Welcome to Shindig, a product of Firefly Events ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Shindig mobile application and related services (collectively, the "Services").
Please also review our Terms of Service for additional information about the use of our Services.
1. Information Collection
We collect information you provide directly to us, such as when you:
- Create an account or profile
- Use our event discovery features
- Save or share events
- Contact us for support
- Subscribe to our newsletters
- Participate in surveys or promotions
The types of information we may collect include:
- Name, email address, and phone number
- Account credentials
- Location data (with your permission)
- Event preferences and interests
- Device information and usage data
1A. Payment Processing
When you make purchases through our Services, payment processing is handled by Stripe, Inc., a third-party payment processor. During checkout, Stripe collects:
- Credit or debit card information (card number, expiration date, CVV)
- Billing address and contact information
- Transaction details and payment history
Important: Firefly Events does not directly store your full credit card numbers. Payment card data is collected and processed by Stripe in accordance with Payment Card Industry Data Security Standards (PCI DSS). We only retain limited payment information such as the last four digits of your card and transaction records for accounting and customer service purposes.
For more information about how Stripe handles your payment data, please review Stripe's Privacy Policy at stripe.com/privacy
2. Use of Information
We use the information we collect to:
- Provide, maintain, and improve our Services
- Personalize your event discovery experience
- Send you notifications about events that match your interests
- Process transactions and send related information
- Respond to your comments, questions, and support requests
- Monitor and analyze trends, usage, and activities
- Detect, investigate, and prevent fraudulent or unauthorized activity
- Communicate with you about products, services, and promotions
3. Information Sharing
We do not sell your personal information. We may share your information in the following circumstances:
- With your consent: We may share information when you direct us to do so
- Service providers: We work with the following third-party companies that help us operate our Services:
- Vercel: Website hosting and content delivery
- MongoDB Atlas: Database hosting and data storage
- Stripe: Payment processing (see Section 1A for details)
- Fly.io: API hosting and infrastructure
- Firebase: Mobile app authentication and real-time features
- Clerk: Web application authentication and user account management
- PostHog: Product analytics to improve our Services
- Legal requirements: We may disclose information if required by law or to protect rights and safety
- Business transfers: In connection with a merger, acquisition, or sale of assets
- Aggregated data: We may share aggregated, non-personally identifiable information
4. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest
- Regular security assessments and audits
- Access controls and authentication requirements
- Employee training on data protection practices
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Data Breach Notification: In the event of a data breach that may affect your personal information, we commit to notifying all affected users within 72 hours of discovering the breach. This notification will include details about the nature of the breach, the types of data affected, and the steps we are taking to address the situation. This commitment aligns with GDPR Article 33 requirements and applies to all our users globally, regardless of location.
5. Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to collect information about your use of our Services. These technologies help us:
- Remember your preferences and settings
- Understand how you interact with our Services
- Analyze trends and improve performance
- Deliver relevant content and advertisements
You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Services.
6. Third-Party Links
Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.
7. Children's Privacy
Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@ff.events.
8. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
- Account data: Deleted immediately upon account deletion request (see Section 8A below)
- Usage analytics: Retained for up to 24 months for service improvement
- Transaction records: Retained for 7 years as required for legal and tax purposes
- Deletion audit records: Retained for 7 years as required by GDPR for compliance evidence
- Marketing preferences: Retained until you unsubscribe or request deletion
- Support communications: Retained for up to 3 years for quality assurance
When we no longer need your information, we will securely delete or anonymize it.
8A. Account Deletion
You may delete your account at any time from within the Shindig app by navigating to Profile > Delete Account. Account deletion is immediate and permanent. There is no recovery or cooling-off period once you confirm deletion.
When you delete your account, the following actions occur automatically:
- Authentication revoked: Your login credentials are permanently removed, and all active sessions are terminated immediately
- Personal information cleared: Your name, email address, profile photo, and other personally identifiable information are permanently erased from your account record
- Event participation removed: Your RSVPs and attendance records are removed from all events
- Social data deleted: OAuth tokens, invitations (sent and received), referral records, and verification tokens are permanently deleted
- Financial data deleted: In-app purchase records, wallet data, pending rewards, and payment records are permanently deleted
- Activity data deleted: Achievement progress, affinity profile, and inventory data are permanently deleted
- Reports anonymized: Any content reports you submitted are retained for platform safety but your identity is replaced with an anonymous identifier
What we retain after deletion:
- Deletion audit log: A record that your account was deleted, including the date and the types of data removed. This log does not contain your personal information and is retained for 7 years to satisfy legal and regulatory compliance obligations (GDPR Article 5(2), CCPA record-keeping requirements).
- Anonymized reports: Content reports are retained for platform safety with your identity removed.
- Transaction records: Financial transaction records may be retained in anonymized or aggregated form as required by tax and accounting regulations.
If you have questions about account deletion or need assistance, contact us at privacy@ff.events.
9. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate or incomplete information
- Deletion: Delete your account and personal data directly from the Shindig app (Profile > Delete Account), or by emailing privacy@ff.events. See Section 8A for full details on what is deleted and what is retained
- Portability: Request a copy of your data in a portable format
- Opt-out: Unsubscribe from marketing communications at any time
To exercise these rights, please contact us at privacy@ff.events or use the relevant options in the app settings.
10. GDPR Compliance (European Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations
- Right to object: You can object to processing based on legitimate interests
- Right to restrict: You can request we limit how we use your data
- Right to withdraw consent: You can withdraw consent at any time where processing is based on consent
- Right to lodge a complaint: You have the right to file a complaint with your local data protection authority
For GDPR-related inquiries, contact our Data Protection team at privacy@ff.events. We will respond to requests within 30 days.
11. CCPA Compliance (California Users)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know: You can request information about the categories and specific pieces of personal information we collect
- Right to delete: You can request deletion of your personal information
- Right to correct: You can request correction of inaccurate information
- Right to opt-out: You can opt out of the sale or sharing of your personal information (note: we do not sell personal information)
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
To submit a CCPA request, email privacy@ff.events with the subject line "CCPA Request." We will verify your identity and respond within 45 days.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" above. We encourage you to review this Privacy Policy periodically.
13. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of law provisions. You agree to submit to the exclusive jurisdiction of the courts located in Texas for the resolution of any disputes arising under this Privacy Policy.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@ff.events
- General inquiries: contact@ff.events
- Address: Firefly Events, Austin, Texas
Last updated: March 9, 2026
Firefly Events | Austin, Texas