.

Changes

We will update this policy from time to time. Material changes will be notified by email and via the site banner. The version date at the top of this page reflects the latest revision.