Sign In
Sign In
  1. Home
  3. Legal

Data Policy

Last updated: April 19, 2026

1. Overview

This Data Policy explains how Event Parlour collects, processes, stores, and protects your data. It supplements our Privacy Policy with detailed information about data handling practices.

2. Types of Data We Collect

2.1 Personal Data

  • Name, email address, username
  • Profile picture/avatar
  • Phone number (for KYC verification)
  • Date of birth (for KYC verification)
  • Government-issued ID information
  • Payment and billing information

2.2 Event Data

  • Event details, descriptions, images
  • Event dates, times, locations
  • Ticket types, pricing, availability
  • Speaker information
  • Event registrations and attendance

2.3 Transaction Data

  • Ticket purchases and sales
  • Payment transactions and history
  • Refund requests and processing
  • Withdrawal requests
  • Fee calculations and breakdowns

2.4 Usage Data

  • Pages visited and features used
  • Session duration and frequency
  • Device and browser information
  • IP address and location data
  • Search queries and interactions

2.5 Communication Data

  • Channel posts and messages
  • Reactions and interactions
  • Feedback and support requests
  • Email communications
  • Notification preferences
3. How We Process Your Data

3.1 Legal Basis

We process your data based on:

  • Contract: To fulfill our service agreement with you
  • Consent: When you explicitly consent to data processing
  • Legal Obligation: To comply with applicable laws
  • Legitimate Interest: For security, fraud prevention, and service improvement

3.2 Processing Purposes

  • Service delivery and functionality
  • Payment processing and financial transactions
  • User authentication and account management
  • Communication and notifications
  • Security and fraud prevention
  • Analytics and service improvement
  • Legal compliance and dispute resolution
4. Data Storage and Retention

4.1 Storage Location

Your data is stored on secure servers, which may be located in different countries. We ensure appropriate safeguards are in place regardless of storage location.

4.2 Retention Periods

  • Account Data: Retained while account is active, plus 30 days after deletion
  • Payment Records: 7 years (as required by financial regulations)
  • Event Data: Retained for event duration plus 2 years
  • KYC Documents: As required by KYC/AML regulations (typically 5-7 years)
  • Session Data: Until session expiration or logout
  • Analytics Data: Aggregated and anonymized, retained indefinitely

4.3 Data Deletion

You may request deletion of your data, subject to legal retention requirements. Some data may be retained for:

  • Legal compliance
  • Dispute resolution
  • Fraud prevention
  • Financial record-keeping
5. Data Sharing and Third Parties

5.1 Payment Processors

We share payment data with Paystack, Stripe, and M-Pesa for transaction processing. These providers are PCI-DSS compliant and have their own data protection measures.

5.2 OAuth Providers

When using Google OAuth, Google receives authentication requests in accordance with their privacy policy and OAuth scopes.

5.3 Service Providers

We may share data with service providers for:

  • Hosting and infrastructure
  • Email delivery
  • Analytics and monitoring
  • Customer support

5.4 Public Information

Information you make public (event details, public profiles, channel posts) is visible to other users and may be indexed by search engines.

6. Data Security Measures

We implement comprehensive security measures to protect your data:

  • End-to-end encryption for data in transit (TLS 1.2+)
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Intrusion detection and monitoring
  • Regular backups with encryption
  • PCI-DSS compliance for payment data

See our Security Policy for detailed information.

7. Your Data Rights

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us through the feedback feature in the platform.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards, including standard contractual clauses and adequacy decisions, to protect your data in accordance with applicable data protection laws.

9. Children's Data

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will take steps to delete such information promptly.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

11. Changes to This Policy

We may update this Data Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Last updated: April 19, 2026

Product

  • List Your Event
  • Explore Events
  • Pricing
  • Changelog
  • Features
  • Roadmap

Company

  • Contact Us
  • About
  • Legal
  • Privacy Policy
  • Terms of Service
  • Security
  • Refund Policy
  • Cookie Policy

We Are Social

X (Twitter)
TikTok
Instagram
LinkedIn
WhatsApp

Join our community

TanStackFeatured in TanStack

Theme

Toggle theme (currently system)
event parlour
©2026 Event Parlour•All rights reserved•System Status Operational