Privacy Policy

Information we collect

Account information such as name, email, role, organization, venue, or vendor profile details.
Event execution details you provide to the system, including dates, headcount, budget, neighborhoods, ticketing preferences, partner needs, and approval decisions.
Google account information, such as your Google email address and basic profile details, when you choose to sign in with Google.
Gmail authorization data, including encrypted OAuth tokens and Gmail account identifiers, when you choose to connect Gmail for outreach.
Gmail outreach data needed to operate approved outreach workflows, such as message IDs, thread IDs, recipients, subject lines, message content for approved drafts, sent-message status, and replies to outreach threads.
Payment and payout metadata from Stripe, including transaction identifiers, status, and reconciliation details. Full payment credentials are handled by Stripe.
Operational data such as product usage, error reports, logs, and support requests used to keep the service reliable.

To shape event runs, recommend venues and vendors, coordinate approvals, and show financial estimates.
To authenticate your account when you choose Google sign-in.
To send Gmail outreach messages only when you approve a specific message or configure an explicit outreach autonomy policy.
To monitor Gmail replies to outreach threads so your planner workspace can show partner responses, follow-up needs, and outreach history.
To classify, summarize, and draft follow-ups for outreach replies using automated systems and service providers acting on our behalf.
To process subscriptions, venue rental payments, vendor payments, and revenue-share settlement records through Stripe.
To send transactional email through Resend, including account, payment, refund, and operational notifications.
To monitor reliability, debug errors, prevent abuse, and improve the event workspace.

3rdPlace uses Google user data only to provide user-facing account sign-in and Gmail outreach features that you choose to enable.
We do not sell Google user data, use Google user data for advertising, transfer Google user data to advertising platforms or data brokers, or use Google user data to determine creditworthiness or lending eligibility.
Automated systems may process Gmail outreach messages and replies to draft responses, identify partner interest, detect follow-up needs, and maintain outreach history for your event plans.
We do not allow humans to read Gmail message content except when necessary for security, abuse investigation, support requested by you, legal compliance, or service operation with appropriate access controls.
3rdPlace use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
You can disconnect Gmail from the Integrations settings page, which stops new Gmail outreach access. You may also request deletion of stored Gmail outreach records by contacting privacy@3rdplace.io.

We share data with service providers required to operate 3rdPlace, including Supabase, Stripe, Resend, Sentry, Vercel, and AI model providers.
When you approve outreach, booking, payment, or refund flows, we share the relevant event and transaction details with the counterparty needed to complete that flow.
When you send outreach through Gmail, Google processes the message and related account data under your Google account and Google permissions.
We do not sell personal information.

You can request account export, correction, or deletion by emailing privacy@3rdplace.io.
You can revoke Google access from your Google Account permissions page or disconnect Gmail inside 3rdPlace integrations.
California residents may request access, deletion, correction, and information about how personal information is used.
Some transaction, tax, security, and fraud-prevention records may need to be retained where required by law or platform obligations.

We use hosted infrastructure, role-based access, and third-party processors to help protect production data.
Gmail OAuth tokens are encrypted at rest and used server-side only to provide connected Gmail features.
We retain account and event records while your account is active, then retain only what is needed for legal, security, payment, and operational obligations.
We retain Gmail outreach records only as long as needed to provide outreach history, reply tracking, support, security, legal compliance, or account recovery, unless you request deletion sooner where deletion is legally and technically available.