Privacy Policy

1. Information We Collect

Information you provide:

• Account information: name, email address, and password when you create an account.
• Profile information: display name, bio, and profile photos you choose to add.
• Event information: event details, descriptions, and images if you create events.
• Payment information: payment card details are collected and processed directly by Stripe. We do not store your full card number, expiration date, or CVV.

Information collected automatically:

• Usage data: pages visited, features used, and interactions with the platform.
• Device information: browser type, operating system, and device identifiers.
• Location data: approximate location based on IP address, used for event discovery and search. We do not track precise GPS location without your explicit consent.
• Cookies: essential cookies for authentication and site functionality. See Section 7 below.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account.
• Process ticket purchases and deliver confirmation emails and QR code tickets.
• Display events relevant to your location and interests.
• Provide event organizers with attendee and sales analytics.
• Send transactional emails (order confirmations, event updates, account notifications).
• Improve and maintain the Service.
• Detect and prevent fraud, abuse, and security issues.

3. Third-Party Services

We share information with the following third parties as necessary to operate the Service:

• Stripe: processes all payments on the platform. Stripe collects and stores payment card information under its own privacy policy. See stripe.com/privacy.
• Mapbox: provides map and location services for event discovery. See mapbox.com/legal/privacy.

We do not sell your personal information to third parties. We do not use third-party advertising trackers on the platform.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain certain records (e.g., transaction records for tax and accounting purposes, which may be retained for up to 7 years).

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request that we delete your personal data.
• Portability: request your data in a portable, machine-readable format.
• Opt-out: opt out of non-essential communications at any time.

To exercise any of these rights, contact us at privacy@out4.events. We will respond within 30 days.

6. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• The right to know what personal information we collect and how it is used.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.

7. European Residents (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases: performance of a contract (providing the Service), legitimate interest (improving the Service, preventing fraud), and consent (where required). You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights under the GDPR.

8. Cookies

We use only essential cookies required for authentication and core site functionality. We do not use third-party advertising or tracking cookies. Essential cookies cannot be disabled as they are necessary for the Service to function.

9. Data Security

We implement industry-standard security measures to protect your personal information, including encrypted connections (TLS/SSL), secure password hashing, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.