Privacy Policy

Privacy Policy

Last updated: March 24, 2026 Effective date: March 24, 2026

Your privacy matters to us. This policy explains what personal information FestEvental collects, why we collect it, how we use and protect it, and what rights you have over it. We've written it in plain English, not legal jargon.

Who We Are

FestEvental is an event ticketing platform that connects event organizers, vendors, venues, and attendees. When we say "FestEvental," "we," "us," or "our," we mean the FestEvental platform and its operators.

Information We Collect

Account information. When you register, we collect your name, email address, and password. You may optionally add a phone number, profile photo, and other profile details.

Purchase and ticketing data. When you buy tickets, we collect your order details, the event and ticket types purchased, and your billing address. Payment card details are handled directly by Stripe, so we never see or store your full card number (see Payment Processing below).

Event activity. If you attend an event, organizers may record your check-in. Check-in timestamps are used to determine which attendees receive post-event follow-up emails. If you submit a session proposal (speaker submission), we store that content and any scores or reviews associated with it.

Speaker profiles. Organizers may create speaker profiles containing a person's name, email, bio, photo, and website. If you are listed as a speaker and do not have a Platform account, your name and optionally your email, bio, photo, and website are stored until you claim the profile or request removal. Organizers may also add internal scheduling notes about speakers. These notes are visible to event staff but not to the speaker and are not included in data exports.

Organizer and vendor data. If you create events, manage a vendor profile, or operate a venue on FestEvental, we collect your business name, contact information, banking details for payouts (via Stripe), and event/catalog content you upload. Vendor profiles may include contact name, contact phone, and contact email. Vendors who set their catalog visibility to public consent to these details being displayed in the public directory.

Venue submissions. Venue listings include name, description, full address, phone, website, and geographic coordinates (latitude and longitude). The submitting user's account is recorded. Venue claims track which user requested to manage the listing and when.

Automated email content. Organizers provide subject lines and body content for automated reminder and follow-up emails sent to ticket holders through the Platform.

Authentication data. When you log in or request a magic link, we process your IP address and browser user agent string. This information is included in magic link emails so you can identify unauthorized login attempts.

Ticket assignment. Purchasers may assign tickets to other attendees. Assignment details (name, email, phone, company, pronouns) are shared with the event organizer for check-in and badge printing purposes. Assignment changes may be locked by the organizer before the event starts.

Communications. If you contact us via the contact form or support channels, we keep a record of that correspondence.

Usage data. We automatically collect standard server log data when you use the platform: IP address, browser type, pages visited, and timestamps. This is used for security, debugging, and aggregate analytics, not to build a profile on you.

Cookies. See the Cookies section below.

How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Process ticket purchases and issue tickets
  • Pay out organizers and vendors via Stripe Connect
  • Send you order confirmations, ticket receipts, and event updates
  • Send automated reminder and follow-up emails on behalf of event organizers
  • Allow organizers to manage their events and communicate with attendees
  • Allow venues and vendors to manage their profiles and bookings
  • Review speaker submissions and schedule events
  • Respond to support requests and contact form inquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Target post-event follow-up emails based on check-in status (only attendees who checked in receive the follow-up)
  • Generate and manage invoices for organizer platform fees
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data to serve you third-party advertising.

How We Share Your Information

With event organizers. When you purchase a ticket to an event, the event organizer can see your name, email address, and order details for that event. This is necessary for them to manage their event, communicate with attendees, and process check-ins. Organizers are responsible for handling attendee data in accordance with their own privacy practices.

With vendors and venues. Vendors and venues linked to an event may see attendee-facing information relevant to their role (for example, a vendor coordinator may see check-in counts). They do not receive your full personal data unless the organizer explicitly shares it.

With Stripe. All payment processing is handled by Stripe, Inc. When you make a purchase, your payment details are transmitted directly to Stripe under their own Privacy Policy. FestEvental receives only a payment confirmation and a tokenized reference, never your raw card data.

With service providers. We use a small number of trusted third-party services to operate the platform (for example, email delivery). These providers access only the data necessary to perform their service and are contractually prohibited from using it for any other purpose.

For legal reasons. We may disclose your information if required by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the safety of any person or to prevent fraud or illegal activity.

Business transfers. If FestEvental is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

Payment Processing

All payments on FestEvental are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. Organizers receive payouts via Stripe Connect, which requires Stripe to verify their identity independently.

FestEvental never stores full credit card numbers, CVV codes, or bank account numbers. Payment tokens stored on our end are Stripe references only and are useless without Stripe's systems.

Cookies and Tracking

FestEvental uses cookies and similar technologies to keep you logged in, remember your preferences, and maintain session security. We do not use third-party tracking cookies for advertising or behavioral profiling.

Session cookies expire when you close your browser. Persistent cookies (like your login session) remain until they expire or you clear them.

You can configure your browser to reject cookies, but doing so will prevent you from logging in or completing purchases.

Marketing Communications

FestEvental does not currently send marketing emails. If this changes in the future, we will update this policy and provide an opt-out mechanism.

Data Security

We take reasonable technical and organizational measures to protect your personal information:

  • All data is transmitted over encrypted connections (TLS/HTTPS, SSH)
  • Passwords are hashed using industry-standard algorithms, so we cannot retrieve your password
  • API access requires token authentication
  • Magic links and verification codes are single-use and time-limited
  • Payment data never touches our servers (handled entirely by Stripe)
  • Access to production data is restricted to authorized personnel

No system is perfectly secure. If you have reason to believe your account has been compromised, please contact us immediately.

Data Retention

We retain your account and purchase data for as long as your account is active, and for a reasonable period afterward in case you need to reference past orders or in case of a dispute. Organizer financial records are kept for as long as required by applicable tax and accounting laws.

All profiles are retained until removed by an authorized user or Platform staff.

If you request deletion of your account, we will remove or anonymize your personal data within 30 days, except where retention is required by law (for example, completed financial transactions).

Your Privacy Rights

Regardless of where you live, we give every FestEvental user the following rights over their data, with no exceptions and no geographic restrictions.

A quick note on why: several US states have enacted consumer privacy laws (California's CPRA, Virginia's VCDPA, Colorado's CPA, and others). Rather than maintaining a patchwork of state-by-state compliance, we chose to align with the EU General Data Protection Regulation (GDPR), the most comprehensive privacy standard in the world. We're not required to offer GDPR-level protections to US residents, but we do anyway, because it's the right thing to do.

You have the right to:

  • Access: Request and download a copy of the personal data we hold about you
  • Correction: Ask us to correct inaccurate or incomplete data
  • Deletion: Request that we delete your account and personal data
  • Portability: Request your data in a machine-readable format
  • Restriction: Ask us to limit how we process your data in certain circumstances
  • Objection: Object to processing based on legitimate interest
  • Profile removal: If you are listed as a speaker, vendor contact, or venue submitter and wish to have your information removed, contact the relevant organizer or FestEvental support via our Contact page

To exercise any of these rights, use the Privacy section of your account settings, or contact us via our Contact page. We will respond within 30 days.

Children's Privacy

FestEvental does not allow accounts for children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, please contact us and we will delete it promptly.

For users between 13 and 17, we encourage a parent or guardian to review this policy. We do not knowingly market to minors or use their data for profiling or behavioral advertising. Parents and guardians may reach us via our Contact page at any time to review, correct, or permanently delete their child's account and associated data. We will action all such requests within 30 days.

Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top and, for material changes, notify registered users by email. Continued use of FestEvental after changes take effect constitutes acceptance of the updated policy.

Contact Us

Questions, requests, or concerns about your privacy? We're here.

Use the contact form on our Contact page. For data subject requests (access, deletion, portability), use the Privacy section of your account settings for the fastest response.