Privacy Policy

This Privacy Policy describes how Evlux collects, uses, shares, and protects information when you use our website and services (the "Service"). It also describes the choices you have about how we use your information. By using the Service, you agree to the practices described here.

We collect information in the following categories:

• Account information. When you create an account we collect your email address and, optionally, your name and other profile details you provide.
• Event and guest information. Hosts may upload guest lists, RSVP responses, menu preferences, dietary notes, and event details. Guests provide RSVP responses and may optionally provide an email address or phone number.
• Payment information. Card data is collected, stored, and processed by Stripe, our payment processor. Evlux stores a payment reference (Stripe session and payment intent IDs) and the amount, currency, and status — not the card number itself.
• Communications. Email content you send through the Service (invitations, ticket confirmations, digests) is handled by Resend. Optional SMS/WhatsApp messages are handled by Twilio when you enable those channels.
• Usage and device data. Standard server logs and basic analytics about how you use the Service (pages visited, actions taken, approximate IP-based location). We may use a third-party error-monitoring service (Sentry) to capture unhandled errors so we can fix them.
• Cookies and local storage. See our Cookie Policy for the cookies and local-storage entries we use.

We use the information we collect to:

• provide, operate, and improve the Service;
• authenticate accounts and verify guests through magic links and QR codes;
• process ticket sales, send confirmations, and reconcile payments;
• deliver invitations, reminders, and other communications you initiate;
• prevent abuse, fraud, and unauthorized access; and
• comply with our legal obligations.

We do not sell your personal information. We share information only as needed to operate the Service:

• Service providers. We use Supabase for database hosting, Stripe for payments, Resend for email, and (optionally) Twilio for SMS/WhatsApp. These providers process data on our behalf under their own privacy and security commitments.
• Hosts and recipients. Information you submit for an event (RSVP, menu selection, dietary note) is visible to the host or organizer of that event. Tickets you purchase are visible to the promoter or vendor running the public event.
• Legal and safety. We may disclose information when required by law or to protect the rights, property, or safety of Evlux, our users, or the public.

We retain account and event data for as long as your account is active. You may request deletion of your account and associated personal information at any time by emailing privacy@evlux.com. Some information may be retained after deletion where required for legitimate business purposes (e.g. payment reconciliation, fraud prevention, or legal compliance).

Depending on where you live (for example, the EU/EEA under the GDPR or California under the CCPA), you may have the right to access, correct, port, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact privacy@evlux.com. We will respond within the timeframes required by applicable law.

The Service is operated from the United States. Data we collect may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service you consent to such transfers.

We use industry-standard security measures to protect information, including encryption in transit (HTTPS) and at rest for data stored in our managed Supabase database. No security program is perfect; you use the Service at your own risk and should keep your credentials secure.

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact privacy@evlux.com and we will take appropriate action.

We may update this Policy from time to time. If we make material changes, we will provide notice through the Service or by email. The effective date at the top of this page indicates when this Policy was last revised.

Questions, requests, or complaints? Email privacy@evlux.com.