Last updated: May 2026
Eventloot is a convention schedule publishing platform for independent artists and vendors. When we say "we," "us," or "Eventloot," we mean the operators of this service. This Privacy Policy explains what personal information we collect, how we use it, and what rights you have over it. If you have questions, contact us at hello@eventloot.com.
When you create an account, we collect your email address and password (stored as a secure hash — we never see your plaintext password). During onboarding and in your account settings, you may provide a brand name, contact email, website URL, and logo image. When you add convention events, we store the details you enter: event name, location, dates, booth number, status, description, and any cover images you upload. You can update or delete this information at any time from your dashboard.
If you sign up or log in using Google OAuth, we receive your name and email address from Google as part of the authentication flow. We use this only to create and identify your account — we do not access your Google contacts, calendar, or any other Google data. We do not receive or store payment card information; any future billing will be processed directly by Stripe, whose privacy policy governs that data.
When you use Eventloot, our servers automatically record standard log data including your IP address, browser type, operating system, referring URL, pages viewed, and timestamps. We may use privacy-respecting analytics tools to understand aggregate usage patterns — how features are used, which pages are visited most — to help us improve the product. This data is not used to build advertising profiles or sold to third parties.
We use cookies and browser storage to keep you logged in between sessions and to remember your preferences. These are strictly necessary for the service to function — we do not use advertising cookies or third-party tracking pixels. You can clear cookies in your browser settings at any time, but doing so will log you out of your account. We do not use cross-site tracking.
We use the information we collect to: create and manage your account; display your public convention schedule to fans; respond to your support requests; send transactional emails such as account confirmations and password resets; detect and prevent abuse or fraudulent activity; and improve and develop Eventloot. We will not use your information for advertising, sell it to data brokers, or share it with third parties for their own marketing purposes.
Your profile page at eventloot.com/[your-handle] is public and accessible to anyone with the link — no login required. It displays your brand name, logo, website, and the convention events you have marked as active. This is the core purpose of the product. If you want information removed from your public profile, edit or delete it from your dashboard, or delete your account entirely. Deleted content may remain in our backups for up to 30 days before being purged.
We rely on a small number of trusted third-party providers to operate the service. Supabase provides our database, user authentication infrastructure, and file storage — your account data and uploaded images are stored on Supabase-managed servers. Google provides OAuth authentication if you choose to sign in with Google. These providers act as data processors on our behalf and are contractually required to handle your data securely and only for the purposes we specify. They may store and process data in the United States or other countries.
We retain your personal information for as long as your account is active. If you delete your account, we will remove your profile, events, and uploaded images within 30 days. Server log data is retained for up to 90 days for security and debugging purposes. We may retain certain records for longer periods if required by applicable law (for example, financial records). You can request deletion of your data at any time by emailing hello@eventloot.com.
Depending on where you live, you may have specific rights over your personal data. Regardless of location, you can: access the personal information we hold about you; correct inaccurate information from your account settings; delete your account and associated data; and export your event data from your dashboard. If you are in the European Union or United Kingdom, you have additional rights under GDPR, including the right to object to processing, request data portability, and lodge a complaint with your local data protection authority. If you are a California resident, you have rights under CCPA including the right to know what data we collect and the right to opt out of the sale of your data (we do not sell data). To exercise any of these rights, email us at hello@eventloot.com and we will respond within 30 days.
We take reasonable technical and organizational measures to protect your personal information against unauthorized access, loss, or disclosure. All data is transmitted over encrypted HTTPS connections. Passwords are hashed using industry-standard algorithms. Access to production data is restricted to authorized personnel only. No system is perfectly secure — if you discover a security vulnerability in Eventloot, please report it to hello@eventloot.com rather than exploiting it. If a data breach occurs that affects your personal information, we will notify you as required by applicable law.
Eventloot is not directed at children under the age of 13, and we do not knowingly collect personal information from anyone under 13. If we learn that we have inadvertently collected information from a child under 13, we will delete it promptly. If you believe we have collected such information, please contact us at hello@eventloot.com.
Eventloot is operated from the United States. If you access the service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using Eventloot, you consent to this transfer. Where required by law (for example, for users in the EU), we ensure appropriate safeguards are in place for international transfers.
We may update this Privacy Policy from time to time as the product evolves or as legal requirements change. When we make material changes, we will notify you by email or by posting a prominent notice in your dashboard at least 14 days before the change takes effect. The date at the top of this page reflects when the policy was last revised. Continued use of Eventloot after the effective date of any changes means you accept the updated policy.