Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

• Create an account: Name, email address, password, date of birth, profile photo
• Complete your profile: Bio, location (city/state), professional experience, skills, certifications, social media links, profile type (Guest, Talent, Brand, Venue)
• Create or manage events: Event details, dates, times, locations, descriptions, pricing, requirements
• Submit or respond to proposals: Proposal terms, pricing, availability, negotiation messages
• Use payment features: Payment method information (collected and processed by Stripe — see Section 4), payout preferences, bank account information
• Communicate on the platform: Messages to other Users, support inquiries
• Check in at events: Check-in confirmation and timestamp
• Interact socially: Follow/unfollow actions, list curation, event attendance

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect:

• Device information: Device type, operating system, browser type, unique device identifiers
• Usage data: Pages and features accessed, actions taken, time spent on the Service, referring URLs
• Location data: Approximate location derived from your IP address. Precise location data is collected only with your explicit consent (e.g., for event check-in or map features) and can be disabled in your device settings at any time
• Log data: IP address, access timestamps, error logs, request and response data
• Performance data: Page load times, crashes, and system activity

1.3 Information from Third Parties

We may receive information from:

• Authentication providers: When you sign in using a third-party account (e.g., Google, Apple), we receive your name, email, and profile photo as permitted by that provider
• Payment processors: Transaction status, payout status, and fraud signals from Stripe (we do not receive or store your full credit card number)
• Analytics providers: Aggregated and anonymized usage patterns

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Operating the Service

• Creating and managing your account and profile(s)
• Facilitating connections between Talent, Venues, Brands, and Guests
• Processing events, proposals, and engagements
• Processing payments, payouts, and platform fees
• Enabling event check-ins and attendance tracking
• Delivering notifications (email, push, in-app)

2.2 Improving the Service

• Analyzing usage patterns to improve features and user experience
• Conducting research and development for new features
• Monitoring and improving Service performance, stability, and security

2.3 Communication

• Sending transactional messages (confirmations, reminders, payment updates)
• Responding to your support requests and inquiries
• Sending Service announcements and updates

2.4 Safety and Compliance

• Detecting, investigating, and preventing fraud, abuse, and security incidents
• Enforcing our Terms of Service and other policies
• Complying with legal obligations, including tax reporting requirements

2.5 Marketing (with Your Consent)

• Sending promotional communications about the Service (you may opt out at any time)
• Personalizing your experience based on your preferences and activity

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 With Other Users

Your profile information — including your name, profile photo, bio, location, and professional details — is visible to other Users of the Service to facilitate connections and collaborations. The visibility of your profile information is subject to your privacy settings, where available.

For Talent: Venues and Brands can see your professional profile, skills, experience, and availability when you submit proposals or are discovered through search.

For Venues and Brands: Your business profile, event listings, and engagement opportunities are visible to Talent and Guests.

For Guests: Your name and profile photo may be visible to other Users at events you attend, subject to your privacy settings.

3.2 Check-In Data Sharing with Event Sponsors

This section is important — please read it carefully.

When you check in to an event on almíbar that has a sponsoring Brand, the following information may be shared with that Brand:

• Your name and profile photo
• The date, time, and location of your check-in
• Your profile type (e.g., Guest, Talent)

This data sharing enables Brands to measure event engagement, understand audience reach, and evaluate sponsorship effectiveness. Brands that receive check-in data are contractually prohibited from using it for purposes other than measuring and analyzing the sponsored event's performance.

You can control this: You may choose not to check in to sponsored events if you do not wish to share your data with sponsors. We will clearly indicate when an event has a Brand sponsor before you check in.

3.3 With Service Providers

We share information with third-party service providers who perform services on our behalf, including:

These service providers are contractually bound to use your information only to provide services to us and in accordance with this Privacy Policy. For Stripe's data practices, please see Stripe's Privacy Policy.

3.4 For Legal Reasons

We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or governmental requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of almíbar, our Users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to an emergency involving danger of death or serious physical injury

3.5 Business Transfers

If almíbar is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4. Payment Information

Payment processing is handled by Stripe, Inc. When you provide payment information (credit card number, bank account details), that information is collected directly by Stripe and is subject to Stripe's Privacy Policy. We do not receive, process, or store your full credit card numbers. We receive only limited information from Stripe, such as the last four digits of your card, card type, expiration date, and transaction status.

5. Cookies and Tracking Technologies

5.1 Types of Cookies

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential cookies: Required for core platform functionality (authentication, security, session management). These cannot be disabled.
• Analytics cookies: Help us understand how Users interact with the Service (page views, feature usage, navigation patterns). We use PostHog for product analytics.
• Preference cookies: Remember your settings and preferences (language, display options).

5.2 Your Cookie Choices

You can manage cookies through:

• Your browser settings (blocking or deleting cookies)
• Our cookie preferences in the Service settings
• Your device's privacy settings for mobile applications

Note that disabling essential cookies may prevent you from using certain features of the Service.

5.3 Do Not Track

We currently respond to "Do Not Track" browser signals by limiting non-essential tracking. However, there is no uniform standard for how "Do Not Track" signals are interpreted, and our response may change as standards develop.

6. Data Retention

We retain your personal information for as long as:

• Your account is active
• It is needed to provide the Service to you
• It is necessary to comply with our legal obligations (e.g., tax records, which are retained for 7 years)
• It is needed to resolve disputes or enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except:

• Transaction records and payment history, which are retained as required by tax and financial regulations
• Information that has been shared with other Users (e.g., messages, event history) may persist in their accounts
• Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely
• Backup copies, which are purged within 90 days

7. Your Rights and Choices

7.1 Access and Portability

You can access your personal data through your account settings. You may also request a copy of your data in a portable format by contacting us at privacy@almibar.app.

7.2 Correction

You can update your personal information at any time through your profile settings. For information you cannot update directly, contact us at privacy@almibar.app.

7.3 Deletion

You can request deletion of your account and personal data through the Settings page in the Service or by emailing privacy@almibar.app. We will process your request within 30 days, subject to the retention exceptions described in Section 6.

7.4 Opt-Out of Communications

• Marketing emails: Use the "unsubscribe" link in any marketing email
• Push notifications: Manage through your device settings or in-app notification preferences
• Transactional emails: These cannot be fully opted out of while your account is active, as they contain essential information about your transactions and account

7.5 Location Data

You can disable precise location data collection at any time through your device settings. Approximate location based on IP address is collected as part of normal Service operation.

8. California Residents — Your CCPA/CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

8.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

8.2 Your Rights

As a California resident, you have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Delete: Request deletion of your personal information, subject to certain exceptions
• Correct: Request correction of inaccurate personal information
• Opt-out of sale/sharing: We do not sell your personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link
• Limit use of sensitive personal information: Request that we limit the use of sensitive personal information to what is necessary to provide the Service
• Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

8.3 How to Exercise Your Rights

To exercise your California privacy rights, you may:

• Email us at privacy@almibar.app with the subject line "CCPA Request"
• Use the privacy controls in your account settings
• Contact us at the address listed in Section 14

We will verify your identity before processing your request. We will respond to verifiable consumer requests within 45 days. If we need additional time, we will inform you of the reason and the extension period (up to an additional 45 days).

8.4 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization (e.g., a signed written permission or power of attorney).

8.5 Financial Incentive Programs

We do not offer financial incentives or price differences in exchange for the retention or sale of personal information.

9. European and International Users — GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent laws.

9.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service (account management, payments, event facilitation)
• Legitimate interests: Processing for platform security, fraud prevention, Service improvement, and analytics, where our interests are not overridden by your rights
• Consent: Processing based on your explicit consent (marketing communications, precise location data, optional data sharing)
• Legal obligation: Processing required to comply with applicable laws

9.2 Your Rights

Under the GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time for consent-based processing
• Lodge a complaint with your local data protection authority

9.3 International Data Transfers

Your personal data may be transferred to and processed in the United States, where our servers and service providers are located. The United States may not provide the same level of data protection as your home country. We rely on the following safeguards for international transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service provider compliance with applicable data protection frameworks
• Your explicit consent, where applicable

9.4 Data Protection Officer

For GDPR-related inquiries, contact us at privacy@almibar.app. We will respond within 30 days.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@almibar.app.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: Data encrypted in transit (TLS 1.2+) and sensitive data encrypted at rest
• Access controls: Role-based access, multi-factor authentication for administrative access
• Infrastructure security: Hosted on enterprise-grade platforms (Vercel, Supabase) with SOC 2 compliance
• Authentication: Secure password hashing, session management through Supabase Auth
• Monitoring: Automated security monitoring and alerting
• Incident response: Documented procedures for responding to data breaches

Despite these measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

12. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party service before providing your information. We are not responsible for the privacy practices of third parties.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated Privacy Policy on the Service
• Update the "Effective Date" at the top of this document
• Notify you by email or in-app notification at least 30 days before the changes take effect

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you should stop using the Service and may request account deletion.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mise en POP, LLC (d/b/a almíbar)
8 The Green, STE R
Dover, DE 19901
United States

Privacy inquiries: privacy@almibar.app
General support: support@almibar.app
Legal matters: legal@almibar.app

For CCPA requests, email privacy@almibar.app with the subject line "CCPA Request."