← Back to home

Privacy Policy

Last updated: May 25, 2026

1. Who We Are

EventArk ("we", "us") is a Canadian event-gifting platform. This policy explains what personal data we collect, how we use it, and the rights you have.

2. What We Collect

  • Account data. When you sign up: email, display name, username, and a password hash (managed by Firebase Authentication; we never see your plain-text password). Profile photo if you upload one.
  • Event data. Event titles, dates, descriptions, photos, wishlists, ticket prices, and any other content you add.
  • Guest data. When someone RSVPs, sends a wish, or gifts on your event, we store the name they provide. Email is optional. We do not require guests to create an account.
  • Payment data. Card payments are processed by Stripe. We receive only a transaction reference and the amount; full card numbers never reach our servers.
  • Payout data. For withdrawals: bank name, account number, Interac e-Transfer email, or other payout details you submit. Used solely to process your payout.
  • Technical data. IP address, browser and device information, page-visit logs, and error reports. Used to operate, secure, and improve the Service.

3. How We Use Your Data

  • Provide the Service: host your events, route gifts, send receipts.
  • Send transactional emails (gift receipts, RSVPs, access requests, system notices).
  • Prevent fraud, abuse, and violations of our Terms.
  • Comply with legal obligations (e.g. tax reporting, lawful requests).
  • Diagnose and fix errors in the application.

We do not sell your personal data. We do not use it to train AI models or advertise to you.

4. Sub-processors

We use the following service providers to operate EventArk. Each has its own privacy policy governing how they handle data on our behalf.

  • Google Firebase — authentication, database (Firestore).
  • Stripe — card payments and dispute handling.
  • Resend — transactional email delivery.
  • Cloudinary — image storage and delivery.
  • Sentry — error monitoring.
  • Vercel — hosting and content delivery.

5. International Transfers

Our sub-processors are based in Canada and the United States. Where data leaves Canada, we rely on standard contractual protections offered by those providers.

6. Data Retention

We keep your account and event data for as long as your account is active. If you delete your account, we delete your associated data within a reasonable period, except where retention is required by law (e.g. tax records, fraud investigations) or for legitimate business needs (e.g. preventing repeated abuse).

7. Your Rights

Under Canadian privacy law (PIPEDA) and equivalent laws elsewhere, you may:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your data (subject to legal exceptions);
  • withdraw consent to optional uses of your data;
  • complain to the Office of the Privacy Commissioner of Canada.

Email hello@eventark.app to exercise any of these rights. We will respond within 30 days.

8. Cookies and Local Storage

We use essential cookies and browser local storage to keep you signed in, remember RSVPs you have already submitted, and pre-fill your payout details. We do not use third-party advertising or tracking cookies.

9. Children

EventArk is not directed to children under 13 and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

10. Security

We use industry-standard safeguards: encryption in transit (TLS), encryption at rest for data stored in Firebase, PCI-compliant payment processing through Stripe, and access controls on administrative tooling. No system is perfectly secure; we will notify affected users without undue delay if a breach occurs.

11. Changes

We may update this Privacy Policy. Material changes will be announced in-app or by email before they take effect.

12. Contact

Privacy questions or requests: hello@eventark.app.