PidgeyPost - Privacy Policy

Last Updated: February 15, 2026

PidgeyPost Inc. ("PidgeyPost," "we," "our," or "us") operates the PidgeyPost web application and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using PidgeyPost, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, and password when you create an account. If you sign in with Google, we receive your name and email from Google.
Profile Information: Display name, profile picture, bio, and signature that you optionally provide.
Card Content: Text, images, and design choices you make when creating greeting cards.
Recipient Information: Names, email addresses, and phone numbers of people you send cards to.
Contact Information: Addresses stored in your address book for card delivery.
Payment Information: Payment details are processed securely by Stripe. We do not store your full credit card number on our servers.
Communications: Messages you send through the Pidgey Chat system or customer support.

1.2 Information Collected Automatically

Usage Analytics: We collect anonymized session data including pages visited, features used, timestamps, browser type, and device platform to improve the Service.
Firebase Analytics: We use Google Firebase Analytics for aggregate usage statistics. This is subject to Google's Privacy Policy.
Local Storage: We store UI preferences (theme, tour progress, recent activity) in your browser's local storage. This data stays on your device and is not transmitted to our servers.
Cookies: Firebase Authentication uses cookies and local storage tokens for session management.

1.3 Information from Third Parties

Google Sign-In: If you authenticate via Google, we receive your name, email, and profile picture from Google.
Referral Data: If you join via a referral link, we record the referral code to credit the referring user.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Create and deliver greeting cards on your behalf
Process payments and manage your account balance (Eggs and Shards)
Send transactional emails (card delivery notifications, purchase receipts)
Deliver SMS messages for card delivery (when opted in)
Provide customer support and respond to inquiries
Send notification emails about stamp sales and marketplace activity (when opted in)
Enforce our Terms of Service and detect fraud or abuse
Generate anonymized, aggregate analytics to improve the user experience

3. AI-Generated Content

PidgeyPost uses Google Gemini to generate card artwork and text suggestions via our "Magic Quill" feature. When you use this feature:

Your text prompts are sent to Google's Gemini API for processing
Generated images are stored in Firebase Storage and associated with your account
Google may process prompts according to their Generative AI Terms

            ⚠️ Important: Do not include sensitive personal information (Social Security numbers,
            financial account numbers, medical information) in AI prompts. AI-generated content is not private
            and may be reviewed for safety and quality.
        

4. How We Share Your Information

We do not sell your personal information. We may share information with:

Service Providers: Stripe (payments), SMTP2GO (email delivery), Google Firebase (hosting, auth, database), Google Gemini (AI generation).
Card Recipients: When you send a card, the recipient receives the card content and your display name. Recipients do not receive your email address, phone number, or account details.
Legal Compliance: We may disclose information if required by law, legal process, or to protect the rights, property, or safety of PidgeyPost, our users, or the public.

SMS Data Sharing

            No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.
            All other categories exclude text messaging originator opt-in data and consent; this information will not be
            shared with any third parties.
        

5. Data Storage and Security

Cloud Infrastructure: Your data is stored on Google Firebase (Firestore, Storage, Authentication), hosted in the United States.
Encryption: All data is transmitted over HTTPS/TLS. Firebase provides encryption at rest for stored data.
Access Controls: We use Firebase Security Rules to ensure users can only access their own data. Admin access is restricted to authorized personnel with role-based access controls.
Offline Data: Firestore offline persistence may cache data on your device for offline access. This data is stored in IndexedDB and is subject to your browser's security model.

6. Data Retention

Account Data: Retained as long as your account is active. You may request deletion at any time.
Card Data: Sent cards are retained for recipients to access. Unsent drafts are retained with your account.
Analytics Data: Session and event analytics are retained for up to 12 months, then automatically deleted.
Guest Data: Guest session data is stored locally and is deleted when you clear your browser data or convert to a full account.
Payment Records: Transaction records are retained as required by financial regulations.

7. Your Rights and Choices

You have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Update your profile information at any time through your account settings.
Deletion: Request deletion of your account and associated data by contacting support@pidgeypost.com.
Opt-Out of SMS: Reply STOP to any SMS message or disable SMS in your notification preferences.
Opt-Out of Emails: Disable notification emails in your preferences. Note: transactional emails (purchase receipts, card delivery confirmations) cannot be disabled.
Clear Local Data: Clear your browser's local storage and cookies at any time.

8. Children's Privacy

PidgeyPost requires all users to be 13 years of age or older, in compliance with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete it.

Age verification is enforced during account creation. Users who do not meet the minimum age requirement are blocked from accessing the Service.

9. Third-Party Services

Our Service integrates with the following third-party services, each with their own privacy policies:

Google Firebase: Firebase Privacy Policy
Google Gemini: Generative AI Terms
Stripe: Stripe Privacy Policy
SMTP2GO: SMTP2GO Privacy Policy

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify users via email or a prominent notice within the Service. Your continued use of PidgeyPost after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us:

Email: support@pidgeypost.com
Mail: Pidgey Post, P.O. BOX 250, Nampa, ID 83653-0250

← Back to PidgeyPost

🐦 PidgeyPost Privacy Policy