Privacy Policy

1. Introduction

Welcome to LoomEvent. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for an account
• Create or manage events
• Purchase tickets
• Contact customer support
• Subscribe to our newsletter
• Participate in surveys or promotions

This information may include:

• Personal Information: Name, email address, phone number, date of birth
• Account Information: Username, password (encrypted), profile picture
• Payment Information: Credit card details, billing address (processed securely via Stripe)
• Event Information: Event details, ticket preferences, attendee information
• Communications: Messages, feedback, support inquiries

2.2 Automatically Collected Information

When you access our platform, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Information: Pages viewed, time spent, click patterns, referring URLs
• Location Information: General geographic location based on IP address
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies

2.3 Third-Party Information

We may receive information from third parties such as:

• Social media platforms (if you choose to connect your account)
• Payment processors (Stripe)
• Analytics providers (Google Analytics)
• Marketing partners (with your consent)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Create and manage your account
• Process ticket purchases and refunds
• Deliver event tickets and confirmations
• Send event reminders and updates
• Provide customer support
• Facilitate communication between event organizers and attendees

3.2 Platform Improvement

• Analyze usage patterns and trends
• Improve user experience and functionality
• Develop new features and services
• Conduct research and analytics
• Monitor and prevent fraud

3.3 Marketing and Communications

• Send promotional emails (with your consent)
• Personalize event recommendations
• Conduct surveys and request feedback
• Send administrative notifications

3.4 Legal and Security

• Comply with legal obligations
• Enforce our Terms of Service
• Protect against fraud and abuse
• Respond to legal requests
• Protect our rights and property

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Event Organizers

When you purchase tickets or register for an event, we share necessary information (name, email, ticket details) with the event organizer to facilitate your attendance.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in:

• Payment Processing: Stripe (for payment processing and PCI compliance)
• Email Delivery: Resend (for transactional and marketing emails)
• Cloud Hosting: Vercel, AWS (for platform hosting and storage)
• Analytics: Google Analytics, PostHog (for usage analytics)
• Error Tracking: Sentry (for application monitoring)

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or legal processes
• Law enforcement requests
• Protection of our rights and safety
• Prevention of fraud or illegal activity

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data transmissions use SSL/TLS encryption
• Secure Storage: Passwords are hashed using industry-standard algorithms
• Access Controls: Strict access controls and authentication
• Regular Audits: Security assessments and vulnerability scanning
• Data Backups: Regular encrypted backups
• PCI Compliance: Payment data handled by PCI-DSS compliant providers

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records

Specific retention periods:

• Account Information: Until you request deletion or after 2 years of inactivity
• Transaction Records: 7 years (for tax and accounting purposes)
• Marketing Data: Until you unsubscribe
• Logs and Analytics: 90 days

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of your personal data in a structured, machine-readable format.

7.2 Rectification

You can update or correct your personal information at any time through your account settings.

7.3 Deletion

You can request deletion of your personal data, subject to certain legal obligations. We may need to retain some information for compliance purposes.

7.4 Opt-Out

You can opt out of:

• Marketing emails (unsubscribe link in emails)
• Analytics cookies (browser settings)
• Personalized advertising (browser/device settings)

7.5 Restrict Processing

You can request that we limit how we use your personal information.

7.6 Object

You have the right to object to certain uses of your personal information.

To exercise these rights, please contact us at privacy@loomevent.com or use the data export/deletion features in your account settings.

8. GDPR (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

8.1 Legal Basis for Processing

We process your personal data based on:

• Contractual Necessity: To fulfill our contract with you
• Legitimate Interests: To improve our services and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws

8.2 International Data Transfers

Your information may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Privacy Shield certification (where applicable)

8.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

9. CCPA (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You have the right to request information about:

• Categories of personal information we collect
• Sources of personal information
• Purposes for collecting/sharing personal information
• Categories of third parties we share with

9.2 Right to Delete

You have the right to request deletion of your personal information.

9.3 Right to Opt-Out

We do not sell your personal information. If our practices change, we will update this policy and provide an opt-out mechanism.

9.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use our platform
• Marketing Cookies: Deliver personalized content (with consent)

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

11. Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

14. Data Protection Officer

For privacy-related inquiries, you can contact our Data Protection Officer at dpo@loomevent.com