Privacy Policy
Effective date: March 24, 2026
·
Last updated: March 24, 2026
Summary
Eventably is a business tool for equipment rental management. We collect only the data needed to run the app, store it securely via Supabase, never sell it, and respect your rights under the GDPR.
1. Who We Are (Data Controller)
Eventably ("we", "us", "our") is the controller of the personal data you provide through our mobile application and web platform. If you have any questions about this Privacy Policy or your data, please contact us:
- App name: Eventably
- Contact email: privacy@eventably.app
- Support URL: https://eventably.app/support
- Privacy Policy URL: https://eventably.app/privacy
This policy applies to all users of the Eventably iOS and Android mobile applications.
2. What Data We Collect
We collect information in the following categories:
2.1 Account & Profile Data
- Email address (used for authentication and account recovery)
- Full name
- Company name, phone number, business address
- VAT / company registration number (optional, for invoice generation)
- Profile photo (avatar) and company logo (optional, uploaded by you)
2.2 Business Data You Enter
As part of using the app's core features, you may enter data about your business operations. This includes:
- Equipment/Inventory: Item names, descriptions, categories, pricing, images, QR code identifiers, condition notes
- Client records: Your customers' names, email addresses, phone numbers, company names, and addresses. You are responsible for ensuring you have a lawful basis to store your clients' personal data within the app.
- Events/Bookings: Event names, locations, dates, assigned equipment, contact details, payment status
- Financial data: Rental prices, invoice amounts, payment statuses (we do not process payments directly)
2.3 Device Permissions
| Permission | Purpose | Required? |
|---|---|---|
| Camera | Scanning QR codes on equipment for check-out / return tracking | Required for QR scanning |
| Photo Library | Uploading equipment images, profile photo, and company logo | Optional |
| Microphone | Reserved for potential future audio features; not actively used | Optional |
| Push Notifications | Event reminders and booking alerts | Optional |
You can revoke any device permission at any time via your device Settings.
2.4 Usage & Technical Data
- QR scan history (which items were scanned, when, and by which account)
- App crash reports and error logs (collected anonymously via Expo/EAS)
- Device type, operating system version, and app version (for support purposes)
We do not use advertising identifiers, analytics SDKs for behavioral tracking, or third-party marketing platforms.
3. Legal Basis for Processing (GDPR)
We process your personal data on the following legal bases under the GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Contract performance (Art. 6(1)(b) GDPR) |
| Providing the core app features (equipment tracking, bookings) | Contract performance (Art. 6(1)(b) GDPR) |
| Sending push notification reminders | Consent (Art. 6(1)(a) GDPR) |
| Storing profile and company information | Contract performance / Legitimate interests (Art. 6(1)(b)(f) GDPR) |
| Security, fraud prevention, and abuse detection | Legitimate interests (Art. 6(1)(f) GDPR) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
4. How We Use Your Data
- To create and maintain your account and authenticate you securely
- To provide and improve the core features of the app (inventory management, QR tracking, event scheduling)
- To send push notifications you have opted in to (event reminders, booking updates)
- To generate invoices and reports based on your business data
- To respond to support requests
- To diagnose bugs and improve app stability
- To comply with legal obligations
We never sell, rent, or trade your personal data to third parties for marketing purposes.
5. Data Sharing & Third-Party Processors
We share data only with carefully selected service providers acting as data processors under appropriate data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database hosting, authentication, file storage, real-time sync | EU region (AWS eu-central-1) — configurable |
| Expo / EAS (Expo Application Services) | App build infrastructure, over-the-air updates, crash reporting | United States |
| Apple Inc. | Push notification delivery (APNs), App Store distribution | United States |
| Google LLC | Push notification delivery (FCM), Google Play distribution (Android) | United States |
Where data is transferred to processors outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.
We may also disclose data if required by law, court order, or to protect the rights and safety of our users.
6. Data Storage & Security
- All data is stored in Supabase with Row Level Security (RLS) — each user can only access their own data.
- Data is transmitted over HTTPS / TLS encryption at all times.
- Authentication is handled via Supabase Auth with secure session tokens.
- File uploads (images) are stored in access-controlled Supabase Storage buckets.
- We do not store payment card data; no payment processing occurs within the app.
While we implement industry-standard security measures, no system is 100% secure. Please use a strong, unique password and enable device lock on your device.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services. Specifically:
- Account data: Retained until you delete your account.
- Business records (items, events, clients): Retained while your account exists; deleted upon account deletion.
- QR scan logs: Retained for up to 2 years for audit/tracking purposes, then deleted.
- Crash/error logs: Retained for up to 90 days.
- Backups: Deleted within 30 days after account deletion.
You may request earlier deletion of your data at any time (see Section 8).
8. Your Rights Under GDPR
As a user in the European Union / EEA, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Correct inaccurate or incomplete data about you.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Restriction: Ask us to limit processing of your data in certain circumstances.
- Right to Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
To exercise any of these rights, please email privacy@eventably.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g., your national DPA or the Irish Data Protection Commission).
Account & Data Deletion
You can delete your account and all associated data directly from within the app (Settings → Account → Delete Account), or by emailing privacy@eventably.app. Deletion is processed within 30 days.
9. Children's Privacy
Eventably is a professional business tool intended for users who are 18 years of age or older. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will promptly delete it. If you believe we may have collected data from a minor, please contact us at privacy@eventably.app.
10. Cookies & Tracking
The Eventably mobile app does not use advertising cookies or cross-app tracking technologies. Session tokens required for authentication are stored securely on your device using encrypted AsyncStorage and are not shared with third parties.
Our web platform (if accessed via browser) may use essential session cookies required for authentication. No third-party advertising or analytics cookies are used.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via push notification or in-app message, and update the "Last updated" date at the top of this page. Your continued use of Eventably after changes become effective constitutes your acceptance of the revised policy.
12. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:
- Email: privacy@eventably.app
- Support: https://eventably.app/support
We aim to respond to all privacy-related inquiries within 5 business days.