Privacy Policy

EventZR ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-first event management platform, including our websites, mobile applications, WhatsApp integrations, and related services (collectively, the "Platform"). By using the Platform, you agree to the practices described in this policy.

1. Information We Collect

We collect information you provide directly to us, information collected automatically, and information from third-party sources.

Information You Provide

• Account registration details including your name, email address, phone number, and organization name
• Event information such as event details, venues, schedules, attendee lists, and booking preferences
• Payment and billing information processed through our secure payment partners
• Communications you send through WhatsApp, email, or in-platform messaging when interacting with our AI assistant (Cypher) or support team
• Profile information including photos, biographies, social media links, and professional details
• Content you create or upload, including event descriptions, media files, marketing materials, and documents

Information Collected Automatically

• Device information including IP address, browser type, operating system, and device identifiers
• Usage data such as pages visited, features used, search queries, and interaction patterns
• Location data including approximate geographic location derived from your IP address and, with your consent, precise location for venue and destination recommendations
• AI interaction data including prompts, queries, and responses when using our AI features (ZAR ensemble, Cypher co-pilot, and AI Studio)
• Cookies and similar tracking technologies as described in our Cookie Policy

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our Platform, including event creation, booking management, venue discovery, and ticketing services
• To power our AI features, including personalized event recommendations, intelligent scheduling, AI-generated content, and the ZAR ensemble decision engine
• To process transactions, send booking confirmations, and manage your subscription plan
• To communicate with you via WhatsApp, email, SMS, or push notifications about your events, bookings, and account activity
• To provide customer support through our AI co-pilot (Cypher) and human support agents
• To personalize your experience based on your preferences, event history, and geographic location
• To analyze usage patterns, detect fraud, and improve Platform security and performance
• To comply with legal obligations and enforce our Terms of Service

3. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf, including cloud hosting (AWS), payment processing, email delivery, analytics, and AI model providers (AWS Bedrock, Anthropic, OpenAI). These providers are contractually obligated to protect your data.
• Event Organizers: When you RSVP, purchase tickets, or register for an event, your registration details are shared with the event organizer as necessary to fulfill the event.
• Venue Partners: When you make a booking, relevant booking details are shared with the venue to confirm and manage your reservation.
• Team Members: Within your organization or team workspace, information may be visible to other authorized team members as configured by your team administrator.
• Legal Requirements: When required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of EventZR, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

4. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data, subject to certain legal exceptions
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Object: Object to our processing of your data for direct marketing or profiling purposes
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent as the legal basis for processing
• CCPA Right to Know and Delete: California residents may request disclosure of the categories and specific pieces of personal information collected, and may request deletion of that information
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights

To exercise any of these rights, contact us at privacy@eventzr.com or through the Privacy section of your account settings. We will respond to your request within 30 days.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:

• Account data is retained for the duration of your active account and for up to 90 days after account deletion to allow for recovery
• Event data and booking records are retained for 7 years to comply with financial and tax regulations
• AI interaction logs are retained for 12 months to improve our AI models and service quality, then anonymized
• Analytics and usage data are aggregated and anonymized after 24 months
• WhatsApp conversation histories are retained for 6 months after the last interaction, unless you request earlier deletion

6. Security Measures

We implement industry-standard technical and organizational measures to protect your personal information:

• All data in transit is encrypted using TLS 1.3, and data at rest is encrypted using AES-256 via AWS Key Management Service
• Multi-tenant data isolation through PostgreSQL Row-Level Security (RLS) policies ensures your data is strictly separated from other organizations
• Multi-factor authentication (MFA) is available for all accounts and required for administrative roles
• Regular security audits, penetration testing, and vulnerability assessments are conducted by independent third parties
• Access to production systems is restricted through role-based access control (RBAC) with audit logging
• Our infrastructure is hosted on AWS with SOC 2 Type II, ISO 27001, and PCI DSS compliance

7. International Transfers

EventZR operates globally with infrastructure in multiple AWS regions. Your personal data may be transferred to and processed in countries other than your country of residence, including India (ap-south-1), the United States (us-east-1), and Ireland (eu-west-1). When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where available, and binding corporate rules. For EU/EEA users, data processed for GDPR compliance purposes is stored within the EU region (eu-west-1).

8. Children's Privacy

The Platform is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@eventzr.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on the Platform with a new "Last Updated" date and, where required, by sending you a notification via email or WhatsApp. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: