PRIVACY POLICY
Last Updated: 13 April, 2026
Introduction
Welcome to eventcloud ("Platform", "we", "us", "our"). We are committed to protecting your personal data and respecting your privacy.
This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website www.eventcloud.io (the "Website") or use our Platform at app.eventcloud.io (the "App").
Who We Are
We are Eventech Systems Limited, a company registered in England and Wales under company number 15953654. Our registered office is at 24 Devonshire Buildings, Bath, BA2 4SU, United Kingdom.
If you have any questions about this Privacy Policy or our data practices, you can contact us at:
- Email: [email protected]
- Post: 24 Devonshire Buildings, Bath, BA2 4SU, United Kingdom
Important Distinction: Two Types of Users
It is important to understand that our Platform serves two distinct groups of individuals, and this policy applies differently to each:
- Customers: Event organisers who create an account and use our Platform to sell tickets and manage registrations.
- Attendees: Individuals who purchase tickets or register for events created by our Customers.
We explain the data we hold on each group and your respective rights below.
What Data We Collect
Data We Collect from Customers (Event Organisers)
When you register for an account or use our Platform as a Customer, we may collect the following information:
- Company Information: Company name, registered address, contact phone number, tax/VAT number (if required). Purpose: To set up your account, verify your business, and provide invoicing.
- User Information: First name, last name, and email address for each individual user ("seat") on your account. Purpose: To create and manage user accounts, authenticate logins, and provide access to the Platform.
- Account Data: Your login credentials are managed via third-party authentication providers (see Section 4). We do not store passwords. We receive your name and email from these providers when you log in. Purpose: To enable secure access to your account.
- Event Content: Images, colour preferences, email templates, ticket names, descriptions, and other content you upload to create your events. Purpose: To provide the core functionality of the Platform.
- Stripe Connection: Your Stripe account ID. We do not store your full Stripe API keys or financial details on our servers. Purpose: To connect your Stripe account for ticket revenue processing.
Data We Collect from Attendees (Ticket Buyers)
When an individual purchases a ticket or registers for an event created by one of our Customers, we collect and process the following information on behalf of our Customer:
- Essential Data: Email address (required for every attendee). Purpose: To send the ticket/confirmation email and essential transactional communications about the event.
- Optional Form Data: Any additional information requested by the Customer through custom form fields (e.g., name, dietary requirements, company name, etc.). Purpose: To fulfil the Customer's event management needs. The purpose of this data is determined solely by the Customer.
- Technical Data: IP address, browser type, and device information at the time of transaction. Purpose: For security, fraud prevention, and to improve Platform functionality.
- Payment Data: We do not store credit card details. All payments are processed directly by Stripe. We receive a confirmation of successful payment from Stripe but do not see or store your full payment card information.
Data We Collect Automatically (All Visitors)
When you visit our Website or use our App, we may automatically collect technical data about your device and usage patterns:
- Cookies and Tracking: We use cookies for authentication (to keep you logged in) and for analytics (to understand how our Platform is used). Purpose: To provide a seamless user experience and improve our service.
- Usage Data: Pages visited, time spent on pages, clickstream data, and feature interactions. Purpose: To analyse and improve the performance, flow, and intuitiveness of the Platform. This data is anonymised where possible.
- Customer-Connected Tracking: Our Customers have the option to connect their own tracking tools (e.g., Google Analytics, Facebook Pixel) to their event pages. If they do so, the data collected by these tools is subject to the Customer's own privacy policy and the terms of those third-party services. We do not collect or control this data.
How We Use Your Data
We only use your personal data where we have a legal basis to do so.
For Customers
- To provide and manage your account, and to deliver the Platform services. Legal Basis: Performance of a Contract â This is necessary to fulfil our agreement with you.
- To communicate with you about your account, billing, and support requests. Legal Basis: Performance of a Contract and Legitimate Interests â To ensure you can effectively use our service.
- To improve the Platform (using anonymised usage data). Legal Basis: Legitimate Interests â To make our service better for all users.
For Attendees
- To process your ticket purchase or registration on behalf of the event organiser (Customer). Legal Basis: Legitimate Interests â We process this data to provide the ticketing service requested by our Customer.
- To send you your ticket and essential event updates via email (using Resend.com). Legal Basis: Legitimate Interests â This is necessary to fulfil the service the Customer has contracted us to provide.
- To ensure the security and integrity of the Platform. Legal Basis: Legitimate Interests â To prevent fraud and maintain a safe service.
Important Note on Attendee Data: For attendee data, the Customer (event organiser) is the Data Controller and eventcloud is the Data Processor. This means the Customer decides why the data is collected and how it is used. We process that data strictly on their behalf. If you are an attendee and have questions about how your data is used for a specific event, you should contact the event organiser directly.
Third-Party Services and Data Sharing
We do not sell your personal data. However, we share data with trusted third parties who help us operate our Platform. All third parties are required to respect your data and only process it in accordance with our instructions.
- Stripe: Payment processing. Data Shared: Payment confirmation, Customer Stripe account ID. No full credit card details are stored by us. Location of Servers: Global (Stripe infrastructure). Safeguards: Stripe is PCI DSS compliant. View Stripe's Privacy Policy.
- Resend.com: Sending transactional emails (tickets, confirmations). Data Shared: Email addresses of Attendees and Customers. Safeguards: We have a Data Processing Agreement with Resend. View Resend's Privacy Policy.
- fly.io: Web hosting (app and databases). Data Shared: All data stored in the Platform (Customer and Attendee data). Location of Servers: Region-specific: US Customers: USA; UK Customers: UK; EU Customers: EU; Rest of World: Nearest available node. Safeguards: fly.io is SOC2 compliant. View fly.io's Privacy Policy.
- Google SSO: User authentication. Data Shared: Name and email address (when you choose to log in with Google). Safeguards: View Google's Privacy Policy.
- Microsoft SSO: User authentication. Data Shared: Name and email address (when you choose to log in with Microsoft). Safeguards: View Microsoft's Privacy Policy.
- Apple SSO: User authentication. Data Shared: Name and email address (when you choose to log in with Apple). Safeguards: View Apple's Privacy Policy.
We also use various third-party libraries for styling and design; these do not process personal data.
International Data Transfers
As a global platform, we may transfer your personal data to countries outside the UK and European Economic Area (EEA).
Region-Specific Hosting: We use fly.io to host data in specific regions based on the Customer's location (US, UK, or EU). This means data for UK Customers stays in the UK, and data for EU Customers stays in the EU.
Global Authentication and Email: Services like Google, Microsoft, Apple, and Resend may process data globally. When we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:
- The country has been deemed "adequate" by the UK/European Commission.
- We use Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner's Office (ICO) with our service providers.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.
- Customer Data: Retained for the duration of your paid subscription.
- Attendee Data: Retained for the duration of the Customer's paid subscription.
- Post-Cancellation: If a Customer cancels their subscription, we retain all associated data (including attendee data) for 30 days from the date of cancellation. After this period, all data is permanently and irrecoverably deleted from our systems.
- Attendees: If you are an attendee and the event organiser (Customer) cancels their subscription, your data will be deleted after the 30-day retention period. If you wish to have your data deleted sooner, you must contact the event organiser directly.
Your Rights
Depending on your location (e.g., UK, EU, California), you have certain rights regarding your personal data.
For Customers
As a direct user of our Platform, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data. You can update your first and last name directly in the app. For email address changes, your account must be re-invited.
- Erasure ("Right to be Forgotten"): Request deletion of your data. You can do this by cancelling your subscription, which initiates the 30-day deletion process.
- Restriction: Request that we stop processing your data in certain ways.
- Data Portability: Request a copy of your data in a structured, commonly used format. (Note: While we strive to enable this, please contact us to discuss your specific needs.)
- Object: Object to our processing of your data based on legitimate interests.
To exercise these rights, please contact us at [email protected].
For Attendees
As an attendee, your data is controlled by the event organiser (our Customer). Therefore:
- If you wish to access, correct, or delete your data, you must contact the event organiser directly. They are best placed to handle your request.
- If the organiser agrees to delete your data, they can do so with a single button within their eventcloud dashboard.
- If you are unable to resolve your request with the organiser, you may contact us at [email protected], and we will forward your request to the organiser on your behalf and assist where possible.
California Privacy Rights (CCPA)
If you are a California resident, you have the right to request that we disclose:
- The categories of personal information we collected.
- The categories of sources from which we collected it.
- The business purpose for collecting it.
- The categories of third parties with whom we share it.
- The specific pieces of personal information we have collected about you.
You also have the right to request deletion of your personal information and the right to opt-out of the "sale" of your personal information. We do not sell personal information.
To exercise your CCPA rights, please contact us at [email protected].
Cookies
Our Website and Platform use cookies. Cookies are small text files stored on your device.
- Strictly Necessary/Authentication cookies: To keep you logged in and maintain your session. These are essential for the Platform to function. Duration: Session-based.
- Analytics cookies: To help us understand how visitors interact with our Website and Platform by collecting anonymised information. Duration: Persistent.
You can control cookies through your browser settings. However, disabling strictly necessary cookies may prevent you from using the Platform.
Security
We take data security seriously. We implement appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, alteration, and disclosure. These measures include:
- Encryption of data in transit (HTTPS/TLS).
- Secure hosting with fly.io (SOC2 compliant).
- Regular security assessments.
- Access controls restricting data access to authorised personnel only.
However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
Children's Privacy
Our Platform is not intended for children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with data, please contact us.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you via email (if you are a Customer) or by posting a prominent notice on our Website prior to the change becoming effective. We encourage you to review this page periodically for the latest information.
Contact and Complaints
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
- eventcloud
- Email: [email protected]
- Post: 24 Devonshire Buildings, Bath, BA2 4SU, United Kingdom
Supervisory Authority
If you are in the UK or EU and are not satisfied with how we have handled your data, you have the right to lodge a complaint with your local data protection authority.
- UK: Information Commissioner's Office (ICO) â www.ico.org.uk
- Ireland: Data Protection Commission â www.dataprotection.ie