Privacy Policy for Shindig

We collect information you provide directly to us, such as when you:

• Create an account or profile
• Use our event discovery features
• Save or share events
• Contact us for support
• Subscribe to our newsletters
• Participate in surveys or promotions

The types of information we may collect include:

• Name, email address, and phone number
• Account credentials
• Location data (with your permission)
• Event preferences and interests
• Device information and usage data

When you make purchases through our Services, payment processing is handled by Stripe, Inc., a third-party payment processor. During checkout, Stripe collects:

• Credit or debit card information (card number, expiration date, CVV)
• Billing address and contact information
• Transaction details and payment history

Important: Firefly Events does not directly store your full credit card numbers. Payment card data is collected and processed by Stripe in accordance with Payment Card Industry Data Security Standards (PCI DSS). We only retain limited payment information such as the last four digits of your card and transaction records for accounting and customer service purposes.

For more information about how Stripe handles your payment data, please review Stripe's Privacy Policy at stripe.com/privacy

We use the information we collect to:

• Provide, maintain, and improve our Services
• Personalize your event discovery experience
• Send you notifications about events that match your interests
• Process transactions and send related information
• Respond to your comments, questions, and support requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Communicate with you about products, services, and promotions

We do not sell your personal information. We may share your information in the following circumstances:

• With your consent: We may share information when you direct us to do so
• Service providers: We work with the following third-party companies that help us operate our Services:
  • Vercel: Website hosting and content delivery
  • MongoDB Atlas: Database hosting and data storage
  • Stripe: Payment processing (see Section 1A for details)
  • Fly.io: API hosting and infrastructure
  • Firebase: Mobile app authentication and real-time features
  • Clerk: Web application authentication and user account management
  • PostHog: Product analytics to improve our Services
• Legal requirements: We may disclose information if required by law or to protect rights and safety
• Business transfers: In connection with a merger, acquisition, or sale of assets
• Aggregated data: We may share aggregated, non-personally identifiable information

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication requirements
• Employee training on data protection practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification: In the event of a data breach that may affect your personal information, we commit to notifying all affected users within 72 hours of discovering the breach. This notification will include details about the nature of the breach, the types of data affected, and the steps we are taking to address the situation. This commitment aligns with GDPR Article 33 requirements and applies to all our users globally, regardless of location.

We use cookies, web beacons, and similar technologies to collect information about your use of our Services. These technologies help us:

• Remember your preferences and settings
• Understand how you interact with our Services
• Analyze trends and improve performance
• Deliver relevant content and advertisements

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Services.

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@ff.events.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account data: Retained while your account is active and for up to 30 days after deletion request
• Usage analytics: Retained for up to 24 months for service improvement
• Transaction records: Retained for 7 years as required for legal and tax purposes
• Marketing preferences: Retained until you unsubscribe or request deletion
• Support communications: Retained for up to 3 years for quality assurance

When we no longer need your information, we will securely delete or anonymize it.

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information
• Portability: Request a copy of your data in a portable format
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us at privacy@ff.events or through the app settings.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations
• Right to object: You can object to processing based on legitimate interests
• Right to restrict: You can request we limit how we use your data
• Right to withdraw consent: You can withdraw consent at any time where processing is based on consent
• Right to lodge a complaint: You have the right to file a complaint with your local data protection authority

For GDPR-related inquiries, contact our Data Protection team at privacy@ff.events. We will respond to requests within 30 days.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: You can request information about the categories and specific pieces of personal information we collect
• Right to delete: You can request deletion of your personal information
• Right to correct: You can request correction of inaccurate information
• Right to opt-out: You can opt out of the sale or sharing of your personal information (note: we do not sell personal information)
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To submit a CCPA request, email privacy@ff.events with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" above. We encourage you to review this Privacy Policy periodically.

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of law provisions. You agree to submit to the exclusive jurisdiction of the courts located in Texas for the resolution of any disputes arising under this Privacy Policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@ff.events
• General inquiries: contact@ff.events
• Address: Firefly Events, Austin, Texas