Privacy Policy
Effective Date: April 26, 2026
This Privacy Policy explains how eventanew ("we," "us," "our") collects, uses, and shares information when you use eventanew (the "Service").
1. Information We Collect
| Type | Examples | Purpose |
|---|---|---|
| Account Data | Name, email, profile picture | To create and manage accounts |
| Event Data | Event name, settings, access URL, QR code, hero image | To generate and manage events |
| Media Uploads | Photos/videos (may include EXIF data), uploader name or alias | To store and display event media |
| Chat & Comments | Message body, author name, author avatar | To enable in-event communication |
| Billing Data | Subscription plan, payment history | To process payments and manage subscriptions |
| Technical Data | IP address, country code, browser/device type, error logs, cookies | To secure the Service and prevent abuse |
| Storage Metadata | File size, type, and dimensions | To upload or retrieve event media |
2. How We Use Information
- To provide and maintain the Service.
- To host, store, and manage event media.
- To authenticate users and secure accounts.
- To process payments and manage subscriptions.
- To communicate about your account or events.
- To moderate uploaded content using automated image analysis.
- To improve performance, troubleshoot errors, and analyze usage (with consent).
- To comply with legal obligations.
3. Cookies and Local Storage
We use cookies, localStorage, and sessionStorage as described below. You can manage your analytics preferences at any time using the Cookie Preferences link in the site footer.
| Category | Purpose | Duration |
|---|---|---|
| Authentication | Session cookies that keep you signed in and protect against cross-site request forgery | Session / up to 7 days |
| Event access | A signed token that grants access to password-protected events after you enter the correct password | 7 days |
| Consent preferences | Remembers your cookie consent choices so you are not asked again on every visit | 1 year |
| Preferences | Stores your chosen theme (dark/light mode) and dashboard layout preference in your browser | Persistent (localStorage) |
| Web analytics (consent required) | Collects page views and performance metrics to help us understand how the Service is used — only loaded when you consent | Session |
| Session replay (consent required) | Records anonymised page interactions on a sample of sessions to help diagnose errors — only enabled when you consent | Session |
You may disable cookies in your browser, but some features (such as staying logged in) will not work without strictly necessary cookies.
4. Third-Party Service Providers
We engage the following sub-processors to deliver the Service. Each receives only the data necessary for its role:
| Provider | Purpose | Data Shared |
|---|---|---|
| Convex | Backend database and real-time infrastructure | All application data |
| Clerk | User authentication and identity | Email, name, profile picture, session tokens |
| Stripe | Payment processing and subscription billing | Customer identity, payment method, billing history |
| AWS S3 | Media file storage | Uploaded photos, videos, and file metadata |
| AWS Rekognition | Automated content moderation | Uploaded images are analysed for inappropriate content |
| AWS Lambda | Bulk media zip generation | S3 object keys for requested media |
| Cloudflare | CDN and on-the-fly image optimisation | IP address, user-agent, and media requests (per Cloudflare's privacy policy) |
| Upstash Redis | Rate limiting | IP address or user ID stored transiently as rate-limit keys |
| Sentry | Error monitoring and (with consent) session replay | Error stack traces, logs; IP and user ID only with analytics consent |
| Vercel Analytics | Web analytics (consent required) | Page views, Web Vitals, referrer, approximate region |
We do not sell or rent personal data.
5. Event Access and Sharing
- Events are accessible only via unique, unlisted URLs and QR codes that are not publicly indexed.
- Access is limited to individuals who possess the event link or QR code.
- Event owners control distribution of these links and are responsible for who can access their event.
- We do not make events searchable or visible to the public.
6. Children's Privacy (COPPA Compliance)
- Our Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13.
- If we learn that a child's personal data (including identifiable images) has been uploaded without proper authorization, we will delete it promptly.
- Event owners are responsible for obtaining parental or guardian consent when uploading content that includes minors.
7. Data Storage and Security
- Media is stored securely in AWS S3 and served via a Cloudflare CDN.
- Application data (users, events, messages) is stored in Convex cloud infrastructure.
- Data is encrypted in transit (TLS/HTTPS) and at rest where applicable.
- Event passwords are hashed and salted; plaintext passwords are never stored.
- We limit employee access and regularly review security practices.
8. Data Retention
- We retain user accounts and media as long as necessary to provide the Service.
- Event owners may delete events or media at any time.
- When an account is deleted, associated events, media, and user data are removed from active storage.
- IP addresses stored for security (failed login attempts, rate-limit logs) are retained for up to 90 days.
9. Your Rights
Depending on your region, you may have rights to:
- Access, correct, or delete personal data.
- Withdraw consent or object to processing.
- Request data portability.
- Manage analytics cookie preferences at any time via the Cookie Preferences link in the footer.
To exercise these rights, contact us at [email protected]
10. International Transfers
Your data may be processed in the United States and other countries where we and our service providers operate (including AWS, Convex, Clerk, Stripe, and Cloudflare). We implement appropriate safeguards, such as Standard Contractual Clauses, for international transfers from the EEA or UK.
11. Changes
We may update this Privacy Policy periodically. The latest version will always be available at eventanew.com/privacy. Material changes will be communicated via email or an in-app notice.
12. Contact
Questions? We're here to help.
[email protected]