Personal Information

• Account Information: Name, email address, phone number, and physical address when you create an account
• Date of Birth: Collected at signup so we can verify you meet our minimum-age requirements (18+ to create an account; hard cutoff at 13 to comply with COPPA — see "Children's Privacy" below)
• Authentication Data: Information received when you sign in with Google OAuth, Apple Sign-In, or email/password, including the limited profile fields the identity provider returns
• Profile Information: Photos, bios, and preferences you choose to share

Business Information (Providers)

• Business Details: Business names, descriptions, service categories, and pricing structures
• Tax & Payout Information: Tax rates, referral earnings, deposit settings, and Stripe Connect payout details. W-9 information is collected via Stripe Connect's onboarding flow and is used to support 1099-K reporting; Eventini stores a copy of the W-9 fields surfaced by Stripe
• Certifications: Professional licenses, insurance documentation (Certificates of Insurance), and identity verification
• Identity Tags: Self-reported status such as nonprofit, woman-owned, or veteran-owned business
• Media: Photos, videos, audio demos, and promotional materials uploaded to your profile

Bank Account & ACH Information

• Bank-Account Linking via Stripe Financial Connections: When you link a bank account (typically as a provider or as an organization receiving cash settlements), the linking flow is hosted by Stripe Financial Connections. Stripe — not Eventini — collects your bank login credentials, account number, routing number, and recent transaction metadata. Eventini does not see or store your bank credentials at any point
• What Eventini Receives Back: A Stripe Financial Connections account ID, a tokenized reference to the linked account, the bank name, last-four of the account number, and (where you authorize it) periodic balance / transaction summaries used to detect insufficient-funds risk before a debit
• ACH Authorizations: A timestamped record of the authorization you provided in your dashboard (including IP address and user agent) is stored in our authorizations log for at least seven (7) years to satisfy NACHA recordkeeping requirements
• Stripe's use of your bank data is governed by Stripe's privacy policy and Financial Connections end-user terms

Event and Booking Data

• Event Information: Guest counts, event types, dates, times, and venue details
• Location Data: Full addresses, service radius, geographic preferences, and (for online delivery orders) the customer's delivery address, unit/apt, and any delivery instructions
• Communications: Messages exchanged between hosts and providers, including content, timestamps, and read status

Payment Card Information

Eventini does not store, process, or transmit raw cardholder data on its own infrastructure. All card interactions are tokenized through Stripe Elements (web), Stripe Mobile SDKs, or Stripe Terminal (in-person). Eventini receives only the non-sensitive metadata Stripe returns (card brand, last four, country, ZIP) and the resulting payment-intent or charge ID.

Analytics and Usage Data

• Performance Metrics: Profile views, booking counts, ratings, and reviews
• Platform Usage: How you interact with our services, features used, and preferences
• Device Information: Browser type, operating system, IP address, and device identifiers

• Platform Operations: To facilitate connections between hosts and providers, process bookings and online orders, and enable payments and payouts
• Account Management: To create and maintain your account, verify identity, age-gate the signup flow, and provide customer support
• Communications: To send booking confirmations, delivery tracking, order updates, reminders, and important notices about our services, including via SMS/text messages and email
• Personalization: To customize your experience and provide relevant recommendations
• Analytics: To understand usage patterns, improve our services, and develop new features
• Safety and Security: To detect and prevent fraud, abuse, chargebacks, ACH return abuse, and security threats
• Legal Compliance: To comply with applicable laws, regulations, NACHA Operating Rules, IRS reporting (1099-K), state sales-tax marketplace-facilitator obligations, and legal processes
• Marketing: With your consent, to send promotional communications about our services. You may opt out at any time

We share your information in the following circumstances:

With Other Users

When you book or provide services, relevant information is shared between hosts and providers to facilitate the transaction. This includes names, contact details, event information, delivery addresses (for delivery orders), and communications.

Service Providers (Sub-Processors)

• Google & Apple: For OAuth / Sign-In authentication services
• Firebase (Google): For our database, authentication, and storage infrastructure
• Stripe Payments: For card processing, payouts, Connect transfers, and Stripe Tax (where applicable)
• Stripe Financial Connections: For bank-account linking and ACH authorization flows (providers / orgs only)
• Twilio: For transactional SMS notifications
• ClickSend: For SMS delivery on our fallback infrastructure
• Resend: For transactional email delivery (receipts, confirmations, password resets)
• Cloudinary: For media uploads (provider photos, profile pictures, menu imagery)
• Render & Vercel: For hosting our marketplace and fallback application infrastructure
• Toast POS: For integrated point-of-sale services for providers who opt in
• Analytics & Error Monitoring Providers: To help us understand platform usage and diagnose issues

We share with each sub-processor only the minimum information needed for them to provide their service, and we contractually require each to protect your information consistent with this Policy.

Legal Requirements

We may disclose information when required by law, to protect our rights, to comply with subpoenas or valid legal processes, or to defend against claims.

No Sale of Personal Information

Eventini does not sell your personal information for monetary or other valuable consideration, and does not share it with third parties for cross-context behavioral advertising.

We implement security measures appropriate for a marketplace platform of our size:

• Encryption: Data is encrypted in transit (TLS) and at rest using industry-standard protocols
• Access Controls: Role-based access controls limit who can view and modify data
• Firebase Security Rules: Database access is gated by per-collection security rules
• PCI DSS: We comply with PCI DSS SAQ A by fully outsourcing cardholder-data handling to Stripe
• Secure Authentication: OAuth 2.0, optional multi-factor authentication, and signed session tokens
• Regular Audits: We conduct periodic security reviews and vulnerability assessments

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Access and Correction

You can access and update most of your personal information through your account settings. For information you cannot access directly, contact us at support@eventini.io.

Data Deletion

You can request deletion of your account and personal data by contacting support@eventini.io. Some information may be retained as described in "Records Retention" below to satisfy our legal, tax, accounting, and dispute-defense obligations.

Communications

You can opt out of marketing communications through your account settings or by clicking "unsubscribe" in our emails. You can opt out of SMS/text message notifications by replying STOP to any message. You cannot opt out of transactional communications related to your bookings, orders, or account security.

Cookies and Tracking

You can manage cookie preferences through your browser settings. Disabling cookies may affect platform functionality.

Bank-account linking is performed exclusively through Stripe Financial Connections. The credentials you enter (online-banking username, password, MFA code) are submitted directly to Stripe and never reach Eventini's servers.

Eventini receives back only:

• A Stripe-issued account reference (tokenized; cannot be used to debit any account other than the one you authorized)
• Bank name, account-type, and last four of the account number for display in your dashboard
• Periodic balance and transaction summaries (only if you opt into balance-aware debit timing)
• A timestamped, IP-stamped copy of the authorization you provided

See Section 8 of our Terms of Service for the full ACH authorization, notice-of-change, and revocation terms.

Card and ACH amounts routed to providers through Stripe Connect are subject to IRS reporting on Form 1099-K. Stripe issues these forms directly to providers based on Connect-account volume and the then-current IRS thresholds. Eventini stores a copy of the W-9 information surfaced through Stripe's onboarding to support that reporting and to respond to legitimate IRS or state tax-authority inquiries.

In states where Eventini is determined to be a marketplace facilitator (e.g., Wisconsin under Wis. Stat. § 77.51(7m) once nexus thresholds are crossed), we may collect and remit certain sales taxes on behalf of providers. Where we do, we will notify affected providers in writing before any change in collection behavior takes effect.

By providing your phone number on Eventini, you consent to receive transactional SMS/text messages related to your account, bookings, and orders, including:

• Booking Notifications: Alerts when you receive a new booking request
• Booking & Order Updates: Confirmations, cancellations, ready / out-for-delivery alerts, and changes
• Account Alerts: Important account-related and security notifications

Message Frequency and Charges

Message frequency varies based on your activity. Standard message and data rates may apply depending on your mobile carrier and plan. Eventini does not charge for SMS messages, but your carrier may apply standard messaging fees.

Opting Out of SMS

You can opt out of SMS notifications at any time by replying STOP to any message you receive from us. After opting out, you will receive a one-time confirmation message. You may also contact us at support@eventini.io to opt out. Opting out of SMS notifications does not affect other communications from Eventini (such as in-app messages or transactional emails).

SMS Data Usage

Your phone number is shared with our SMS service providers (Twilio for primary delivery, ClickSend for fallback delivery) solely for the purpose of delivering text messages. Your phone number will not be shared with third parties for marketing purposes.

Eventini is a Wisconsin-based business. We do not currently meet the CCPA/CPRA applicability thresholds (we do not have $25M+ in annual revenue, do not buy or share the personal information of 100,000+ California consumers / households, and do not derive 50%+ of revenue from selling personal information). Even so, as a courtesy to California residents who may use the Platform, we honor the following rights:

• Right to Know: You can request a description of the personal data we collect, use, and disclose
• Right to Delete: You can request deletion of your personal data, subject to the legal-retention exceptions in "Records Retention" below
• Right to Correct: You can request correction of inaccurate personal information
• Right to Opt-Out of "Sale" / "Sharing": Eventini does not sell personal information or share it for cross-context behavioral advertising
• Non-Discrimination: We will not discriminate against you for exercising any privacy right

To exercise these rights, contact us at support@eventini.io.

Eventini is not currently targeted at users in the European Economic Area (EEA), United Kingdom, or Switzerland, and we do not actively market our services in those regions. If you happen to be in the EEA / UK / CH and use the Platform, the General Data Protection Regulation (GDPR) and equivalent UK / Swiss laws may apply. In that case the legal bases on which we process your data are: performance of a contract with you, your consent (e.g., marketing emails / SMS), our legitimate interests in operating a safe and reliable marketplace, and compliance with our legal obligations.

• Access & Portability: You can request a copy of your data in a portable format
• Rectification: You can request correction of inaccurate data
• Erasure: You can request deletion (subject to retention exceptions)
• Restriction & Objection: You can object to or restrict certain processing activities
• Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing that produces legal effects

Eventini is a general-audience marketplace for adult-organized events and adult-operated businesses. Eventini is not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act of 1998 (15 U.S.C. § 6501 et seq., "COPPA").

• Account creation requires you to attest that you are at least 18 years of age
• Our signup flow collects a date of birth and applies a hard cutoff at 13: any account whose stated date of birth indicates the user is under 13 is refused at signup, signed out, and the partial profile is purged
• If we later learn that a user is under 13, we will close the account and delete the associated personal information promptly
• If you are a parent or guardian and believe a child under 13 has provided personal information to Eventini, please contact support@eventini.io and we will delete the account and any personal information we hold for that child within 30 days

To meet legal, tax, accounting, and dispute-defense requirements, Eventini retains the following categories of records for at least the periods shown:

• Payment records (orders, charges, refunds, transfers): 7 years (federal tax recordkeeping)
• ACH authorizations and bank-link audit trails: 7 years (NACHA Operating Rules)
• 1099 source data and provider W-9s: 7 years (IRS)
• Customer support tickets and dispute correspondence: 3 years (chargeback / dispute defense)
• General account, profile, and order history: for the life of the account plus a reasonable post-closure period (typically 90 days) before deletion or anonymization

Retention periods may be longer where required by a legal hold, ongoing investigation, or applicable law.

In the unlikely event of a security incident affecting your personal information, we will notify affected users without undue delay and consistent with applicable state breach-notification laws (including Wis. Stat. § 134.98). Notification will include the categories of information affected, the steps we are taking in response, and the steps you can take to protect yourself.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes — including changes to ACH / bank-data handling, sub-processors, or retention — we will provide additional notice, such as email notification or a prominent in-app banner.

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: support@eventini.io
• Payment / ACH Inquiries: payouts@eventini.io
• Address: Eventini LLC, Milwaukee, Wisconsin