Privacy Policy

Last updated: June 26, 2026

EventMap ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have under the EU GDPR and Türkiye's KVKK (Law No. 6698). By using EventMap you agree to the practices described here.

1. Data Controller

EventMap is the data controller of personal data processed through this service. For any privacy request, contact us at eventmaptr.info@gmail.com.

2. Information We Collect

• Account information: email address, display name, and optional avatar image.
• Authentication data: session tokens, sign-in provider (email/password or Google).
• App usage: saved events, favorites, recently viewed events, language and city preferences.
• Optional location: approximate coordinates only when you enable "Use my location" — processed in your browser and never stored on our servers.
• Promoter data: if you publish events, the event content you submit (title, description, images, links).
• Billing data: processed exclusively by Paddle as Merchant of Record. We never see or store full card numbers.
• Technical data: IP address, browser type, device type, and anonymized analytics.

3. How We Use Your Data

• Provide and maintain the service (account, saved events, personalization).
• Authenticate users and secure the platform against fraud and abuse.
• Process subscriptions and boost purchases via Paddle.
• Improve features through aggregated, anonymized analytics.
• Communicate essential service updates and respond to support requests.

4. Legal Basis (GDPR / KVKK)

We process personal data under one or more of the following bases: performance of a contract (providing the service you signed up for), legitimate interests (security, fraud prevention, product improvement), consent (optional location, marketing communications), and legal obligation (tax, accounting, lawful requests).

5. Cookies & Local Storage

We use cookies and browser local storage strictly to keep you signed in, remember saved events and language preferences, and measure aggregate usage. We do not use cookies for cross-site advertising. See our Cookie Policy for details.

6. Third-Party Processors

• Paddle — Merchant of Record for all payments, subscriptions, refunds, invoicing and tax compliance. See Paddle's Privacy Notice.
• Supabase — authentication, database and storage infrastructure.
• Cloud hosting infrastructure — application hosting and content delivery.
• Google — optional Google Sign-In, when you choose this provider.

These processors act under data-processing agreements and may store data outside Türkiye/the EU; safeguards (SCCs or equivalent) apply.

7. Data Retention

We retain account data for as long as your account is active. Billing records are kept as required by applicable tax and accounting law. Anonymized analytics may be retained indefinitely. When you delete your account, personal data is removed or anonymized within 30 days, except where law requires longer retention.

8. Security

We apply appropriate technical and organizational measures including encryption in transit (TLS), encrypted storage at rest, row-level security on user data, scoped API keys, and strict access controls.

9. Your Rights

You have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw any consent at any time. Under KVKK you may also request information about whether your data is processed and request its deletion. To exercise these rights, email eventmaptr.info@gmail.com. We respond within 30 days.

10. Account Deletion

You may delete your account at any time by emailing us. Deletion removes your profile, saved events, preferences and personal identifiers from our active systems.

11. Changes

We may update this policy from time to time. The "Last updated" date above reflects the most recent revision.

12. Contact

Privacy inquiries: eventmaptr.info@gmail.com