Privacy Policy

FirstParty plays different roles depending on whose data is at issue.

• Visitors and customers of our marketing site. When you browse gofirstparty.com, sign up for an account, contact us, or otherwise interact with our marketing channels, we act as a “controller” (or “business” under applicable U.S. state laws) of the personal information we collect about you.
• End users of our customers’ websites. When our customers deploy FirstParty to track conversions and events on their own properties, FirstParty acts as a “processor” (or “service provider”) on behalf of those customers, who are the controllers of that data. We process end-user data only as instructed by our customers under our Terms of Service and any applicable Data Processing Addendum (DPA). If you are an end user of one of our customers and want to exercise privacy rights, please contact that customer directly.

Information you provide. Account details (name, business email, company, role), billing details processed by our payment processors, support and sales communications, and any content you submit through the Services.

Information collected automatically. Device, browser, and connection information (IP address, user agent, referrer, language, device identifiers), usage events within the Services (pages viewed, features used, errors), and cookies and similar technologies set by us or our subprocessors.

Information from third parties. Authentication providers, ad platforms (Meta, Google, TikTok, Pinterest), analytics platforms, e-commerce platforms (including Shopify), email service providers, data enrichment vendors, and our business partners and resellers.

Information processed on behalf of customers. When our customers deploy FirstParty on their websites, the Services may process information about their end users, including hashed identifiers (such as hashed email addresses or phone numbers), pseudonymous IDs, IP addresses, user agents, event timestamps, page URLs, click identifiers (such asfbclid, gclid, ttclid), order and cart data, and other event metadata configured by the customer. This data is processed under the customer’s instructions.

We use information we collect as a controller to:

• Provide, operate, secure, and improve the Services;
• Authenticate users, prevent fraud, and enforce our Terms of Service;
• Process payments, billing, and accounting;
• Communicate with you about your account, support requests, product updates, and marketing (where permitted);
• Generate aggregated and de-identified analytics about how the Services are used;
• Comply with legal obligations and enforce our rights.

When we process personal data on behalf of customers, we use it only to deliver the Services in accordance with the customer’s configuration and our agreement with them, and not for our own marketing or independent commercial purposes.

FirstParty’s core product enables our customers to operate first-party server-side tracking on their own domains. Cookies and identifiers set in connection with FirstParty deployments live under the customer’s domain and are subject to the customer’s privacy policy and lawful basis for processing. We do not use this data to build cross-context behavioral profiles about end users, sell it, or share it for our own advertising purposes.

On gofirstparty.com itself we use a limited set of cookies and similar technologies for essential site functionality, analytics, and our own marketing. You can control cookies through your browser settings; disabling some cookies may affect site functionality.

We share information with:

• Service providers and subprocessors that help us host, secure, monitor, support, and operate the Services (including cloud infrastructure, payment processors, customer support tools, and analytics providers), each bound by confidentiality and data protection obligations.
• Customer-directed integrations. When a customer configures FirstParty to forward events to ad platforms, analytics platforms, ESPs, data warehouses, or similar destinations, we transmit data to those destinations on the customer’s instructions.
• Affiliates and successors in connection with a corporate transaction such as a merger, acquisition, financing, or sale of assets.
• Legal and safety recipients when we believe in good faith that disclosure is necessary to comply with applicable law, legal process, or lawful requests, or to protect the rights, property, or safety of FirstParty, our customers, or others.

We do not sell personal information for monetary consideration. We do not “share” personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).

We retain information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer-controlled data is retained according to the customer’s configuration and contract; upon termination it is deleted or returned in accordance with our DPA.

We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest where appropriate, access controls, and monitoring. No system is perfectly secure, and we cannot guarantee the absolute security of any information.

FirstParty is based in the United States and processes data in the United States and in other countries where we or our subprocessors operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for transfers of personal data from the European Economic Area, United Kingdom, or Switzerland.

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to our processing of your personal information, and to withdraw consent or opt out of certain disclosures. To exercise these rights with respect to information we hold as a controller, contact us at support@gofirstparty.com. If you are an end user of a FirstParty customer, please direct your request to that customer; we will support them in fulfilling it.

We will not discriminate against you for exercising any of these rights. Where required, you may appeal a decision by contacting us at the address above.

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the effective date and, where appropriate, providing additional notice. Your continued use of the Services after the effective date constitutes your acceptance of the revised policy.

Boats LLC (d/b/a FirstParty)
Attn: Privacy
Email: support@gofirstparty.com