Party with Ryan

Legal

Privacy Policy

Last updated May 2026.

This Privacy Policy describes how Play Nice Together, Inc. ("we," "us," or "our") collects, uses, and shares information when you visit partywithryan.com (the "Site"). The Site is a curated guide to social events across Westchester, New York City, and Connecticut, supported in part by affiliate-link commissions. By using the Site, you agree to the collection and use of information as described below.

1. Who we are

The Site is operated by Play Nice Together, Inc., a business registered in New York, United States. Editorial decisions are made by Ryan. The Site primarily serves visitors in the United States.

2. Information we collect

2.1 Information collected automatically

When you visit the Site, the following is collected automatically by us and our service providers:

  • Your IP address (logged by our web server and security infrastructure for operational purposes)
  • Browser type, version, and user agent string
  • Operating system and device type
  • Referring URL and pages visited
  • Approximate geographic location derived from IP address
  • Date and time of your visit

2.2 Outbound affiliate-link clicks

Many event listings on the Site link out to third-party ticketing pages, organizer websites, or booking platforms. Some of these are affiliate links — when you click through and make a purchase, we may earn a small commission. To understand which events resonate with our readers and to validate affiliate-program reporting, we log each outbound click. For every click we record:

  • The event you clicked on and the destination URL
  • The date and time of the click
  • The referring URL and your browser's user agent

We do not store your IP address with these records. We use the data in aggregate to understand which events drive the most interest and to reconcile commissions reported by affiliate partners. We do not use it to build a profile of any individual visitor, and we do not share it with the destination site beyond the standard referer header that your browser sends.

2.3 Newsletter signups

If you sign up for our newsletter, the first name, last name, and email address you provide are sent directly to MailChimp, our newsletter delivery service (see Section 3.4). We do not retain a copy of subscriber emails or names on our own systems. MailChimp handles delivery, engagement tracking, and unsubscribe requests on our behalf. Names are used only to personalize the greeting in the newsletter. Every newsletter we send contains a one-click unsubscribe link, and you can request deletion from MailChimp at any time using the contact information in Section 11.

2.4 Contact correspondence

If you email us, we retain the message and your email address as part of our editorial records so that we can respond. We do not add you to any mailing list as a result of contacting us.

3. Third-party services and affiliate partners

3.1 Event organizers and ticketing partners

The Site links out to many third-party event organizers, ticketing platforms, and venues. Once you click an outbound link, you leave the Site and the destination's privacy policy and terms apply. We have no control over the data those third parties collect.

3.2 Affiliate programs

We participate in affiliate programs with selected ticketing platforms, travel booking sites, and event organizers. When a link is an affiliate link, our outbound redirect may pass a tracking identifier so that the partner can attribute any purchase you make back to us for commission purposes. Affiliate participation does not influence which events we feature — Ryan only lists events he would attend himself.

3.3 Amazon Web Services, server infrastructure, and AWS WAF

Our infrastructure runs on Amazon Web Services (AWS) in the United States. AWS processes data on our behalf under their data processing agreement. Our web server (Nginx), load balancer (AWS Application Load Balancer), and web application firewall (AWS WAF) automatically process information about every request to the Site as part of their normal operation. This processing is not optional — it is necessary to operate the Site, route traffic correctly, and protect against abuse and attack. In connection with these functions, the Site also uses the aws-waf-token cookie, which AWS WAF uses to distinguish legitimate browser traffic from automated abuse on certain protected pages and forms. Cookie consent does not disable AWS WAF because the protection is necessary for those features to work.

The logged information includes:

  • Your IP address (full, not anonymized at the log layer)
  • Date and time of the request
  • The URL requested and the HTTP method
  • The HTTP status code returned and response size
  • The referring URL, if any
  • Your user agent string
  • TLS connection details (load balancer only)
  • WAF rule evaluation results (AWS WAF only)

We use these logs solely for operating, debugging, and maintaining the Site; detecting and mitigating attacks, abuse, and excessive traffic; investigating security incidents; and complying with legal obligations. We do not use these logs for analytics, profiling, or marketing, and they are not shared with advertising or analytics partners. Access logs from the load balancer and AWS WAF are stored in Amazon S3 and automatically deleted after 90 days through an S3 lifecycle policy.

The legal basis for this processing is our legitimate interest under Article 6(1)(f) of the GDPR in operating, securing, and maintaining the Site. Under California law, this processing falls within the security-and-integrity-of-services exception and is not a "sale" or "share" of personal information.

3.4 MailChimp (newsletter service)

Our newsletter is sent through MailChimp, a service operated by Intuit Inc. When you subscribe, your email address (and any name you provide) is stored on MailChimp's systems. MailChimp processes this information to deliver the newsletter, track delivery and engagement (such as whether the email was opened or a link was clicked), and maintain a record of subscribers and unsubscribes.

MailChimp retains subscriber and unsubscribe records indefinitely unless we explicitly request their deletion. To request that your record be removed from MailChimp, contact us at the address in Section 11.

MailChimp's privacy practices are described at intuit.com/privacy/statement. MailChimp transfers and processes data in the United States.

3.5 Google Analytics (consent required)

If you consent through our cookie banner, we use Google Analytics, a web analytics service provided by Google LLC, to collect aggregate data about how visitors use the Site. Google Analytics uses cookies to track visitor interactions and may transfer this information to servers in the United States. The information collected includes pages viewed, time spent on the Site, and approximate location.

Google Analytics does not load until you accept it. If you decline or do not respond to the cookie banner, Google Analytics will not run on your visit. You can withdraw consent at any time using the "Cookie Preferences" link in our footer, install the Google Analytics Opt-out Browser Add-on, or use your browser's tracking-protection settings.

Google's privacy practices are described at policies.google.com/privacy.

3.6 Matomo Analytics (runs by default)

We use Matomo Analytics, a web analytics platform that we self-host on infrastructure under our control. Matomo runs for all visitors and does not require consent. We rely on this configuration on the legitimate interest in understanding how the Site is used, balanced against minimal privacy impact:

  • IP anonymization is enabled. The last two octets of every visitor IP address are masked before logging, so we do not retain full IP addresses through Matomo and cannot uniquely identify individual visitors.
  • Cookies are disabled. Matomo runs in cookieless mode on this Site; no Matomo identifiers are stored on your device.
  • Self-hosted. Matomo data is stored on infrastructure we operate; it is not shared with any third party.
  • No cross-site tracking. Matomo data is scoped to this Site only and is never combined with data from other websites.
  • Do Not Track honored. If your browser sends the Do Not Track signal, Matomo will not collect data about your visit.

Under the European Union's General Data Protection Regulation, this configuration falls under the legitimate-interest legal basis (Article 6(1)(f)) and does not require consent. The French data protection authority (CNIL) has specifically identified Matomo with the above safeguards as exempt from consent requirements.

You can opt out of Matomo at any time by enabling Do Not Track in your browser, or by contacting us to request that we exclude your visits.

4. Cookies

Cookies are small text files stored on your device by your browser. The cookies used on this Site fall into the following categories:

  • Strictly necessary. Required for the Site to function securely — specifically, the XSRF-TOKEN cookie used for CSRF protection on the newsletter form, the party-with-ryan-session cookie used to maintain the form session, and the aws-waf-token cookie used by AWS WAF to distinguish legitimate browser traffic from automated abuse on protected pages and forms. These are not used for advertising or analytics and cannot be disabled if you wish to use the protected features.
  • Anonymous analytics (Matomo). Our self-hosted Matomo runs in cookieless mode and stores no identifiers on your device. It runs by default on the legitimate-interest basis described in Section 3.6; no consent is required because no cookies are set and no individually identifiable data is collected.
  • Google Analytics cookies. Set by Google Analytics to measure how the Site is used. Loaded only after you provide consent through our cookie banner.

You can change your cookie preferences at any time by clicking the "Cookie Preferences" link in the Site footer.

Outbound affiliate-link click tracking does not require a cookie — it is recorded server-side on the redirect.

5. How information is used

We use the information we collect to:

  • Operate and maintain the Site
  • Deliver the newsletter you have subscribed to
  • Measure aggregate interest in events and reconcile affiliate commissions
  • Detect and prevent click fraud, abuse, and security incidents
  • Respond to inquiries
  • Comply with legal and regulatory obligations

We do not sell your personal information, use it for cross-site advertising, or share it with data brokers.

6. Information sharing

We share information only as follows:

  • With service providers who help us deliver the Site and newsletter — specifically Amazon Web Services (hosting, load balancing, WAF), MailChimp / Intuit Inc. (newsletter delivery), and Google LLC (Google Analytics, only when you consent) — under their respective agreements with us
  • With affiliate partners, only as the standard tracking identifier passed on outbound clicks so that purchases you choose to make can be attributed for commission purposes
  • For legal compliance when required by law, court order, or government request
  • To protect the rights and safety of Play Nice Together, Inc., our readers, or the public
  • In connection with a business transaction such as a merger or acquisition, in which case the acquiring entity will be bound by this Privacy Policy

7. Your rights and choices

7.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, and share; request deletion of your personal information; correct inaccurate personal information; and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under California law. To exercise these rights, contact us using the information in Section 11.

7.2 Other US states

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other US states with comprehensive privacy laws may have similar rights — including access, correction, deletion, and opt-out of targeted advertising. We do not engage in targeted advertising. We honor these rights to the extent required by applicable law; contact us to make a request.

7.3 EU/UK residents

If you are located in the European Economic Area or the United Kingdom, you have the right to access, correct, or delete personal data we hold about you, to object to or restrict certain processing, and to lodge a complaint with your local data protection authority. Our lawful basis for processing your information is either your consent (for newsletter signups), our legitimate interest in operating an editorial site and reconciling affiliate commissions (for outbound click tracking and aggregate analytics), or contractual necessity (for delivering the newsletter you subscribed to).

7.4 Visitors from outside the United States

The Site is operated from the United States. If you visit from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Site, you consent to this transfer.

7.5 All visitors

You can unsubscribe from the newsletter at any time using the link in any email. You can request deletion of your email and any associated subscription history by contacting us. To opt out of outbound click tracking, you can navigate directly to event websites rather than using our affiliate-tagged links.

8. Children's privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at the address below and we will delete it promptly.

9. Data retention

Newsletter subscriber information is held primarily by MailChimp; we do not maintain a separate marketing list. MailChimp retains subscriber and unsubscribe records indefinitely unless we explicitly request their deletion. If you would like your record removed from MailChimp, contact us at the address in Section 11.

AWS Application Load Balancer and AWS WAF logs are stored in Amazon S3 and automatically deleted after 90 days through an S3 lifecycle policy. Nginx access logs are deleted after 90 days. Analytics data (Google Analytics, when consented; Matomo, by default) is retained for up to 26 months for trend analysis.

Outbound click records (event, destination, timestamp, user agent, referring URL — no IP address) are retained for up to 24 months to support affiliate-commission reconciliation, and then deleted or aggregated. You may request earlier deletion of personal information that we are not legally required to retain.

10. Security

We implement reasonable technical and organizational measures to protect the information we hold. No method of transmission over the internet or electronic storage is completely secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

11. Changes and contact

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be noted at the top of this page. Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.

For questions about this Privacy Policy or to exercise your rights, use our contact form or write to:

Play Nice Together, Inc.
PO Box 510
Elmsford, NY 10523

The List

Get Ryan’s picks before the weekend.

One short email, every Thursday. The handful of events worth showing up for — no fluff, no algorithm, no listings dump.

Join the list →