Privacy Policy

1. Scope

Eventyr provides ticketing and event-management infrastructure for performing arts organizations and similar organizers. This policy applies to information we collect when you visit our sites, create an account, administer an organization, buy or receive tickets, contact support, or otherwise use the services.

Organizations that use Eventyr may collect and control additional information about their own patrons, staff, events, communications, refund policies, and customer relationships. When an organization controls that information, Eventyr processes it on the organization's behalf as a service provider or processor, except where we use it for our own limited operational, security, compliance, or legal purposes.

2. Information we collect

• Account information, such as name, email address, login credentials, organization membership, role, and authentication activity.
• Organization information, such as organization name, contact details, branding, public event content, tax and payout settings, domain settings, and support configuration.
• Ticketing and transaction information, such as orders, tickets, passes, event selections, seating choices, discounts, refunds, exchanges, balances due, and customer support history.
• Payment-related information processed by our payment providers, such as payment status, transaction identifiers, billing details, fraud signals, payout data, and limited card metadata. We do not intentionally store full payment card numbers.
• Communications, such as support requests, email delivery data, replies, feedback, uploaded materials, and other messages sent through the services.
• Usage and device information, such as IP address, browser type, device identifiers, pages viewed, referring pages, approximate location, log data, diagnostics, and security events.
• Cookies and similar technologies used to keep you signed in, protect the service, remember preferences, measure usage, and improve reliability.

3. How we use information

• Provide, operate, maintain, and improve the services.
• Create and manage accounts, organizations, events, orders, tickets, passes, and support workflows.
• Process payments, refunds, taxes, payouts, fraud checks, and financial reporting through third-party providers.
• Send transactional emails, support replies, administrative notices, security alerts, receipts, and service updates.
• Protect the services, prevent abuse, investigate suspicious activity, debug errors, and enforce our terms.
• Analyze performance, usage, and product behavior so we can improve functionality and reliability.
• Comply with legal obligations, tax, accounting, audit, dispute, chargeback, law-enforcement, and regulatory requirements.
• Develop new features and internal tools, including aggregated or de-identified analytics that do not reasonably identify a person.

4. How we disclose information

We do not sell personal information for money. We may disclose information as described below when reasonably necessary to provide and protect the services.

• With organizations that use Eventyr, including information about their patrons, orders, tickets, communications, and event activity.
• With service providers that help us operate the services, including hosting, database, authentication, payment processing, tax, email delivery, analytics, logging, security, customer support, and development tools.
• With payment processors, banks, card networks, tax providers, and fraud-prevention services to process transactions and payouts.
• With other users as directed by the functionality of the services, such as ticket transfers, support threads, or organization staff collaboration.
• With professional advisers, auditors, insurers, and legal representatives.
• With authorities or other parties when we believe disclosure is required by law, subpoena, court order, legal process, safety concern, fraud prevention, or protection of rights.
• In connection with a merger, financing, acquisition, reorganization, bankruptcy, asset sale, or similar business transaction.

5. Cookies and analytics

We use cookies, local storage, and similar technologies for authentication, security, preferences, analytics, diagnostics, and service functionality. Some cookies are necessary for the services to work. You can adjust browser settings to block or delete cookies, but some parts of the services may stop working correctly.

6. Data retention

We retain information for as long as reasonably necessary to provide the services, maintain accurate event and transaction records, resolve disputes, comply with legal, tax, accounting, audit, and payment obligations, enforce agreements, prevent fraud, and protect the services. Retention periods vary based on the type of information, the organization using the services, legal requirements, and operational needs.

7. Security

We use administrative, technical, and organizational safeguards designed to protect information. No internet or storage system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for using appropriate access controls within your organization.

8. Your choices and rights

Depending on where you live and how you use the services, you may have rights to access, correct, delete, export, restrict, or object to certain processing of personal information. You may also have the right to appeal a decision or lodge a complaint with a regulator.

If your information is controlled by an organization that uses Eventyr, we may direct your request to that organization or process it according to that organization's instructions. We may need to verify your identity and may retain information where permitted or required by law.

9. California and other state privacy rights

Some U.S. state privacy laws require additional disclosures and rights. Where those laws apply, residents may have rights to know, access, correct, delete, obtain a portable copy of, opt out of certain sharing or targeted advertising, limit certain sensitive information uses, and be free from discrimination for exercising privacy rights.

Eventyr does not knowingly sell personal information for money. If our use of advertising or analytics tools is considered a sale, sharing, or targeted advertising under applicable law, we will provide the notices and choices required by law.

10. Children

The services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13. Event attendees may include minors, but organizations are responsible for ensuring they have any required authority to enter attendee or patron information into the services.

11. International use

Eventyr is operated from the United States. If you access the services from outside the United States, your information may be processed in the United States or other jurisdictions where we or our service providers operate. Those jurisdictions may have data protection laws different from where you live.

12. Changes

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users, such as posting an updated policy, changing the last updated date, or sending a notice through the services.

13. Contact

For privacy questions or requests, contact us at hello@eventyr.io.