Legal
Privacy Policy
Last updated: May 11, 2026
Enventro ("we," "us," or "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data. By using Enventro at enventro.com, you agree to this policy.
1. Information We Collect
Information you provide directly
- Account information: Name, email address, and password when you create an account.
- Event information: Event details, descriptions, images, and ticket configurations that organizers submit.
- Registration information: Name, email address, and any custom questions answered when purchasing tickets or registering for an event.
- Payment information: Billing details processed securely by Stripe. We never store full card numbers on our servers.
- Communications: Messages you send us via the contact form or email, and messages sent through the platform's vendor messaging features.
Information collected automatically
- Usage data: Pages visited, features used, time spent on the platform, and actions taken.
- Device and browser data: IP address, browser type, operating system, and device identifiers.
- Location data: Approximate location inferred from your IP address to power geo-discovery features. We do not collect precise GPS location without your explicit permission.
- Cookies: Session cookies to keep you logged in and preference cookies to remember your settings. See Section 9 for details.
Information from third parties
- Stripe: Payment processor status, payout information, and connected account details for organizers who use Stripe Connect.
- Google: If you sign in with Google, we receive your name, email address, and profile picture from Google's OAuth service.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account and events
- Process ticket purchases and send confirmation emails with tickets
- Enable organizers to manage guest lists and check-in attendees
- Power the geo-discovery map so attendees can find events near them
- Send transactional emails (ticket confirmations, payout notices, account alerts)
- Send optional product updates and newsletters — only if you opt in
- Detect and prevent fraud, abuse, and unauthorized access
- Improve the platform through aggregate analytics
- Comply with legal obligations
We do not sell your personal information to third parties. Ever.
3. Legal Basis for Processing (EU/UK Users)
If you are located in the European Union, the United Kingdom, or another jurisdiction with similar data protection laws, our legal basis for processing your personal data is one or more of the following, depending on the context:
- Contract (GDPR Art. 6(1)(b)): Processing is necessary to perform our agreement with you — for example, to create your account, process your ticket purchase, or send your confirmation email.
- Legitimate interests (GDPR Art. 6(1)(f)): Processing is necessary for our legitimate business interests, such as preventing fraud, securing the platform, and improving our services. We balance these interests against your rights.
- Legal obligation (GDPR Art. 6(1)(c)): Processing is necessary to comply with laws applicable to us, such as tax reporting (where applicable) or responding to lawful government requests.
- Consent (GDPR Art. 6(1)(a)): Where we rely on consent — for example, for marketing communications or non-essential cookies — you have the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
If you have questions about the legal basis for any specific processing activity, contact us at privacy@enventro.com.
4. How We Share Your Information
With event organizers
When you purchase a ticket or register for an event, the organizer receives your name, email address, and any answers to custom registration questions. Organizers are independent data controllers responsible for handling this information in accordance with applicable law.
With attendees
Organizers may choose to display attendee lists publicly on an event page. If you do not want your name visible, check the event's privacy settings before registering or contact the organizer directly.
With service providers
We share data with trusted vendors who help us operate the platform. See Section 5 for the full list, regions, and safeguards.
For legal reasons
We may disclose information if required by law, court order, or to protect the safety and rights of Enventro, its users, or the public.
5. Data Transfers and International Hosting
Enventro is operated from Canada. Personal data is processed by the following sub-processors:
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, file storage | Canada (ca-central-1) |
| Stripe, Inc. | Payment processing and payouts | United States |
| Resend | Transactional email delivery | United States |
| Vercel | Application hosting and edge delivery | United States + global edge |
| Cloudflare | Bot protection (Turnstile) | Global edge |
| OAuth sign-in (optional) | United States |
When personal data is transferred from the European Union or United Kingdom to a country that has not received an adequacy decision from the European Commission or the UK Information Commissioner's Office, we rely on the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), as applicable, to provide an appropriate level of protection. Canada has an adequacy decision under EU GDPR, meaning transfers to our primary database in Canada are recognized as offering adequate protection. Each sub-processor listed above maintains its own data processing agreement with Enventro that includes SCCs or equivalent safeguards.
Each of these sub-processors is contractually bound to use your data only as directed by us and in accordance with this policy.
6. Data Retention
We retain personal data only as long as needed to provide the Service and meet our legal obligations:
- Active account data: retained while your account is active.
- Transaction records: retained for a minimum of seven (7) years after the transaction date for tax and accounting compliance.
- Event and ticket records: retained while the associated organization exists. Soft-deleted events are retained for 24 months before permanent deletion.
- Email logs: retained for 30 days.
- Server logs: retained for 90 days.
- Support correspondence: retained for 2 years after resolution.
When you delete your account, we will delete or anonymize personal data within 30 days, except for records we are legally required to retain (such as transaction records for tax purposes), which are retained for the periods listed above and then deleted.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Delete your account and associated data ("right to be forgotten")
- Restrict processing of your personal data in certain circumstances
- Object to processing based on our legitimate interests
- Portability: receive your personal data in a structured, machine-readable format
- Withdraw consent at any time where processing is based on consent
- Opt out of marketing communications at any time
- Lodge a complaint with your local data protection authority (for EU/UK users)
To exercise any of these rights, email us at privacy@enventro.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.
8. Security
We use industry-standard security practices including TLS encryption in transit, encrypted storage at rest, and access controls. Payments are handled entirely by Stripe — we never see or store full card details.
No system is perfectly secure. If you suspect unauthorized access to your account, please contact us immediately at security@enventro.com.
9. Cookies
We use the following types of cookies:
- Essential cookies: Required for authentication and core functionality. Cannot be disabled.
- Preference cookies: Remember your settings and preferences.
- Analytics cookies: Help us understand how the platform is used. These are anonymized and aggregated.
- Security cookies: Set by Cloudflare Turnstile to protect login and signup forms from bots.
You can disable non-essential cookies in your browser settings. This may affect some features of the platform.
10. Children's Privacy
Enventro is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If your jurisdiction requires a higher age of digital consent for processing personal data (for example, 16 in some EU member states), that age applies. If you believe we have inadvertently collected information from a child below the applicable age, please contact us and we will delete the information promptly.
11. Google OAuth Disclosure
Enventro offers sign-in via Google OAuth. When you choose to sign in with Google, we receive your name, email address, and Google profile picture. We use this information solely to create and manage your Enventro account.
Enventro's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
12. Changes to This Policy
We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top and, for material changes, notify you via email or an in-app notice at least 14 days before changes take effect. Your continued use of Enventro after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
Questions, concerns, or requests? We're happy to help:
- Privacy: privacy@enventro.com
- Security: security@enventro.com
- General: Contact form
© 2026 Enventro. All rights reserved.