Privacy Policy

This Privacy Policy explains how EventsVibe Technologies Pvt. Ltd. ("EventsVibe", "we", "us") collects, uses, shares, and protects your personal information when you use our website, mobile applications, and related services (the Platform).

It applies to all Users — attendees browsing events, ticket buyers, organizers listing events, and visitors who haven't created an account. By using the Platform you agree to the practices described here.

ℹ️ We comply with India's Digital Personal Data Protection Act, 2023 (DPDPA) and apply comparable safeguards to data from users outside India.

We collect data in three ways.

• Account details: name, email address, phone number, password (hashed), profile photo.
• Identity (organizers only): PAN, GSTIN, bank account details, address proofs — collected to enable payouts and meet tax obligations.
• Booking data: events you've booked, attendee names, ticket quantities, promo codes used.
• Communications: messages you send to support, organizers, or other users via the Platform.

• Device & log data: IP address, browser type, OS, device identifiers, referring page, timestamps.
• Usage data: events viewed, searches performed, clicks, scroll depth — used to improve discovery.
• Cookies & local storage: see Section 6.

• OAuth providers: when you sign in with Google or Facebook, we receive your name, email, and profile image — never your password.
• Payment gateway: Razorpay confirms the success/failure of transactions and shares a tokenized payment reference. We never see or store your full card number, CVV, or banking credentials.

We use your data to:

• Create and authenticate your account, and keep it secure.
• Process ticket bookings, issue QR-coded passes, and send booking confirmations.
• Disburse payouts to organizers and produce tax invoices, GST filings, and audit trails.
• Send transactional messages (booking updates, event reminders, refund status, password resets).
• Personalize event recommendations based on your search and booking history.
• Send marketing emails — only if you've opted in. You can unsubscribe from any email in one click.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Respond to legal requests and enforce our Terms.

ℹ️ We do not use your data to train third-party AI models, and we do not sell or rent your personal information to advertisers or data brokers.

We rely on one of the following lawful grounds for each use of your data:

• Performance of contract: processing required to deliver the Platform and fulfill your bookings.
• Legitimate interest: securing the Platform, preventing fraud, improving the product.
• Legal obligation: tax records, KYC for organizers, responding to lawful government requests.
• Consent: marketing communications, optional analytics cookies, location features. You can withdraw consent at any time.

We share the minimum information necessary with the following categories of recipients:

• Event organizers — your name, email, phone, and booking details for events you've purchased tickets to.
• Payment processors (Razorpay) — required to take payment and issue refunds.
• Communication providers — transactional email/SMS/WhatsApp gateways used to deliver booking confirmations.
• Cloud & infrastructure providers — hosting, database, file storage, and security services bound by data-processing agreements.
• Analytics providers — limited, aggregated metrics; we do not share identifiable data with advertising networks.
• Law enforcement — only in response to a valid legal request, and only the specific data required.
• Successors — if we're involved in a merger, acquisition, or sale of assets, data may transfer; you'll be notified of any change in control.

We use three categories of cookies:

• Strictly necessary — sign-in sessions, security tokens, fraud prevention. Cannot be disabled.
• Functional — remember your language, city, and recently viewed events.
• Analytics — aggregated usage metrics. Opt out in your browser or via our cookie banner.

You can clear cookies or block them through your browser settings, but some Platform features will not work without strictly necessary cookies.

• All traffic is encrypted in transit with TLS 1.2+.
• Passwords are stored using bcrypt with per-user salts; we never see or store them in plain text.
• Sensitive credentials (API keys, secrets) are kept in a managed secret store, rotated periodically, and access-audited.
• Database backups are encrypted at rest and access-controlled.
• We log administrative and impersonation actions to an immutable audit trail.
• We run periodic vulnerability scans and a responsible-disclosure program at security@eventsvibe.com.

⚠️ No system is perfectly secure. If we discover a breach affecting your data, we'll notify you within 72 hours along with the steps we're taking and what you should do.

• Account data: kept while your account is active and for 90 days after deletion (to handle reactivation requests).
• Booking & invoice records: retained for 8 years to meet GST and accounting obligations under Indian law.
• Logs & analytics: rolled up or deleted within 12 months.
• Support correspondence: kept for 24 months after resolution.
• Marketing preferences: retained until you withdraw consent.

Under applicable data-protection law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete information.
• Export your data in a portable format (JSON / CSV).
• Delete your account and associated data, subject to legal retention obligations (see Section 8).
• Withdraw consent for marketing or optional cookies at any time.
• Object to processing based on legitimate interests.
• Lodge a complaint with the Data Protection Board of India or your local authority.

Most rights can be exercised directly from your account settings. For anything else, email our Data Protection Officer at privacy@eventsvibe.com; we'll respond within 30 days.

EventsVibe is not directed to children under 18. We do not knowingly collect personal data from anyone below the age of majority. If you believe a child has provided us with personal information, contact us and we'll delete it.

EventsVibe primarily stores data on servers located in India. Some of our service providers (email gateways, analytics) may process data outside India under standard contractual clauses or equivalent safeguards. By using the Platform you consent to these transfers.

We may update this Privacy Policy when our practices, products, or applicable law change. For material changes we'll email account holders and post a banner notice at least 14 days before the new version takes effect. The "Last updated" date at the top of this page always reflects the latest revision.

• Data Protection Officer: privacy@eventsvibe.com
• General support: support@eventsvibe.com

EventsVibe Technologies Pvt. Ltd. WeWork BKC, Bandra Kurla Complex Mumbai 400051, India

CIN: U72900MH2020PTC123456 · GSTIN: 27AABCE1234F1Z5