Legal

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information that you provide directly to us, including:

• Account information: Name, email address, and password when you create an account
• Purchase information: Name and email for ticket purchases (account not required)
• Event information: Details about events you create as a host
• Usage data: Information about how you interact with our platform

2. How We Use Your Information

We use the information we collect to:

• Process ticket purchases and deliver digital tickets
• Facilitate event check-in via QR code scanning
• Send transactional emails (ticket confirmations, event updates)
• Review and moderate event listings
• Improve and maintain the platform
• Communicate with you about your account or events

3. Information Sharing

We do not sell your personal information. We share information only in these limited circumstances:

• With event hosts: We share attendee names and check-in status with event hosts for their events
• Payment processors: We share necessary information with Stripe to process payments securely
• Email delivery: We use email service providers to deliver transactional messages
• Legal requirements: We may disclose information if required by law

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encrypted data transmission (HTTPS)
• Secure password hashing
• Row-level security on all database tables
• HMAC-signed QR tokens with timing-safe verification
• Rate limiting on sensitive endpoints

5. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking cookies or advertising cookies. Our platform respects your privacy by minimizing data collection to what is necessary for the Service.

6. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your account and data
• Export your data in a portable format
• Opt out of non-essential communications

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Transaction records are retained for financial and legal compliance. You can request account deletion at any time by contacting our support team.

8. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will promptly delete the information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our platform. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

For questions or concerns about this Privacy Policy, please contact us at privacy@occasio.events.