California Privacy Notice
Last updated: May 25, 2026 · Operator: Nyza Creations LLC
1. About this notice
This California Privacy Notice supplements our Privacy Policy and applies only to residents of California, as required by the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (together, the "CCPA") and the regulations issued by the California Privacy Protection Agency.
Terms used here have the meanings given in the CCPA. We are Nyza Creations LLC, a Delaware limited liability company with its principal place of business at 701 NE Normandy Dr, Bremerton WA 98310, and we act as a "business" under the CCPA.
2. Notice at collection (summary)
When you visit or use Nyza Events, we collect categories of personal information described in Section 3 for the purposes described in Section 5. We retain that information for the periods described in Section 9. We do not sell your personal information and we do not share it for cross-context behavioral advertising. You can read the detail below or jump to your California privacy rights and how to exercise them.
3. Categories of personal information we collect
In the last 12 months, we have collected the following categories of personal information from California residents (categories named per Cal. Civ. Code § 1798.140):
| Category | Examples | Collected? |
|---|---|---|
| A. Identifiers | Name, email, phone, account ID, IP address | Yes |
| B. Customer-records info (§ 1798.80(e)) | Billing address, payment method last 4, vendor business contact details | Yes |
| C. Protected classifications | Age, gender — only if you choose to provide them on your profile | Only if provided |
| D. Commercial information | Subscriptions purchased, top-up history, vendor bookings made | Yes |
| E. Biometric information | — | No |
| F. Internet/network activity | Pages viewed, features used, AI prompts, error logs, device/browser metadata | Yes |
| G. Geolocation data | Approximate lat/lng (only with browser permission); coarse country/region from IP | Yes (with consent for precise) |
| H. Sensory information | Photos and videos you upload (event imagery, vendor portfolio) | Yes |
| I. Professional/employment | Vendor business name, job role; planner workspace role | Yes (for vendors/planners) |
| J. Education information | — | No |
| K. Inferences | Vendor recommendations, event-style suggestions, planning-stage estimates | Yes |
| L. Sensitive personal information | Account credentials; precise geolocation (with consent). See Section 6. | Yes (limited use only) |
4. Sources of personal information
- Directly from you (signup, event setup, vendor profile, AI chat, payments).
- From other users (a planner adds you as a collaborator, a host invites you as a guest, a vendor sends you a quote).
- From your device (IP address, browser, device characteristics, optional browser geolocation).
- From service providers acting on our behalf (Stripe sends subscription events; the email provider returns bounce data; Twilio and Meta return SMS/WhatsApp delivery receipts).
- From publicly available sources, only for the vendor marketplace (publicly listed Google Maps business data and public search results).
5. Purposes for collection & use
- Provide, operate, secure, and improve the Service;
- Power the AI co-pilot, generative-design tools, and vendor recommendations;
- Process subscriptions, top-ups, and vendor payouts via Stripe Connect;
- Send the guest communications you author (email, SMS, WhatsApp);
- Send transactional emails (sign-in, billing receipts, security notices);
- Detect, investigate, and prevent abuse, fraud, security incidents, and AUP violations;
- Comply with legal obligations (tax reporting, lawful requests from authorities);
- Optional product news or beta-feature invitations, which you can decline.
6. Sensitive personal information
We collect the following categories of sensitive personal information as defined in Cal. Civ. Code § 1798.140(ae):
- Account credentials (login email + password hash) — used to authenticate you and secure your account;
- Precise geolocation, only when you grant browser permission — used to find vendors near you.
We use sensitive personal information only for the purposes permitted by Cal. Civ. Code § 1798.121, including providing the Service you requested, ensuring security, and preventing fraud. We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you beyond what is reasonably necessary to provide the Service. As a result, the "Limit the Use of My Sensitive Personal Information" right does not currently apply to our practices, but you may still request that we restrict use by contacting us at the address below.
7. Categories disclosed in the last 12 months
In the preceding 12 months, we have disclosed the categories of personal information listed in Section 3 for a business purpose to the following categories of recipients:
- Service providers and contractors bound by written CCPA-compliant contracts — including our hosting provider (DigitalOcean), object storage (Google Cloud), third-party AI inference providers, payment processor (Stripe), communications providers (Twilio, Meta WhatsApp Cloud API, Resend), mapping (Mapbox), error reporting (Sentry), and vendor-discovery (Apify, Serper.dev). See the full list in our Privacy Policy.
- Other users you interact with — vendors you contact see your inquiry; collaborators you add to your event see your shared event data.
- Government and other parties when legally required — court orders, subpoenas, lawful requests; to protect rights, safety, or property; to enforce our Terms.
- A successor entity in connection with a merger, acquisition, or sale of assets.
9. Retention periods
We retain each category of personal information for the period described in our Privacy Policy. In summary: account and event data for the life of the account plus a short backup roll-off (max 90 days); payment + tax records for as long as required by tax law (typically 7 years); AI chat transcripts while the account is active; security logs for 90 days. We delete data sooner on verified deletion requests, except where retention is required by law.
10. Your California privacy rights
As a California resident you have the right to:
- Right to know — request that we disclose the categories of personal information we have collected, the sources, the purposes, the categories of recipients, and (for the last 12 months) specific pieces of personal information.
- Right to delete — request that we delete personal information we collected from you, subject to exceptions (e.g., complete the transaction, security, legal compliance).
- Right to correct — request correction of inaccurate personal information we maintain about you.
- Right to opt out of sale or sharing — not applicable to us because we do neither (see Section 8).
- Right to limit use of sensitive personal information — not currently applicable to our practices (see Section 6); you may still ask us to restrict use.
- Right to data portability — receive a copy of your data in a readily usable, machine-readable format.
- Right of no retaliation — we will not deny service, charge different prices, or provide a different level of quality because you exercised any of these rights.
11. How to exercise your rights
- Access & portability: download your data anytime from Account → Data export.
- Correction: edit your profile and event data directly in the app, or email us.
- Deletion: use Account → Data to delete your account, or email privacy@nyzaevents.com with subject "CCPA: Delete".
- Right to know: email privacy@nyzaevents.com with subject "CCPA: Right to Know" and the account email.
- Phone: +1 (360) 919-4060. Please leave a message identifying the request type and a callback number.
We respond to verifiable requests within 45 days. If we need more time (up to another 45 days), we'll tell you why and provide an estimate.
13. Verifying your request
To protect your information, we verify requests by matching the request against information in your account (email, recent activity). For requests involving particularly sensitive data, we may ask for additional verifying information. If we cannot verify the request, we will tell you and explain what additional information we would need.
14. No retaliation or discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not deny goods or services, charge different prices, provide a different level of quality, or suggest any of the above because you exercised those rights.
15. Minors under 16
We do not knowingly collect or sell personal information of consumers under 16. The Service is not directed at children. See Privacy Policy § 16.
16. Shine the Light
California Civil Code § 1798.83 (the "Shine the Light" law) permits California residents to request information about disclosures of personal information to third parties for those third parties' direct-marketing purposes during the preceding calendar year. We do not disclose personal information to third parties for their direct-marketing purposes. Requests for this information may be sent to privacy@nyzaevents.com.
17. Changes to this notice
We will update the "Last updated" date at the top of this notice whenever it changes. Material changes will be announced via the channels described in our Privacy Policy.
18. Contact us
Nyza Creations LLC
701 NE Normandy Dr
Bremerton, WA 98310, USA
Attn: Privacy
Phone: +1 (360) 919-4060
Email: privacy@nyzaevents.com (CCPA requests), legal@nyzaevents.com (general legal)
Questions? Email legal@nyzaevents.com.
See also: Terms of Service · Privacy Policy · Cookie Policy · Acceptable Use · Refund Policy · DPA