Your data, your call.

• Account details: name, email, password hash.
• Booking data: events you buy tickets to, and any accessibility or dietary preferences you share at checkout.
• Payment metadata: the last four digits and card brand. Full card numbers are never stored on our servers — they go straight to our PCI-compliant payment processor.
• Device and usage data: IP address, browser, and pages viewed, used for security and basic analytics.

To process your bookings, deliver tickets, prevent fraud, respond to support requests, and — if you've opted in — to email you occasional recommendations. We don't sell your data, ever.

Only the service providers we need to run Eventide: the payment processor, our email provider, and the organiser of each specific event you book (so they know who's attending). We require each provider to meet equivalent data-protection standards.

You can view, export, or delete your data from Settings → Privacyat any time. If you're in the EU, UK, or California, you have formal access, rectification, erasure, and portability rights under GDPR/CCPA — exercising them takes the same in-app flow.

We use a small number of strictly necessary cookies to keep you signed in and to secure the cart. Analytics cookies are optional and governed by the preferences you set on your first visit.

We keep booking records for 7 years to meet tax and accounting requirements. Everything else is deleted within 30 days of you closing your account, except where retention is legally required.

Privacy questions or requests can go to privacy@eventide.example.