Events in Minutes Privacy Policy

This Privacy Policy applies to personal information collected through the Platform, our marketing communications, customer support interactions, and any other interactions with Events in Minutes. It does not apply to the practices of third parties (including Vendors and their employees) that we do not own or control, or to third-party websites, applications, or services linked to or from the Platform. We encourage you to review the privacy policies of any third party before providing your personal information.

Events in Minutes acts as a “data controller” (or equivalent concept under applicable law) for the personal information we collect and process in connection with operating the Platform, managing accounts, processing payments, providing customer support, and conducting our own analytics and marketing. When Vendors collect personal information from Event Hosts or Guests in the course of providing Vendor Services, those Vendors may be independent data controllers with respect to such information, and their own privacy policies apply to that data.

(a) Account and Profile Information

• Name, email address, phone number, mailing address.
• Username and password (passwords are stored in hashed form and never in plaintext).
• Business name, business type, business address, and service area (Vendors).
• Profile photo, biography, service descriptions, portfolio images and videos (Vendors).
• Professional licenses, certifications, permits, and insurance information (Vendors).

(b) Booking and Event Information

• Event details provided by Event Hosts: event type, date, time, location, estimated number of guests, budget range, dietary requirements, special requests, and other event specifications.
• Booking history, reservation details, booking confirmations, and booking modifications.
• Communications between Members sent through the Platform’s messaging system.
• Reviews, ratings, feedback, and dispute information.

(c) Payment and Financial Information

• Payment method details (credit/debit card number, expiration date, CVV, billing address). Note: Full payment card data is processed and stored by our PCI-DSS-compliant third-party payment processors (e.g., Stripe). Events in Minutes does not store full credit card numbers on its servers.
• Payout information for Vendors: bank account details (routing number, account number), PayPal address, and tax identification numbers (SSN/EIN for W-9 or foreign TIN for W-8BEN).
• Transaction history, invoices, receipts, payout records, and chargeback/dispute records.

(d) Identity Verification Information

• Government-issued identification documents (e.g., driver’s license, passport) when required for Vendor verification or fraud prevention.
• Tax identification numbers (as required for IRS Form 1099 reporting).
• Business registration documents, insurance certificates, and license documentation.

(e) Communications and Support

• Messages, emails, phone calls, and chat transcripts you send to our customer support team.
• Survey responses, feedback, and feature requests.
• Contest or promotion entries.

(a) Device and Usage Information

• IP address, device type, device model, operating system and version, browser type and version, unique device identifiers (e.g., advertising IDs, IDFA, GAID), and mobile network information.
• Pages and screens visited, features used, actions taken (clicks, taps, scrolls), search queries entered, links clicked, referring and exit URLs, time spent on pages, and date/time stamps.
• App version, SDK version, crash logs, performance data, and diagnostic information.

(b) Location Information

• Approximate location derived from your IP address (country, state/region, city, postal code).
• Precise geolocation (GPS coordinates) if you grant permission through your device or browser settings, used for location-based features such as finding nearby Vendors. You may disable precise location access through your device settings at any time.

(c) Cookies and Similar Technologies

• Cookies (first-party and third-party), pixel tags, web beacons, local storage objects (HTML5), and similar tracking technologies. See Section 9 for detailed information.

• Identity verification and fraud detection services (verification results, risk scores, watchlist screening results).
• Payment processors (transaction confirmation, payment status, chargeback notifications, fraud signals).
• Third-party authentication providers (if you sign in using Google, Apple, Facebook, or similar services, we receive your name, email address, and profile photo as authorized by you and the provider).
• Publicly available sources (business registry databases, public review platforms, social media profiles where publicly accessible).
• Marketing and advertising partners (campaign performance data, conversion tracking, audience segments).
• Analytics providers (aggregated usage patterns, demographic insights).

When you interact with our AI Event Planner (“Emma”) or other AI-powered features, we process:

• Your conversational inputs, queries, event preferences, and instructions provided to the AI.
• AI-generated outputs, including vendor recommendations, pricing estimates, and event plans.
• Interaction metadata (session duration, query count, selected recommendations).

AI-processed data is used to generate recommendations, improve the AI’s accuracy and usefulness, and enhance the Platform. We may use aggregated and de-identified AI interaction data to train and improve our AI models. We do not use your individual, identifiable conversational data to train general-purpose AI models without your consent.

• Create, maintain, and secure your account.
• Facilitate Bookings, communications, and transactions between Event Hosts and Vendors.
• Provide AI-powered event planning assistance, vendor matching, and recommendations.
• Process payments, payouts, refunds, and chargebacks.
• Display Vendor listings, reviews, ratings, and profile information to Event Hosts and the public.
• Provide customer support and respond to inquiries.

• Verify Member identities, Vendor credentials, insurance, and licensing.
• Detect, prevent, and investigate fraud, unauthorized access, money laundering, and other illegal activities.
• Enforce our Terms of Service, Community Guidelines, and other policies.
• Monitor for and respond to security incidents and vulnerabilities.
• Conduct risk assessments and trust scores.

• Analyze usage patterns, trends, preferences, and feature adoption.
• Conduct internal research, product development, and testing.
• Develop, train, and improve our AI models and recommendation algorithms (using aggregated and/or de-identified data where possible).
• Debug, repair, and optimize Platform performance.

• Send transactional communications: booking confirmations, payment receipts, payout notifications, booking reminders, review requests, and account alerts.
• Send operational communications: service updates, policy changes, security notices, and system maintenance notifications.
• Send promotional communications: newsletters, special offers, product announcements, and event planning tips (where you have opted in or where permitted by applicable law). You may opt out at any time (see Section 8).
• Send SMS/text messages as described in Section 10.

• Comply with applicable laws, regulations, legal processes, and governmental requests.
• Respond to subpoenas, court orders, and law enforcement requests.
• Fulfill tax reporting and withholding obligations (e.g., issuing IRS Form 1099-K or 1099-NEC to Vendors as required by applicable law).
• Establish, exercise, or defend legal claims.
• Maintain records as required by applicable data retention laws.

When a Booking is confirmed, we share relevant information between Event Hosts and Vendors as necessary to facilitate the Booking and Event:

• Event Hosts receive: Vendor contact information, business name, service details, confirmation, and relevant service area information.
• Vendors receive: Event Host name, contact information, Event details, location, and any special requirements submitted with the Booking.

Reviews and ratings are displayed publicly on Vendor profiles.

We share personal information with third-party service providers who process information on our behalf under contractual obligations of confidentiality and data protection, including:

• Payment processors (e.g., Stripe) for payment and payout processing.
• Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud) for data storage and computing.
• Analytics providers (e.g., Google Analytics, Mixpanel) for usage analysis and product improvement.
• Email and SMS delivery providers for transactional and marketing communications.
• Customer support platforms for ticket management and live chat.
• Identity verification and fraud detection providers.
• Marketing and advertising platforms for campaign management and performance measurement.

We may share personal information with our attorneys, accountants, auditors, and insurers as necessary to receive professional advice or protect our legal interests.

We may disclose personal information if we believe in good faith that disclosure is reasonably necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) respond to a lawful subpoena, court order, or law enforcement request; (c) protect the rights, property, or safety of Events in Minutes, our Members, Guests, or the public; (d) detect, prevent, or address fraud, security, or technical issues; (e) enforce our Terms of Service; or (f) protect against imminent harm to the rights, property, or safety of any person.

If Events in Minutes is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be disclosed, transferred, or acquired as part of that transaction. We will notify you by email and/or by posting a prominent notice on the Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

We may share your personal information with other parties when you direct us to or provide your express consent.

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for analytics, research, industry benchmarking, reporting, and other lawful business purposes. Such data is not considered personal information under applicable privacy laws.

You can access, update, or correct your account information at any time by logging into your account settings on the Platform. You may request account deletion by contacting us at support@eventsinminutes.com.

You may opt out of promotional emails by clicking the “unsubscribe” link included in every promotional email, or by contacting us at support@eventsinminutes.com. Even after opting out of promotional emails, we will continue to send transactional and service-related communications (e.g., booking confirmations, payment receipts, security alerts).

You can control precise location access through your device or browser settings. Disabling location access may limit certain Platform features (such as finding nearby Vendors), but will not prevent you from using the Platform.

You can manage cookie preferences through our cookie banner (displayed to EU/UK visitors and other visitors where required), through your browser settings, or through industry opt-out tools such as the Digital Advertising Alliance’s opt-out page (www.aboutads.info/choices) or the Network Advertising Initiative (www.networkadvertising.org/choices). See Section 9 for detailed information.

Some browsers transmit “Do Not Track” (DNT) signals. There is currently no uniform standard for responding to DNT signals, and we do not currently respond to DNT browser signals. However, we honor the Global Privacy Control (GPC) signal as a valid opt-out of “sale” and “sharing” of personal information under California law (CCPA/CPRA) where applicable.

• Right to Know / Access: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your personal information.
• Right to Delete: You have the right to request deletion of personal information we have collected, subject to certain legal exceptions (e.g., completing a transaction, detecting fraud, complying with legal obligations, internal uses consistent with your expectations).
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: You have the right to opt out of the “sale” or “sharing” of personal information (as defined under the CCPA). We do not sell personal information for monetary consideration. To the extent certain disclosures to advertising partners constitute “sharing” under the CCPA, you may opt out via the “Do Not Sell or Share My Personal Information” link on our website, by enabling the Global Privacy Control (GPC) signal, or by contacting us.
• Right to Limit Sensitive PI: To the extent we process “sensitive personal information” as defined by the CCPA, you may limit use to purposes necessary to provide the services. You may exercise this right via the “Limit the Use of My Sensitive Personal Information” link on our website or by contacting us.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Submit a verifiable consumer request by: (a) emailing support@eventsinminutes.com with the subject line “California Privacy Request”; or (b) calling +1 (628) 587-3235. We will verify your identity before processing your request by matching information you provide with information we have on file. You may designate an authorized agent to submit a request on your behalf by providing written authorization.

We will respond to verifiable requests within forty-five (45) days of receipt. If we need additional time, we will notify you of the extension (up to an additional forty-five days) and the reason.

The following table provides the required CCPA Notice at Collection:

Under California Civil Code Section 1798.83, California residents may request information about disclosures of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes. If you have questions, contact us at support@eventsinminutes.com.

• Strictly Necessary Cookies: Required for the Platform to function (authentication, security tokens, session management, load balancing, CSRF protection). Cannot be disabled without breaking core functionality.
• Functional/Preference Cookies: Remember your settings, language preferences, and recently viewed listings to improve your experience.
• Analytics/Performance Cookies: Help us understand how visitors interact with the Platform by collecting usage statistics (pages visited, time on page, error encounters). We use providers such as Google Analytics and Mixpanel.
• Marketing/Advertising Cookies: Used to deliver relevant advertisements, measure campaign effectiveness, and build audience profiles. May be placed by third-party advertising partners (e.g., Google Ads, Meta Pixel).

For visitors located in the European Union, European Economic Area, United Kingdom, and other jurisdictions where prior consent is required for non-essential cookies, we display a cookie consent banner upon your first visit. Non-essential cookies are not placed until you provide affirmative consent. You may withdraw or modify your consent at any time through the cookie preferences link in the website footer. Consent preferences are stored for twelve (12) months.

In addition to our cookie consent tool, you may manage cookies through your browser settings (blocking or deleting cookies), through industry opt-out tools (DAA, NAI), or through mobile device advertising settings (Limit Ad Tracking on iOS; Opt Out of Ads Personalization on Android). Please note that disabling certain cookies may affect Platform functionality.

We use Google Analytics with IP anonymization enabled. Google’s use of data is governed by Google’s privacy policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

If you provide your mobile phone number and affirmatively opt in to receiving SMS/text messages (through a separate, clearly labeled checkbox or opt-in mechanism on our registration, booking, or account settings page), you consent to receive SMS/text messages from Events in Minutes, including:

• Booking confirmations, reminders, and updates.
• Payment and payout notifications.
• Account security alerts.
• Promotional messages and special offers (only if you separately opt in to marketing SMS).

• Message and data rates may apply. Check with your mobile carrier for details.
• Message frequency varies based on your activity, preferences, and account settings.
• Reply STOP to any message to opt out of SMS communications (you will receive a single confirmation message).
• Reply HELP for assistance, or contact support@eventsinminutes.com.
• SMS consent is not a condition of purchasing any goods or services, creating an account, or using the Platform.
• Consent to receive marketing SMS is separate from transactional SMS consent and from your agreement to these Terms or the Terms of Service.
• We will not share your phone number or SMS opt-in data with third parties for their marketing purposes.

SMS services are available on all major U.S. mobile carriers. Events in Minutes and its messaging service providers are not liable for delayed or undelivered messages due to carrier network issues.

• Contract Performance (GDPR Art. 6(1)(b)): Processing necessary to perform our contract with you (e.g., providing the Platform, processing Bookings and payments, managing your account).
• Legitimate Interests (GDPR Art. 6(1)(f)): Processing necessary for our legitimate interests, balanced against your rights (e.g., fraud prevention, security, product improvement, analytics, direct marketing to existing customers using a soft opt-in).
• Consent (GDPR Art. 6(1)(a)): Where we rely on your consent (e.g., certain cookies and tracking technologies, marketing communications to non-customers, optional data collection). You may withdraw consent at any time, and withdrawal will not affect the lawfulness of processing before withdrawal.
• Legal Obligation (GDPR Art. 6(1)(c)): Processing necessary to comply with applicable legal requirements (e.g., tax reporting, fraud prevention, responding to lawful government requests).

We do not intentionally collect “special categories of personal data” as defined under GDPR (e.g., health data, racial/ethnic origin, political opinions, religious beliefs, biometric data for identification). If such data is inadvertently provided (e.g., dietary requirements that imply health or religious information), we process it only to the extent strictly necessary to fulfill the Booking.

• Right of Access (Art. 15): Request a copy of your personal data.
• Right to Rectification (Art. 16): Request correction of inaccurate data.
• Right to Erasure (Art. 17): Request deletion in certain circumstances (“right to be forgotten”).
• Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format where processing is based on consent or contract.
• Right to Object (Art. 21): Object to processing based on legitimate interests or to direct marketing (unconditional right).
• Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based.
• Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority.

To exercise these rights, contact us at support@eventsinminutes.com. We will respond within one (1) month, extendable by up to two (2) additional months for complex requests with prior notice to you.

Your personal data may be transferred to and processed in the United States and other countries outside the EEA/UK/Switzerland that may not provide the same level of data protection. When we transfer personal data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) adopted by the European Commission (Commission Implementing Decision (EU) 2021/914).
• UK International Data Transfer Agreement (IDTA) and/or UK Addendum to the EU SCCs, as recognized by the UK Information Commissioner’s Office (ICO).
• Transfer Risk Assessments (TRAs) conducted in accordance with ICO guidance.
• Additional technical and organizational measures where necessary (encryption, pseudonymization, access controls).

You may request a copy of the applicable transfer safeguards by contacting us at support@eventsinminutes.com.

If required by applicable law, we will appoint a Data Protection Officer (DPO) and EU/UK representative. Their contact details will be published at www.eventsinminutes.com/privacy. In the interim, all data protection inquiries may be directed to support@eventsinminutes.com.