Privacy Policy

1. Introduction

EventCage ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Information You Provide Directly

• Account information: Name, email address, password, phone number
• Venue information: Venue name, address, location, description, capacity, amenities, pricing
• Visual content: Photos and videos of your venue
• Business information: Company name, VAT number, billing address
• Payment information: Processed and stored securely by Stripe (we only store the last 4 digits of your card)
• Booking information: Event details, booking values, customer interactions
• Communications: Support tickets, emails, feedback, survey responses
• Marketing preferences: Email subscription preferences, communication settings

Information Collected Automatically

• Device information: Browser type and version, operating system, device type
• Usage data: Pages viewed, features used, time spent, click patterns, search queries
• Network information: IP address, approximate location (city/country level)
• Performance data: Page load times, errors, crashes
• Cookies and tracking: Session IDs, authentication tokens, preferences
• Referral information: How you found us (search engines, links, ads)

Information from Third Parties

• Payment processors: Transaction confirmations from Stripe
• Analytics services: Aggregated usage statistics
• Social media: If you connect social media accounts
• Public databases: Business registration information for verification

3. How We Use Your Information

To Provide Our Services

• Create and manage your account
• Display your venue listing to potential customers
• Process and forward customer enquiries
• Facilitate bookings and communications
• Process subscription payments and commission invoices
• Provide the features included in your plan

To Communicate With You

• Send booking notifications and enquiries
• Provide customer support and respond to your requests
• Send important service updates and account notifications
• Send subscription confirmations and invoices
• Send marketing emails (only if you opt in)
• Conduct surveys and request feedback

To Improve and Promote

• Analyze usage patterns and improve the platform
• Develop new features and services
• Fix bugs and resolve technical issues
• Optimize search and recommendation algorithms
• Promote your venue according to your plan
• Feature venues in marketing campaigns (with permission)

For Security and Compliance

• Verify your identity and prevent fraud
• Monitor for suspicious activity
• Enforce our Terms of Service
• Comply with legal obligations and requests
• Maintain records for accounting and tax purposes
• Resolve disputes and enforce our rights

Legal Basis (GDPR)

For users in the EU/EEA, we process your data based on:

• Contract: Necessary to provide our services to you
• Consent: You've given explicit permission (e.g., marketing emails)
• Legitimate interests: Improving services, preventing fraud, security
• Legal obligation: Complying with laws and regulations

4. Information Sharing and Disclosure

We do not sell your personal information. We share your information only as described below:

With Customers

Your public venue information is displayed to customers, including:

• Venue name, location, and address
• Descriptions and amenities
• Photos and videos
• Pricing and capacity information
• Contact information you choose to display

With Service Providers

We share information with trusted third-party service providers who help us operate:

• Stripe: Payment processing (credit card information goes directly to Stripe)
• Supabase: Database and authentication services
• Resend: Email delivery services
• Google Maps: Location and mapping services
• OpenAI: AI-powered search and recommendations
• Weaviate: Search indexing and vector database
• Vercel: Hosting and content delivery

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

For Legal Reasons

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Prevent fraud, security issues, or illegal activity
• Respond to claims or legal proceedings

Business Transfers

If EventCage is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information for other purposes with your explicit consent, such as featuring your venue in case studies or marketing materials.

Aggregated Data

We may share aggregated, anonymized data that does not identify you personally, such as industry trends, usage statistics, or market research.

5. Data Security

We take data security seriously and implement multiple layers of protection:

Technical Measures

• Encryption: All data in transit is encrypted using TLS/SSL
• Secure storage: Data at rest is encrypted in secure databases
• Authentication: Strong password requirements and secure session management
• Access controls: Role-based access limits who can view your data
• Monitoring: Continuous monitoring for suspicious activity
• Regular updates: Software and security patches applied promptly

Organizational Measures

• Background checks for employees with data access
• Staff training on data protection and privacy
• Confidentiality agreements with all staff and contractors
• Regular security audits and assessments
• Incident response procedures

Your Responsibility

You are responsible for:

• Keeping your password secure and confidential
• Not sharing your account with others
• Logging out from shared or public computers
• Notifying us immediately of any unauthorized access

Limitations

While we take extensive measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly of any data breach affecting your information as required by law.

6. Your Rights and Choices

You have the following rights regarding your personal data:

Access and Portability

• Access: Request a copy of all personal data we hold about you
• Portability: Receive your data in a structured, commonly-used format (e.g., CSV, JSON)
• Export: Download your venue information and content at any time from your dashboard

Correction and Deletion

• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Account closure: Close your account at any time by emailing sales@eventcage.com

Note: We may retain some information as required for legal, tax, or accounting purposes, or to resolve disputes and enforce our agreements.

Control and Objection

• Object: Object to processing of your data for certain purposes
• Restrict: Request restriction of processing in certain circumstances
• Withdraw consent: Withdraw consent at any time where we rely on consent

Marketing Communications

• Unsubscribe from marketing emails using the link at the bottom of each email
• Update your email preferences in your account settings
• Note: We will still send essential service emails (e.g., booking notifications, invoices)

Cookies and Tracking

• Control cookies through your browser settings
• Opt out of analytics tracking (though this may affect functionality)
• Use "Do Not Track" browser settings (we honor DNT signals)

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@eventcage.com
• Include: Your name, email address, and specific request
• We will respond within 30 days (or as required by applicable law)
• We may need to verify your identity before processing your request

Complaints

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with your local data protection authority. For UK users, this is the Information Commissioner's Office (ICO). For EU users, contact your national data protection authority.

7. Cookies and Tracking Technologies

What We Use

We use cookies, pixels, and similar technologies for:

• Essential cookies: Required for the platform to function (login, security)
• Performance cookies: Help us understand how you use the platform
• Functional cookies: Remember your preferences and settings
• Analytics cookies: Measure traffic and usage patterns

Third-Party Cookies

Some cookies are placed by third-party services:

• Google Analytics (website analytics)
• Stripe (payment processing)
• Google Maps (location services)

Managing Cookies

You can control cookies through:

• Your browser settings (Chrome, Firefox, Safari, etc.)
• Browser plugins and extensions
• Opting out of specific analytics services

Note: Blocking essential cookies may prevent you from using certain features of the platform.

8. Data Retention

How Long We Keep Your Data

We retain your information for different periods depending on the type:

• Account data: While your account is active and for 30 days after closure
• Booking records: 7 years for tax and accounting purposes
• Payment information: As required by financial regulations (typically 7 years)
• Marketing data: Until you unsubscribe or 2 years of inactivity
• Communication records: 3 years for customer support purposes
• Legal records: As required by law or to defend legal claims
• Analytics data: Aggregated data retained indefinitely (cannot identify individuals)

After Account Closure

When you close your account:

• Your venue listing is removed from public view immediately
• Your personal data is deleted within 30 days
• Some data is retained for legal compliance (financial records, etc.)
• Anonymized analytics data may be retained indefinitely
• You remain liable for any outstanding payments

Data Minimization

We regularly review the data we hold and delete information that is no longer necessary for the purposes for which it was collected.

9. Children's Privacy

EventCage is a business-to-business service intended for venue operators and business users who are at least 18 years old. Our services are not directed to children under 18.

Age Restrictions

• You must be at least 18 years old to create an account
• We do not knowingly collect information from anyone under 18
• If we become aware that a child under 18 has provided us with personal information, we will delete it immediately

Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@eventcage.com, and we will take steps to delete such information.

10. International Data Transfers

Where Your Data May Be Processed

EventCage operates internationally, and your data may be transferred to and processed in:

• United Kingdom (primary operations)
• European Union (data storage)
• United States (cloud services, analytics)
• Other countries where our service providers operate

Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place:

• EU Standard Contractual Clauses (SCCs): For transfers to non-EU countries
• Adequacy decisions: Transfers to countries deemed adequate by EU/UK
• Service provider agreements: Binding data protection obligations
• Technical measures: Encryption and access controls

Service Provider Locations

• Stripe: US (compliant with EU-US Data Privacy Framework)
• Supabase: EU and US regions
• Vercel: Global CDN with EU data centers
• Google (Maps, Analytics): Global infrastructure

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

• Material changes: Email notification at least 30 days before changes take effect
• Minor changes: Updated "Last Updated" date at top of this policy
• Significant changes: Prominent notice on the platform

Continued use of our services after changes take effect constitutes acceptance of the updated policy. If you don't agree, you may close your account by emailing sales@eventcage.com.

Policy History

Previous versions of this policy are available upon request. Contact privacy@eventcage.com.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your information, please contact us:

Response Times

• Privacy requests: Within 30 days (or as required by applicable law)
• General inquiries: Within 3-5 business days
• Urgent security matters: Within 24 hours

Company Information:
EventCage
United Kingdom
Company registration details available upon request

13. GDPR Compliance (EU/UK Users)

Your GDPR Rights

If you are located in the European Economic Area (EEA) or UK, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right not to be subject to automated decision-making
• Right to lodge a complaint with a supervisory authority

Legal Basis for Processing

We process your data under the following legal bases:

• Contract (Art. 6(1)(b)): To provide our services and fulfill our contract with you
• Consent (Art. 6(1)(a)): For marketing communications and certain cookies
• Legitimate interests (Art. 6(1)(f)): For platform improvements, security, fraud prevention
• Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and legal requirements

Data Controller

EventCage is the data controller for your personal information. Contact our Data Protection Officer at privacy@eventcage.com.

Supervisory Authority

UK users can contact the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113

EU users should contact their national data protection authority.

14. California Privacy Rights (CCPA/CPRA)

For California Residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: What personal information we collect and how we use it
• Right to access: Request a copy of your personal information
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt-out of "sale" of personal information (we don't sell data)
• Right to correct: Request correction of inaccurate information
• Right to limit: Limit use of sensitive personal information
• Right to non-discrimination: No discrimination for exercising your rights

We Do Not Sell Your Data

EventCage does not sell personal information and has not sold personal information in the past 12 months.

Categories of Information

We collect the following categories of personal information:

• Identifiers (name, email, phone)
• Commercial information (subscription, bookings, payments)
• Internet activity (usage data, cookies)
• Geolocation data (approximate location)
• Professional information (business details)
• Inferences (preferences, interests)

How to Exercise Your Rights

Email privacy@eventcage.com or call us (if phone number provided). We will verify your identity and respond within 45 days.