NEXOUND

Legal

Privacy Policy

Last updated · 11 May 2026

This Privacy Policy explains how Nexound Events Ltd. ("Nexound", "we", "us") collects and uses your personal data when you use nexound.events. We process personal data in line with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

1. Data we collect

  • Account data: your name, email address, and a hashed password when you sign up.
  • Booking data: events you've booked, ticket codes, quantities, and order timestamps.
  • Payment data: handled entirely by Stripe. We never see or store full card numbers. We do store Stripe's opaque payment-intent and session identifiers so we can reconcile orders.
  • Technical data: basic logs (IP address, user agent) generated by our hosting provider (Vercel) for security and abuse prevention.

2. Why we use it (lawful basis)

  • To deliver your booking and tickets — performance of a contract.
  • To send essential service emails (confirmations, tickets, event changes) — performance of a contract.
  • To keep accounting records for at least six years as required by Irish tax law — legal obligation.
  • To prevent fraud and abuse, and to keep the site secure — legitimate interests.
  • For optional marketing (e.g. newsletter) — only with your consent, which you can withdraw at any time.

3. Who we share data with

  • Stripe (Ireland) — payment processing. stripe.com/privacy
  • Supabase — our database and authentication provider, hosted in the EU.
  • Resend — sends transactional emails (verification, ticket delivery).
  • Vercel — hosting and edge network.

We don't sell your data, and we don't share it with marketing networks without explicit consent.

4. International transfers

Where any provider stores data outside the EEA, we rely on the Standard Contractual Clauses approved by the European Commission to ensure equivalent protection.

5. How long we keep it

  • Account data — for as long as your account is open, plus 30 days after deletion.
  • Booking and financial records — at least six years, in line with Irish tax-record requirements.
  • Server logs — typically 30 days.

6. Your rights

Under the GDPR you can request access to your data, correction, deletion, restriction of processing, portability, and objection to certain processing. Contact support@nexound.events to exercise any of these rights. You can also lodge a complaint with the Irish Data Protection Commission.

7. Cookies

We use a small number of strictly-necessary cookies to keep you signed in and to remember your booking session. We don't use third-party advertising cookies. If we add analytics in future, we'll update this policy and ask for consent where required.

8. Changes to this policy

If we make material changes, we'll notify account holders by email and update the "Last updated" date above.

9. Contact

Questions or data requests: support@nexound.events.