Privacy Policy

Last updated: 16 July 2026

This Privacy Policy explains how Mastermind Event ("we", "us", "our") collects, uses, and protects personal data when you use our event hub, book tickets, or interact with our communications. We comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

1. Data controller

Mastermind Event is the data controller for the personal data processed via this platform. For any privacy enquiry, contact us at privacy@mastermindevent.com.

2. What we collect

  • Account data: name, email, password hash, authentication identifiers.
  • Ticket and order data: event, tier, attendee name, attendee email, dietary or accessibility notes you supply.
  • Payment data: handled by Stripe; we store transaction IDs and amounts, not card numbers.
  • Communications: emails you receive (transactional and event updates) and your unsubscribe state.
  • Technical data: IP address, browser, device, and basic usage logs for security and abuse prevention.

3. Why we use it (lawful basis)

  • Contract: to sell and deliver tickets, send confirmations and entry passes, and provide your account.
  • Legal obligation: tax, accounting and invoice retention.
  • Legitimate interests: securing the platform, preventing fraud, improving the service.
  • Consent: optional marketing emails and non-essential cookies. You can withdraw consent at any time.

4. Sharing

We share data only with processors needed to run the service:

  • Stripe (payments)
  • Supabase / Lovable Cloud (hosting and database, EU region where possible)
  • Email delivery providers (transactional email)
  • Google Analytics 4 (site analytics, only with your consent)
  • Meta Platforms Ireland Ltd. (Facebook / Instagram) — advertising measurement via the Meta Conversions API, only with your consent. On purchase we send Meta the order value and currency together with a hashed (SHA-256) copy of your email, first name, last name and country, plus the _fbp / _fbc cookies where set. See our cookies policy for details.

We never sell your personal data.

5. International transfers

Where data is transferred outside the UK/EEA, we rely on Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

6. Retention

Account and ticket records are kept while your account is active and for up to 7 years after to comply with tax and accounting law. Marketing preferences are kept until you change them.

7. Your rights

Under GDPR you have the right to:

  • Access a copy of your data
  • Rectify inaccurate data
  • Erase your data (where no legal obligation requires us to keep it)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority

To exercise any of these rights email privacy@mastermindevent.com.

8. Security

We use encryption in transit, hashed passwords, row-level security on our database, and limit access to personal data on a need-to-know basis.

9. Changes

We may update this policy. Material changes will be notified by email or via a prominent notice on the platform.