Privacy Policy
Last updated: March 30, 2026
ChetsApp UG ("EventMann", "we", "us") operates the eventmann.com platform. We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable German data protection law.
1 Information We Collect
We collect different types of information depending on how you interact with our platform:
Information You Provide
- Account data: name, email address, password (hashed), and role selection when you register
- Profile data: bio, profile photo, phone number, company name, and address (if provided)
- Event data: event details, descriptions, images, ticket types, venue information, and custom checkout questions (for organizers)
- Booking data: ticket selections, attendee names, answers to checkout questions, and booking references
- Support data: messages, attachments, and contact information when you reach out to our support team
Information Collected Automatically
- Usage data: pages visited, features used, clicks, search queries, and interaction patterns
- Device data: browser type, operating system, screen resolution, and IP address
- Approximate location: derived from IP address for event recommendations and language preferences
- Cookie data: session identifiers, preferences, and analytics cookies (see Section 10)
Information from Third Parties
- Social login: when you sign in with Google, Facebook, or LinkedIn, we receive your name, email, and profile picture from the provider. We do not access your contacts, posts, or other social data.
- Payment provider: Stripe shares transaction status (success/failure) and partial card details (last 4 digits, brand) with us. We never receive or store your full card number, CVV, or banking credentials.
2 How We Use Your Information
Provide and operate the platform: event creation, ticket sales, booking management, and attendee check-in
Process bookings: send confirmation emails, generate QR tickets, and deliver booking-related notifications
Process payments: facilitate transactions between attendees and organizers via Stripe Connect
Communicate with you: respond to support requests, send event reminders, and platform announcements (you can opt out of marketing emails at any time)
Ensure security: detect fraud, prevent abuse, enforce our terms, and protect our users
Improve our services: analyze usage patterns, conduct A/B tests, and optimize the user experience
Comply with legal obligations: tax reporting, law enforcement requests, and regulatory requirements
3 Payment Data & Stripe Connect
All payment processing is handled by Stripe, Inc. through Stripe Connect. When you purchase tickets, your payment details (card number, expiry, CVV) are entered directly into Stripe's secure payment form — this data never touches our servers. We only receive confirmation of the transaction, the last 4 digits of your card, and the card brand for your booking records. Organizers receive payouts directly from Stripe to their connected bank accounts. For Stripe's privacy practices, visit stripe.com/privacy.
4 Social Login (Google, Facebook, LinkedIn)
You can create an account or sign in using Google, Facebook, or LinkedIn. When you do, we receive your name, email address, and profile picture from the provider via OAuth 2.0. We use this data solely to create or authenticate your EventMann account. We do not post on your behalf, access your contacts, or read your social media activity. You can disconnect social login at any time from your profile settings and continue using email/password instead.
5 Information Sharing & Third Parties
We share your personal data only when necessary for the platform to function:
- Event organizers: when you book tickets, the organizer receives your name, email, and answers to checkout questions so they can manage their event and communicate with attendees
- Stripe (payment processor): processes all payments securely. Stripe is PCI-DSS Level 1 certified — the highest level of payment security.
- Infrastructure providers: our servers are hosted in the European Union. We use industry-standard cloud infrastructure with data processing agreements in place.
- Analytics services: we use anonymized analytics to understand how our platform is used. No personally identifiable information is shared with analytics providers.
- Legal requirements: we may disclose data when required by law, court order, or to protect the rights, property, or safety of EventMann, our users, or the public.
We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.
6 Data Storage & Hosting
Your data is stored on servers located in the European Union (Germany). We use PostgreSQL databases with encrypted connections and Redis for session management. File uploads (event images, receipts) are stored in private object storage with access controls. All data transfers between your browser and our servers are encrypted via TLS 1.3. Backups are encrypted and retained for disaster recovery purposes.
7 Data Security
We implement comprehensive security measures including: encryption in transit (TLS 1.3) and at rest for sensitive data; secure password hashing (bcrypt); role-based access control with granular permissions; rate limiting and brute-force protection on authentication endpoints; IP-based access restrictions for administrative functions; regular security audits and dependency updates; automated monitoring and alerting for suspicious activity. While we strive to protect your data, no system is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication on your account.
8 Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy. Account data is retained while your account is active. Booking records are retained for 7 years for tax and legal compliance (as required by German commercial law, §257 HGB). If you delete your account, we remove your personal data within 30 days, except where retention is required by law. Anonymized analytics data may be retained indefinitely as it cannot be linked back to you.
9 Your Rights Under GDPR
As a data subject in the European Economic Area, you have the following rights:
To exercise any of these rights, please contact us. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
10 Cookies & Tracking
We use essential cookies for session management, authentication, and CSRF protection — these are necessary for the platform to function. We also use preference cookies to remember your language and theme settings. Analytics cookies help us understand how our platform is used (anonymized, no personal data). We do not use advertising or tracking cookies. You can manage your cookie preferences at any time via the Cookie Settings link in our footer. For full details, see our Cookie Policy.
11 Children's Privacy
EventMann is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that we have collected data from a child under 16 without parental consent, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or by posting a prominent notice on our platform. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of EventMann after changes constitutes acceptance of the updated policy.
13 Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us.
ChetsApp UG
Pecserstr 55, 70736 Fellbach, Germany