Privacy Policy

What We Collect

• Account and profile information you provide.
• Booking and transaction details tied to platform activity.
• Limited payment metadata from payment processors (not full card credentials).
• Device, usage, and cookie-related data.

How We Use Data

• Operate accounts, listings, bookings, and support.
• Prevent fraud, enforce platform terms, and maintain security.
• Improve platform performance, features, and reliability.
• Send transactional and legal notices required for service operations.

How We Share Data

• With other users where needed to complete marketplace transactions.
• With service providers supporting platform operations.
• With independent payment processors under their own terms and privacy policies.
• When required by law or for legal claims, safety, and terms enforcement.

How We Protect Your Data

We apply the following technical and organizational safeguards to protect personal information, with heightened controls for sensitive data (such as government-issued identification, biometric identifiers, and financial credentials):

• Encryption at rest: Sensitive personal information stored in our systems is encrypted using AES-256 or equivalent industry-standard encryption.
• Encryption in transit: All data transmitted between your device and our platform is protected using TLS 1.2 or higher.
• Access controls: Access to sensitive personal information is restricted on a role-based, need-to-know basis using least-privilege principles.
• Authentication requirements: Administrative access to systems storing sensitive personal information requires multi-factor authentication (MFA).
• Data minimization: We collect only the minimum sensitive personal information necessary for the specific stated purpose.
• Retention limits: Sensitive personal information no longer needed for its stated purpose is deleted or de-identified consistent with our retention policy and applicable law.
• Vendor requirements: Third-party service providers who process sensitive personal information on our behalf are contractually required to implement equivalent security measures.
• Incident response: We maintain an internal incident response process to assess, contain, and remediate security incidents, and provide breach notifications as required by applicable law.

Google Services Data

To the extent our platform uses Google APIs and receives user data through Google OAuth authorization, we handle that data as follows:

• Limited use: Data obtained through Google APIs is used solely for the purpose explicitly described to you at the time of authorization. We do not use Google user data for advertising, unrelated profiling, or training machine learning models.
• No unauthorized sharing: We do not sell, share, or transfer Google user data to third parties except as strictly necessary to provide the authorized feature, or as required by law.
• Encryption: Google user data received via OAuth is encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent) when stored.
• Access restriction: Access to Google user data is limited to personnel and systems that require it solely to deliver the authorized functionality, and all such access is logged.
• Retention and revocation: Google user data is retained only as long as necessary to provide the authorized service. You may revoke access at any time via your Google Account permissions. Previously received data will be deleted within a reasonable period following revocation.
• Policy compliance: Our use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Your Privacy Rights

Depending on your state, you may have rights such as access, correction, deletion, portability, and opt-out of certain targeted advertising uses.

Submit requests at legal@venuesss.co. Verified requests are generally handled within 45 days, with an extension when allowed by law.