Last updated: 3 June 2026

Privacy Policy

Eventyca is operated by Vertel Solutions j.d.o.o., Opatija, Croatia. This policy explains how we collect, use, and protect personal data when you use Eventyca.

1. Who we are

Vertel Solutions j.d.o.o., Opatija, Croatia
Luka Vertel, Owner — info@eventyca.com — eventyca.com
We are registered in Croatia and subject to EU GDPR (Regulation 2016/679).

2. Data we collect about you

  • Account data — name, email address, password (hashed)
  • Organisation data — company name, VAT ID, address, phone, website
  • Usage data — pages visited, features used, actions taken within the app
  • Payment data — billing details processed by Stripe (we do not store card numbers)
  • Communications — support messages you send us

3. Audience data (your ticket buyers)

When you use Eventyca to manage your events, you may upload data about your ticket buyers and audience members. For this data:

  • You are the data controller. You decide why and how it is used.
  • We are the data processor. We store and process it only on your instructions.
  • A Data Processing Agreement (DPA) governs this relationship and is accepted when you create your account.

4. How we use your data

  • Provide and maintain the Eventyca service
  • Process payments via Stripe
  • Send transactional emails via Resend
  • Respond to support requests
  • Improve the platform based on usage patterns
  • Comply with legal obligations

We do not sell your data. We do not use your data for advertising.

5. Legal basis for processing

PurposeLegal basis
Providing the serviceContract (Art. 6(1)(b))
Billing and paymentsContract (Art. 6(1)(b))
Transactional emailsContract (Art. 6(1)(b))
Platform improvementLegitimate interests (Art. 6(1)(f))
Legal complianceLegal obligation (Art. 6(1)(c))

6. Data retention

Data typeRetention period
Account dataUntil account deletion + 30 days
Organisation and event dataUntil org deletion + 30 days
Audience member dataUntil deleted by the promoter, or 2 years after last event activity
Payment records7 years (legal requirement)
Support communications2 years

7. Sub-processors

Sub-processorPurposeLocation
SupabaseDatabase and authenticationEU (AWS Frankfurt)
VercelHosting and infrastructureEU region available
StripePayment processingEU
ResendTransactional email deliveryEU

8. Your rights

Under GDPR you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request we limit processing of your data

Email info@eventyca.com. We respond within 30 days.

9. Cookies

CookiePurposeType
Session cookieKeep you logged inStrictly necessary
AnalyticsAnonymous usage analyticsAnalytics (consent required)

10. Security

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest (Supabase AES-256)
  • Row-level security on all database tables
  • Hashed passwords
  • Regular security reviews

11. Changes to this policy

We will notify you by email at least 14 days before making material changes.

12. Contact

Vertel Solutions j.d.o.o., Opatija, Croatia
Luka Vertel, Owner
info@eventyca.com