Privacy Policy
Last Updated: December 8, 2025
1. Introduction
Welcome to Common Events ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services (collectively, the "Service").
We process personal data in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection laws.
2. Controller
The data controller responsible for the processing of your personal data on this website is:
[Your Company/Organization Name]
[Your Address]
[City, Zip Code, Country]
Email: events@commoncause.cc
3. Data We Collect
3.1. Information You Provide to Us
- Account Data: When you register for an account, we collect your email address and password (hashed). If you sign up via a third-party provider, we receive your email and basic profile info.
- Profile Data: If you are an organizer or venue owner, we may collect your name, organization name, and contact details.
- User Content: Events, venue details, and other content you post to the Service.
3.2. Information Collected Automatically
- Technical Data: IP address, browser type and version, time zone setting, operating system, and platform.
- Usage Data: Information about how you use our website, such as pages visited, time spent, and clickstream data.
- Location Data: If you grant permission, we may collect your approximate location to display relevant events on the map.
4. Legal Basis and Purpose of Processing
We process your data based on the following legal grounds (Art. 6 GDPR):
| Purpose | Legal Basis |
|---|---|
| Providing the Service (accounts, events, likes) | Contractual Necessity (Art. 6(1)(b)) |
| Security & Fraud Prevention | Legitimate Interest (Art. 6(1)(f)) |
| Analytics | Legitimate Interest (Art. 6(1)(f)) or Consent |
| Legal Compliance | Legal Obligation (Art. 6(1)(c)) |
5. Third-Party Services and Data Processors
We use third-party service providers to help us deliver our Service. These providers act as data processors and process data on our behalf.
5.1. Hosting and Infrastructure: Vercel
- Provider: Vercel Inc., USA.
- Server Location: Frankfurt, Germany (eu-central-1).
- Purpose: Hosting, serverless functions, content delivery.
- Data: IP addresses, server logs.
- Compliance: EU-U.S. Data Privacy Framework.
5.2. Database and Authentication: Supabase
- Provider: Supabase, Inc., Singapore.
- Server Location: Frankfurt, Germany (eu-central-1).
- Purpose: Authentication, database, storage.
- Data: Emails, passwords, user IDs.
- Compliance: Standard Contractual Clauses (SCCs), AWS hosting in Frankfurt.
5.3. Maps: Google Maps Platform
- Provider: Google Ireland Limited, Ireland.
- Purpose: Interactive maps.
- Data: IP address, location data, map interactions.
6. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), specifically in the USA. We ensure that appropriate safeguards are in place for such transfers, such as the EU-U.S. Data Privacy Framework certification or Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it. Account data is retained until you delete your account. Server logs are typically retained for a short period (e.g., 30 days) for security auditing.
8. Your Rights
Under the GDPR, you have the following rights:
- Right to Access (Art. 15)
- Right to Rectification (Art. 16)
- Right to Erasure ("Right to be Forgotten") (Art. 17)
- Right to Restriction (Art. 18)
- Right to Data Portability (Art. 20)
- Right to Object (Art. 21)
To exercise these rights, please contact us at the email address provided in Section 2.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.