Privacy Policy

Evntous 
Effective date: [Insert Effective Date] 
Version: 0.1 

This document is a business-ready draft tailored to the Evntous marketplace flow and should be reviewed by local counsel before publication. 

1. Overview 

This Privacy Policy explains how Evntous collects, uses, stores, shares, and protects personal data when customers, vendors, collaborators, visitors, and support users access the Evntous website, mobile applications, and related services. 

Evntous operates an event marketplace that supports guest browsing, account registration, booking management, vendor onboarding, communications, payments, refunds, notifications, and customer support. Because the service is aimed at users in the Kingdom of Saudi Arabia, this policy is drafted to align with Saudi data protection and e-commerce expectations and should be read together with our Terms and Conditions and Refund Policy. 

2. Scope 

Website visitors and guest users who browse listings or begin planning without signing in. 

Registered customers, vendors, collaborators, invitees, and support users. 

Recipients of marketing, transactional, or service-related communications. 

Information collected through the website, mobile apps, email, chat, phone, WhatsApp, and other approved support channels. 

3. Information We Collect 

Identity and account data, such as name, email address, phone number, login credentials, OTP verification status, language preference, and profile photo. 

Booking and event data, such as event type, event date, venue details, guest count, budget, selected vendors, selected packages, add-ons, notes, payment deadlines, booking status, and cancellation history. 

Vendor and business data, such as business name, service catalog, pricing, availability, banking or payout details, verification documents, tax or regulatory information, and customer feedback. 

Payment and wallet data, such as transaction references, payment method type, invoice references, payout references, credit or refund balances, and installment-related records. Evntous does not intentionally store full payment card numbers unless handled by a compliant payment provider. 

Communications data, such as chat messages, attachments, support tickets, call records, notification preferences, and communications relating to bookings or disputes. 

Technical and usage data, such as IP address, device type, app version, browser information, cookies, push token, crash logs, session logs, and navigation activity. 

Location-related data where needed to improve venue or vendor recommendations or provide location-dependent services, subject to device permissions. 

Records needed for security, fraud prevention, audit logging, dispute handling, legal compliance, and service improvement. 

4. How We Collect Information 

Directly from you when you create an account, submit a booking, communicate with another user, upload content, contact support, or complete verification steps. 

Automatically through the use of cookies, SDKs, analytics tools, server logs, and device permissions. 

From vendors, collaborators, payment service providers, logistics or communications providers, identity verification partners, and other service providers involved in operating the platform. 

From information you choose to share with us through social sign-in providers such as Google or Apple, subject to the permissions you grant. 

5. Why We Use Personal Data 

To create and manage accounts, authenticate users, and secure the platform. 

To operate the event marketplace, match customers with vendors, manage bookings, coordinate confirmations, and allow collaboration features. 

To process payments, payouts, invoices, credits, chargebacks, refunds, and related financial operations. 

To send transactional notices such as OTP codes, booking confirmations, reminders, status updates, payout notices, and refund updates. 

To provide support, respond to complaints, investigate disputes, and enforce marketplace rules. 

To monitor service quality, improve recommendations, develop new features, and understand usage patterns. 

To prevent fraud, abuse, policy violations, unauthorized access, double-booking conflicts, or misuse of the platform. 

To comply with legal, tax, accounting, anti-fraud, consumer-protection, and regulatory obligations. 

6. Legal Basis and Consent 

Where required by applicable law, Evntous will rely on an appropriate lawful basis for processing personal data, such as performance of a contract, compliance with legal obligations, legitimate interests that do not override individual rights, or consent. 

By using the platform, creating an account, submitting data, or accepting this policy where requested, you acknowledge and agree that Evntous may process personal data for the purposes described in this policy. Where consent is relied upon, you may withdraw that consent, subject to legal and contractual limitations. 

7. Cookies, Analytics, and Tracking 

We may use cookies and similar technologies to keep users signed in, remember preferences, measure performance, prevent abuse, and improve user experience. 

Some cookies are necessary for platform functionality, while others support analytics, personalization, or marketing. You may manage cookies through your browser or device settings, although disabling some cookies may affect platform functionality. 

8. When We Share Personal Data 

With vendors, customers, collaborators, and invitees where sharing is necessary to perform a booking, manage an event, or support collaboration features. 

With payment processors, payout providers, banks, and invoicing providers as necessary to process financial transactions and maintain accounting records. 

With cloud hosting, analytics, notification, identity verification, customer support, and communications providers that support platform operations under appropriate contractual controls. 

With regulators, law enforcement authorities, courts, insurers, or professional advisers where required by law or reasonably necessary to protect legal rights, investigate wrongdoing, or respond to valid requests. 

In connection with a merger, acquisition, financing, restructuring, or sale of business assets, subject to appropriate safeguards. 

9. International Transfers 

Evntous may use service providers or infrastructure located inside or outside the Kingdom of Saudi Arabia. When personal data is transferred outside the Kingdom, Evntous will apply safeguards required by applicable Saudi law and regulatory requirements, including the Saudi Personal Data Protection Law where applicable. 

10. Data Retention 

We retain personal data only for as long as necessary for the purposes described in this policy, including to provide services, maintain booking history, support refunds and disputes, comply with financial, tax, and regulatory recordkeeping obligations, and protect legal rights. 

Retention periods may vary depending on account status, transaction history, dispute risk, and legal requirements. We may anonymize or securely delete data when it is no longer required. 

11. Security 

Evntous applies administrative, technical, and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or misuse. 

These measures may include access controls, encryption in transit, secure credential handling, audit logs, environment segregation, least-privilege access, monitoring, and incident response procedures. 

No method of transmission or storage is completely secure, and users remain responsible for safeguarding passwords, OTPs, and device access. 

12. Your Rights 

Subject to applicable law, you may have rights to request access to personal data, request correction or completion, request deletion where lawful, withdraw consent, object to certain processing, or request a copy of your data. 

You may also update some account information directly through platform settings. Requests that affect booking, payment, fraud prevention, or legal compliance may be limited where permitted by law. 

13. Children 

Evntous is not intended for children to use independently where this is prohibited by law. If we learn that personal data has been collected from a child in a manner that requires parental or guardian authorization and such authorization was not obtained, we may take steps to delete or restrict that data. 

14. Marketing Communications 

Evntous may send service announcements and transactional communications that are necessary to operate the platform. 

Where marketing messages are sent, users may opt out through the unsubscribe method provided or through account settings, except for communications that are strictly necessary for account security, bookings, or transactions. 

15. Third-Party Services and Links 

The platform may contain links to third-party services, including payment providers, social sign-in providers, messaging channels, vendor pages, or external websites. Evntous is not responsible for the privacy practices of third parties, and users should review the relevant third-party privacy notices. 

16. Policy Changes 

Evntous may update this Privacy Policy from time to time. Material changes will be published on the platform and, where appropriate, communicated through email, in-app notification, or other reasonable means. Continued use of the services after the effective date of an updated policy constitutes acceptance of the revised version to the extent permitted by law. 

17. Contact Us 

Evntous Privacy Team 

Email: [Insert Privacy Contact Email] 

Support address: [Insert Registered Business Address] 

For privacy requests, please include enough detail for us to verify your identity and process your request securely.