🎭
FestivalAtlas
🔍
← Back to Home

Privacy Policy

How we collect, use, and protect your data

Last Updated: January 2025 • Effective: January 2025

Privacy in Plain English

  • We collect minimal data - only what's needed for the service to work
  • We never sell your data to third parties
  • Analytics are privacy-focused (PostHog, EU-hosted)
  • You can request your data or delete your account anytime
  • GDPR-compliant, EU data protection standards

Who Controls Your Data

Data Controller: Ahmed Elkashef (FestivalAtlas)

Location: Germany

Contact: privacy@festivalatlas.com

Data We Collect

Account Information (If You Subscribe)

  • • Email address (for account access and communication)
  • • Password (encrypted, never stored in plain text)
  • • Subscription status and payment history (via Stripe)
  • • Account preferences (saved festivals, calendar exports)

Legal Basis: Contract performance (you need an account to access paid features)

Usage Analytics

  • • Pages visited and features used
  • • Search queries (festival searches, countries browsed)
  • • Device type and browser (for compatibility)
  • • Approximate location (country-level, not precise GPS)
  • • How you found us (referral source)

Legal Basis: Legitimate interest (improving our service)
Tool: PostHog (EU-hosted, privacy-focused analytics)

Payment Information

We do not store your credit card details. All payments are processed securely by Stripe.

  • • Stripe receives: Card details, billing address, payment amount
  • • We receive: Payment confirmation, last 4 digits (for reference only)

Legal Basis: Contract performance (processing your subscription)
Payment Processor: Stripe (PCI DSS Level 1 certified)

Communications

  • • Email correspondence (when you contact us)
  • • Transactional emails (subscription confirmations, password resets)
  • • Optional newsletter (you can opt out anytime)

Legal Basis: Contract performance + Consent (for newsletter)

How We Use Your Data

Provide Service

Track your free views, enable unlimited access for subscribers, save your preferences

Process Payments

Handle subscriptions, renewals, and refunds via Stripe

Improve Platform

Understand which features are useful, fix bugs, optimize performance

Communicate

Respond to inquiries, send account updates, share major product news (opt-in)

Prevent Abuse

Detect and prevent fraud, spam, or misuse of our systems

Who We Share Data With

We never sell your data. We only share it with trusted service providers necessary to operate FestivalAtlas:

Stripe (Payment Processing)

Handles all subscription payments. See Stripe Privacy Policy

PostHog (Privacy-Focused Analytics)

EU-hosted analytics to understand usage patterns. See PostHog Privacy Policy

Hosting Infrastructure

Our hosting providers (Vercel, Supabase) have access to database backups and application logs. All GDPR-compliant.

Affiliate Partners (Booking.com, Airalo, Skyscanner)

If you click our affiliate links, those services may receive anonymous referral data (no personal info from us). Their privacy policies apply on their sites.

Legal Disclosure Exception

We may disclose data if required by law (court orders, legal investigations) or to protect our rights and safety.

Your Rights (GDPR)

Under GDPR and EU data protection law, you have the following rights:

Right to Access

Request a copy of all data we hold about you

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure ("Right to be Forgotten")

Request deletion of your account and all associated data

Right to Restrict Processing

Limit how we use your data while disputing accuracy or legality

Right to Data Portability

Receive your data in a machine-readable format to transfer elsewhere

Right to Object

Object to processing based on legitimate interests (e.g., analytics)

Right to Withdraw Consent

Opt out of newsletter, analytics, or other consent-based processing

How to Exercise Your Rights

Email privacy@festivalatlas.com with your request. We'll respond within 30 days as required by GDPR.

If unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (Germany: BfDI).

How Long We Keep Your Data

Active Accounts

As long as your account is active or your subscription is valid

Deleted Accounts

30 days after deletion (for recovery), then permanently deleted. Payment records kept 7 years (tax law requirement).

Analytics Data

Aggregated usage data kept indefinitely (anonymized, cannot be linked back to you)

How We Protect Your Data

  • Encryption: All data transmitted over HTTPS (TLS 1.3)
  • Password Security: Passwords hashed using industry-standard bcrypt
  • Database Security: Encrypted at rest, access-controlled
  • Payment Security: Stripe PCI DSS Level 1 compliance (we never see card numbers)
  • Access Controls: Minimal team access, two-factor authentication enforced
  • Regular Audits: Security reviews and dependency updates

No system is 100% secure. If we experience a data breach, we'll notify affected users within 72 hours as required by GDPR.

Children's Privacy

FestivalAtlas is not intended for users under 16. We do not knowingly collect data from children. If you're a parent and believe your child provided us with data, contact us and we'll delete it immediately.

Changes to This Policy

We may update this policy as FestivalAtlas evolves. We'll notify you of significant changes via:

  • • Email (if you have an account)
  • • Banner on our website
  • • Update date at the top of this page

Continued use of FestivalAtlas after changes means you accept the updated policy.

Questions About Privacy?

We're committed to transparency. If you have questions about how we handle your data:

✉️ privacy@festivalatlas.com💬 Contact Form