Data Retention & Your Rights

Last updated: June 22, 2026 · This page is a plain-English summary of how we handle your data. The formal policy lives in our Privacy Policy.

1. The short version

We collect the minimum data needed to sell you tickets and operate the platform. We keep financial records for as long as tax and audit law requires (typically 7 years). We keep your profile only while your account is active — when you delete your account, your profile is wiped after a 30-day grace period, and any financial records that have to survive (orders, refunds, audit log) are pseudonymized rather than left attached to your name.

If you're in the EU you have rights under the GDPR. If you're in California you have rights under the CCPA. We honor both regardless of where you live — the table at the bottom of this page tells you how to exercise each one.

2. What we collect

Account: email, name, phone (optional for guest checkout), password hash (never the plaintext password).
Order & payment: order details, billing address (handled directly by Stripe — we receive only the last 4 digits of the card and a Stripe customer ID), refunds, ticket transfers.
Profile (organizers + performers only): display name, bio, avatar, cover image, social links — these are public-facing by design.
Activity: events you've viewed, hearted, or bought tickets to. We use this only to power "saved events" and recommendation features you see. We never sell it.
Operational: IP address + user-agent on order placement (anti-fraud), message bodies you send through the platform's contact forms, support tickets you file.

3. How long we keep it

Different data has different retention windows. Many windows are set by tax or regulatory law, not by our preference.

Data	Retained for	Why
Active profile (name, email, phone, address)	Until account deleted + 30-day grace period	Operational — needed to log in, get tickets, contact organizers
Orders, refunds, payouts	7 years from order date	Tax + financial-audit law (most jurisdictions)
Tickets & transfers	3 years past event end	Dispute window + chargeback recovery
Refund requests & audit log	7 years	Regulator + chargeback documentation
Messages between you and organizers	2 years	Support history; rolling window then auto-purge
Saved events, follows, watch history	Until you delete your account	Personalization — fully purged on deletion
Server logs (IP, request, error)	90 days	Security incident investigation
Marketing email opt-in (if any)	Until you opt out	You're always one click from unsubscribing

When a retention window expires, we either hard-delete the row (for non-financial data like message bodies, saved events, logs) or pseudonymize it (for financial data we have to retain). For user-initiated account deletions, pseudonymization replaces your name with Deleted User and your email with a unique internal stub (deleted-{id}@deleted.local), wipes phone, address, date of birth, avatar, bio, and all social links, and clears your authentication credentials so no one can log in as you again. The account row is kept (not deleted) because financial records reference it; those records survive in structurally-intact but identity-scrubbed form for audit purposes.

4. Your data rights

You have these rights regardless of where you live (we apply EU GDPR + California CCPA standards globally):

Right to access — download a copy of your data

You can pull your full profile, orders, tickets, transfers, refund requests, message metadata (subjects, dates, recipients — not body text), support ticket metadata, and the slice of the admin audit log that's about you — all as a single JSON file.

How: Settings → Privacy → Download my data, or call GET /api/me/data-export. Returns a file named eventbricks-data-export-<id>-<date>.json. No support ticket required.

Right to rectification — correct wrong data

Update your name, phone, address, and profile details whenever you want. Email address changes are not yet self-service — your email is used as your account's stable identity across orders, tickets, and refund flows; contact support to change it.

How: Profile for personal info (name, phone, city, bio). To change your email or correct order-level contact details, open a support ticket.

Right to erasure — delete your account

You can request your account be deleted at any time. The flow is two-step: you request deletion, we send a confirmation email, and 30 days later the deletion runs. During the grace period you can cancel with a single click — exists so an attacker who steals your session can't permanently nuke your account before you notice.

How: Settings → Account → Delete my account. Blocked while you have open refund requests, pending ticket transfers as the sender, or upcoming events (as an organizer) — those need to resolve first. Pseudonymization runs at the end of the grace period; financial records survive in anonymized form.

Right to object / opt out of marketing

We do not sell your data to third parties. We use it only to run the platform and ship the receipts + ticket emails you bought.

How: Settings → Notifications. Event reminders, ticket transfer notices, and followed-organizer updates are on by default (opt-out — you can turn them off). Price-drop alerts and promotional emails are off by default (opt-in — only sent if you turn them on). Transactional ticket delivery emails cannot be disabled because they are how you receive what you paid for.

Right to portability

Same as the data export above — the JSON file is machine-readable and portable.

Right to know what we share (CCPA)

We share data only with: (a) Stripe (payments) — your name, email, phone, and billing address are passed to Stripe to create the charge; card numbers are entered directly in Stripe's secure iframes and never reach our servers, (b) Stripe Tax — venue address (in-person events) or your billing address (online events) is sent to Stripe for automatic sales tax calculation, (c) Google Workspace SMTP — transactional and (where opted-in) marketing emails, (d) the event organizer — your name, email, and ticket details so they can run check-in and contact you about the show, (e) Cloudflare — CDN/anti-bot layer sees request metadata, not request bodies. That's the full list. We do not sell your data.

5. Children's data

EventBricks is for users 13 and older. We do not knowingly collect data from anyone under 13. If you believe we have, write to privacy@eventbricks.com and we'll delete it immediately.

6. International transfers

Our servers are in Google Cloud's US-CENTRAL1 region. If you're in the EU, your data crosses to the US under Standard Contractual Clauses (the post-Schrems-II baseline). If that's not acceptable to you, please don't create an account.

7. Contact

Privacy questions or to exercise a right that doesn't have a self-serve flow above: privacy@eventbricks.com. We respond within 5 business days; for formal GDPR data subject access requests, within 30 days of receipt as required by Art. 12(3).