Legal

Privacy Policy

Last updated:

Mandyland takes your privacy seriously. This policy explains what information we collect, how we use it, and your rights — including under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

1. Who we are

Data controller: Mandyland, operated by Mandy Kitana.
Location: New York City, United States.
Contact: Use the contact form on this website to reach us about privacy matters.

2. What data we collect and why

2a. Contact form submissions

When you submit the inquiry form on this site, we collect:

  • Your name
  • Your email address
  • The details you choose to share about your event
  • Optionally: guest count and budget range

Why: To respond to your inquiry and discuss a potential collaboration. This is processed under the lawful basis of legitimate interests (GDPR Article 6(1)(f)) — specifically, responding to a direct inquiry from you.

Retention: We keep inquiry data for as long as reasonably necessary to respond and follow up, and no longer than 2 years from last contact. You can request deletion at any time.

2b. Fonts

This website serves its fonts (Syne and DM Sans) directly from our own server — no third-party font service is used. Your browser requests font files from mandyland.com only, not from Google or any other external domain.

2c. Contact form (Netlify)

When you submit the inquiry form, your data is processed by Netlify (our hosting provider). Netlify receives the form submission data on our behalf. We have a data processing relationship with Netlify under their DPA.

Netlify privacy policy: netlify.com/privacy

2d. Video embeds (YouTube no-cookie)

Where video content is embedded on this site, we use youtube-nocookie.com — YouTube's privacy-enhanced mode. Under this mode, YouTube does not set cookies on your device unless you actively play the video. If you play the video, YouTube's own privacy policy applies.

YouTube / Google privacy policy: policies.google.com/privacy

2e. Cookies

Mandyland does not set any first-party cookies. We use no analytics, advertising networks, or tracking pixels. Fonts are self-hosted — no third-party font requests are made.

The only circumstance where a cookie may be set is if you choose to play an embedded YouTube video, at which point YouTube's own cookie policy applies (see section 2d above).

2f. Server logs

Your web host (the server that delivers this website) automatically logs standard access data including IP addresses, browser type, and pages visited. This is standard infrastructure logging, not active data collection by Mandyland. These logs are typically retained for 30–90 days by the hosting provider.

3. Who we share data with

We do not sell, rent, or trade your personal data. Period.

Contact form submissions are processed by Netlify (our hosting and form provider). Netlify processes data on our behalf under a data processing agreement.

4. Your rights under GDPR (EU/EEA visitors)

If you are in the EU or EEA, you have the following rights:

  • Right of access — request a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to restriction — limit how we use your data
  • Right to data portability — receive your data in a portable format
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us via the contact form. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority. In the EU, find your authority at: edpb.europa.eu

5. Your rights under CCPA/CPRA (California residents)

If you are a California resident, you have the following rights:

  • Right to know — request disclosure of personal information collected about you in the past 12 months
  • Right to delete — request deletion of personal information we have collected
  • Right to opt-out of sale — we do not sell personal information, so this right is not applicable, but we confirm: we do not sell your data
  • Right to non-discrimination — exercising your privacy rights will not affect how we treat your inquiry
  • Right to correct (CPRA) — request correction of inaccurate personal information

To submit a verifiable consumer request, use the contact form and indicate your request type. We will respond within 45 days as required by CCPA.

Categories of personal information collected: Identifiers (name, email), commercial information (event inquiry details). We do not collect sensitive personal information as defined by CPRA.

6. Data security

We take reasonable technical and organisational measures to protect your data. Contact form submissions are transmitted over HTTPS (encrypted). We do not store payment information.

7. Children's privacy

Mandyland's services are designed for adults (18+). We do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted data, contact us and we will delete it promptly.

8. Changes to this policy

We may update this policy as our services evolve. Material changes will be noted with an updated date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.

9. Contact us about privacy

For any privacy-related request or question, use the contact form and include "Privacy Request" in your message. We aim to respond within 5 business days.