Privacy Policy
Effective date: May 20, 2026 Last updated: May 20, 2026
This Privacy Policy describes how SDPersianVibes LLC ("PersianParty," "we," "us," or "our") collects, uses, and shares personal information when you use the PersianParty website at persianparty.app, the PersianParty mobile application (collectively, the "Service"), or otherwise interact with us.
By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.
1. Who we are
PersianParty is a ticketing platform that connects attendees with cultural events hosted by independent organizers. The Service is operated by:
SDPersianVibes LLC 17158 Matinal Rd San Diego, CA 92127 United States Email: sdpersianvibes@gmail.com
SDPersianVibes LLC is the data controller for personal information processed through the Service, except where event organizers act as independent controllers of their own attendee data (see Section 5).
2. Information we collect
We collect three categories of information.
2.1 Information you provide directly
When you create an account, purchase a ticket, or host an event, we collect:
- Account information: your name, email address, password (hashed), and role (attendee or organizer).
- Profile information: display name, profile photo (optional), phone number (optional).
- Purchase information: the events and ticket types you buy, quantities, prices, discount codes you enter, and date of purchase.
- Organizer information (if you host events): legal name or business name, business address, government-issued tax identification (collected and held by Stripe — see Section 3), and event details you publish.
- Communications: messages you send us (e.g., support emails to sdpersianvibes@gmail.com).
2.2 Information collected automatically
When you use the Service, we automatically collect:
- Device and log data: IP address, device type, operating system, mobile app version, language preference, time zone, and timestamps of your activity.
- Usage data: pages or screens you view, actions you take (e.g., adding a ticket to cart, scanning a QR code), and referring URLs.
- Diagnostic data: crash reports and error logs.
We do not currently use third-party analytics or advertising trackers.
2.3 Information from third parties
- Payment processor (Stripe): when you purchase a ticket, Stripe processes your payment and shares limited transaction data (amount, currency, last 4 digits of card, payment status) with us. We never see or store your full card number, CVV, or bank credentials.
- Event organizers: if you check in at an event, the organizer's scan is recorded as a check-in associated with your ticket.
3. How we use information
We use personal information to:
- Create and manage your account.
- Process ticket purchases and refunds.
- Generate, deliver, and validate tickets (including QR codes).
- Send transactional emails (purchase confirmations, check-in receipts, account-deletion notices, password resets).
- Provide customer support.
- Detect, prevent, and investigate fraud, abuse, or security incidents.
- Comply with legal obligations, including tax and accounting requirements.
- Improve the Service (debugging, performance, feature development).
We do not sell your personal information. We do not use it for behavioral advertising.
Legal basis (for users in the EU/UK): we rely on (a) contract performance — to provide tickets you purchase; (b) legitimate interests — to operate, secure, and improve the Service; (c) legal obligation — for tax and recordkeeping; and (d) consent — where required by law.
4. Service providers we share information with
We share personal information only with the following categories of service providers, each contractually limited to processing data on our behalf:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing, organizer payouts | Name, email, billing address, payment amounts, transaction history |
| Supabase, Inc. | Database and authentication hosting | All account, ticket, and event data |
| Resend (Resend Labs, Inc.) | Transactional email delivery | Email address, name, message contents |
| Vercel Inc. | Website and API hosting | Server logs, IP addresses |
| Apple Inc. / Google LLC | App distribution (App Store / Play Store) | Limited diagnostic and crash data |
Each provider has its own privacy policy governing its handling of data.
5. Sharing with event organizers
When you purchase a ticket to an event, the organizer of that event receives:
- Your name and email address.
- The number and type of tickets you purchased.
- Your check-in status at their event.
Organizers act as independent data controllers for the attendee data of their own events. They are responsible for their own privacy practices regarding attendees. We require organizers by contract to use this information only for legitimate event operations and not for unsolicited marketing.
We do not share data with one organizer about other organizers' events or attendees.
6. Legal disclosures
We may disclose personal information if we believe in good faith that disclosure is required to:
- Comply with a subpoena, court order, or other legal process.
- Enforce our Terms of Service.
- Protect the safety, rights, or property of PersianParty, our users, or the public.
- Investigate fraud or security incidents.
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Policy.
7. Your rights and choices
7.1 In-app account deletion
You can permanently delete your account at any time from the PersianParty mobile app:
- Open the app and sign in.
- Go to Account → Danger Zone → Delete Account.
- Type your email to confirm.
Once confirmed, your account is scheduled for deletion. Sign-in is immediately disabled. After a 30-day grace period (during which you may email sdpersianvibes@gmail.com to cancel the deletion), we permanently erase your profile, ticket history, and associated personal data, except records we are legally required to retain (see Section 9).
You can also email sdpersianvibes@gmail.com to request deletion.
7.2 Access, correction, and portability
You can review and update most account information from within the Service. To request a copy of your data or to correct information you cannot edit yourself, email sdpersianvibes@gmail.com.
7.3 California residents (CCPA / CPRA)
If you reside in California, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information (subject to legal-retention exceptions).
- Correct inaccurate personal information.
- Limit use of sensitive personal information.
- Opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined in the CCPA. We do not engage in cross-context behavioral advertising.
- Non-discrimination — we will not deny service or charge different prices for exercising these rights.
To exercise these rights, email sdpersianvibes@gmail.com with the subject line "CCPA Request." We may need to verify your identity before responding.
7.4 EU/UK residents (GDPR / UK GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the rights to access, rectify, erase, restrict processing of, object to processing of, and port your personal data. You also have the right to withdraw consent (where processing is based on consent) and to lodge a complaint with your local supervisory authority.
To exercise these rights, email sdpersianvibes@gmail.com.
8. Children
PersianParty is not directed to children under 13 years of age (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please email sdpersianvibes@gmail.com and we will delete it.
9. Data retention
We retain personal information only as long as necessary for the purposes described in this Policy.
- Active accounts: retained while your account exists.
- Deleted accounts: soft-deleted for 30 days (grace period), then permanently erased.
- Purchase records and financial transactions: retained for up to 7 years to comply with US tax and accounting laws, even after account deletion. These records are minimized to what is legally required.
- Server logs: retained for up to 90 days for security and debugging.
10. Security
We use industry-standard measures to protect personal information, including:
- Encryption in transit (HTTPS / TLS) for all network traffic.
- Encryption at rest for our database.
- Hashed passwords (we never store plaintext passwords).
- Tokenized payments (full card details never touch our servers — handled by Stripe).
- Row-level access controls on the database.
- Audit logging.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work continuously to protect your information.
11. International transfers
We are based in the United States and process personal information there. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the US, where data-protection laws may differ from those in your country.
12. Third-party links
The Service may contain links to third-party websites (e.g., organizer social media, payment processor pages). Those sites have their own privacy policies, which we do not control or endorse.
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this Policy.
- Send a notice by email to registered users when changes are material.
- Where required by law, obtain your consent before the changes take effect.
Continued use of the Service after the effective date of any change constitutes your acceptance of the updated Policy.
14. Contact us
Questions, requests, or complaints about this Policy or your personal information:
Email: sdpersianvibes@gmail.com Mail: SDPersianVibes LLC 17158 Matinal Rd San Diego, CA 92127 United States
We aim to respond to all inquiries within 30 days.
Last updated: May 20, 2026