Queer Calendar Privacy Policy
1. Introduction
Effective Date: May 29, 2025
Last Updated: September 3, 2025
At Queer Calendar, we recognize that privacy is especially important to LGBTQ+ individuals who may face unique safety and security concerns. We strive to protect your personal information and be transparent about how we collect, use, and safeguard your data.
This Privacy Policy, along with our Terms of Service, applies to our website and mobile application (collectively, the "Service"). Our Service is intended for users 18 years and older.
2. Legal Basis for Processing (GDPR)
- Consent: For optional marketing or non-essential cookies. You can withdraw this at any time.
- Explicit Consent (Sensitive Data): For sensitive data like your pronouns, gender identity, or sexual orientation, our legal basis for processing is your explicit and voluntary consent. You may choose to provide this information to enhance optional features, such as personalizing your user profile. Providing this information is not required to use the core services of the platform, and you can add or remove it at any time.
- Contractual Necessity: To operate your account, facilitate ticket transactions, and provide requested services.
- Legal Obligation: To comply with applicable laws and legal processes.
- Legitimate Interests: To improve security, prevent fraud, and analyze platform usage to enhance your experience.
3. Information We Collect
We collect information you provide directly (account and profile info), information collected automatically (usage data, cookies, IP address), and information from third parties (authentication services, payment providers).
4. Payment Information
We never store or view your full credit card number. All payments are processed by PCI-compliant third-party providers.
5. How We Use Your Data
We use your data to operate the platform, process ticket purchases, provide support, personalize your experience, and ensure security.
6. Cookies and Tracking Technologies
We use essential and non-essential cookies for functionality, analytics, and marketing.
- Consent: We do not place non-essential cookies unless you consent via our cookie banner.
- Managing Cookies: You can manage cookies through our banner and your browser settings.
- Opt-Out Preference Signals (GPC):We recognize and honor opt-out preference signals, such as the Global Privacy Control (GPC), transmitted by your browser. We treat these signals as a valid request to opt out of the sale or sharing of your personal information under the CCPA/CPRA. This is in addition to the "Do Not Sell or Share My Personal Information" option in our footer. We do not respond to older "Do Not Track" (DNT) signals.
7. Email List Sharing (Opt-In)
When you purchase tickets to an event, the event organizer will be able to see your name and email address for the purpose of managing the event (check-in, logistics, communication about the event). This is necessary to deliver the services you have purchased.
We will only share your email with an event organizer for their marketing or mailing list if you explicitly opt-in during the ticket purchase process. We are not responsible for how organizers manage their marketing lists after export.
8. Third-Party Services
We use vendors for hosting, analytics, and payments who are contractually obligated to protect your data.
Sub-processor Transparency: To provide our Service, we share data with key third-party service providers (sub-processors) who act on our behalf. Our key sub-processors include cloud hosting providers (e.g., Amazon Web Services), payment processors (e.g., Stripe), and analytics services (e.g., Google Analytics). A complete and current list of our data processors is available upon request by contacting us at [email protected].
9. Data Sharing and Disclosure
We do not sell your personal data. We only share it:
- With your consent;
- With our service providers;
- To comply with legal obligations; or
- To protect our users, enforce our Terms, or in connection with business transfers.
10. Your Rights and Choices
You have the right to access, correct, delete, or port your data, among other rights (which may vary by region). You can exercise these rights by contacting us at [email protected].
Self-serve account deletion: You can permanently delete your account at any time from Settings → Account & Security. When you delete your account, we anonymize your user record (clearing your name, email, sign-in providers, and notification settings) and delete disposable per-user data such as push notification tokens, follow/subscriber rows, and team memberships. If you are the sole owner of any host pages, you will be asked to delete or transfer ownership of those hosts first.
11. Data Retention
- Active Accounts: Retained while active and for a reasonable period thereafter for operational purposes.
- Deleted Accounts: Your user record is anonymized when you delete your account. Most associated personal data is removed.
- Financial & Tax Records (Retained): Records of ticket purchases (orders and tickets) are retained for tax, legal, fraud, and accounting compliance, even after you delete your account. Personal identifiers (your name, email, and phone number) on those records are anonymized; the underlying transaction information is kept in line with applicable retention requirements (typically 3–7 years). Stripe, our payment processor, retains the original transaction record under their own policies.
- Host Pages: If you delete a host page you own, the page and any events it owns become hidden from the public. Past ticket sales and financial records associated with those events are retained for the reasons above.
12. International Data Transfers
We process data in the U.S. and use safeguards like Standard Contractual Clauses (SCCs) for international transfers.
13. Data Controller and Processor
- Controller: For most activities on the platform, Queer Calendar LLC is the Data Controller.
- Processor: When you purchase a ticket from an Event Host on our Platform, the Event Host is the Data Controller for the personal data you provide for that transaction. In this capacity, Queer Calendar acts as their Data Processor to facilitate the purchase. Our relationship with Event Hosts as Data Processors is governed by a Data Processing Agreement (DPA) which Event Hosts must accept as part of our Terms of Service.
14. Third-Party Authentication
- We receive name, email, and profile image if you sign in with Google, Apple, or Facebook.
- We do not access your contacts or post on your behalf.
- You can revoke access via your third-party account settings.
15. Security Practices
- Encryption in transit and at rest.
- Role-based access controls.
- Regular monitoring and testing.
- Breach notification if required by law.
However, no system is 100% secure. Use the Service at your own risk.
16. Special Protections for LGBTQ+ Users
- Support chosen names/pronouns.
- Limit and protect sensitive data.
- Provide robust content reporting tools.
- Enforce a zero-tolerance policy for harassment.
- Empower users to control profile visibility.
These protections reflect our values and do not create legal obligations beyond this Privacy Policy.
17. Children's Privacy
Our platform is for adults 18+. We do not knowingly collect personal data from anyone under this age. If we become aware that we have inadvertently collected data from a user under 18, we will promptly delete it.
We comply with all applicable children's privacy laws, including the U.S. Children's Online Privacy Protection Act (COPPA).
18. Changes to This Privacy Policy
We may update this policy periodically. If changes are material, we will notify you at least 30 days in advance, where feasible (e.g., by email or in-app notice). Continued use of the Service means you accept the updated policy.
19. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of laws provisions.
21. Regional Disclosures
- California Residents: CCPA/CPRA rights apply.
- EU/UK Residents: GDPR/UK GDPR rights apply.
- Brazil Residents: LGPD rights apply. Contact us if you need a designated DPO.
- Canada Residents: We comply with PIPEDA and provincial privacy laws.