Privacy Policy

1. Data we collect

We collect personal data only as needed to deliver our services:

• Contact & identity: name, email, phone, company.
• Engagement details: the brief, venue address, dates, attendees, and special requirements you share with us.
• Payment: cardholder name, last-four digits, expiry, card brand, billing country, and a token from our payments provider. We do not store full card numbers.
• Account data (where applicable): login credentials, account preferences, communication history.
• Technical & usage: IP address, device type, browser, pages viewed, timestamps, and similar metadata captured by standard logs and analytics.
• Communications: emails, messages, and call notes related to an engagement.

2. How we use it

• To deliver the engagement and communicate about it.
• To process payments and prevent fraud.
• To meet legal, accounting, and regulatory obligations.
• To improve our services, including analytics on aggregate usage.
• With your consent, to send occasional updates about Palooza.

3. Legal bases

We rely on the following legal bases, depending on the activity and your jurisdiction: performance of a contract with you, our legitimate interests in running and improving our business, compliance with legal obligations, and your consent (where required, for example for marketing emails).

4. Sharing

We share personal data only with:

• Talent engaged for your event, limited to what they need to deliver it.
• Vendors and venues you authorise us to coordinate with.
• Service providers acting on our behalf — payments, email, hosting, analytics, customer support — under written confidentiality obligations.
• Authorities, when legally required, or where we believe in good faith that disclosure is necessary to protect rights, property, or safety.
• An acquirer or successor entity in the event of a merger, acquisition, or restructuring.

We do not sell personal data.

5. International transfers

Because we work with clients globally and use international service providers, your personal data may be stored or processed outside the country where you reside. Where required, we put appropriate safeguards in place (such as standard contractual clauses) to protect transferred data.

6. Retention

We retain personal data only as long as necessary for the purposes described above and to comply with legal, accounting, and reporting obligations. Engagement records and financial records are typically retained for seven (7) years. Marketing data is retained until you opt out. You can request earlier deletion as described below.

7. Security

We use industry-standard administrative, technical, and physical safeguards — including encryption in transit (TLS) and at rest, access controls, and audit logging — to protect personal data. No system is perfectly secure, and we cannot guarantee absolute security.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, or restrict the processing of your personal data, to object to certain processing, and, where applicable, to data portability. You can exercise these rights by writing to privacy@palooza.me. We will respond within the timeframe required by applicable law.

If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

9. Cookies and analytics

Our website uses essential cookies to operate and may use analytics cookies to understand usage. You can disable cookies in your browser; some site features may not function without them.

10. Children

Our services are intended for adults. We do not knowingly collect personal data from children under 18.

11. Changes

We may update this Policy from time to time. The current version is always available at this URL with the date at the top.

12. Contact

For privacy questions or to exercise your rights, write to privacy@palooza.me.