Security & Privacy

Your data. EU servers.
No compromises.

Eventyca is built by a Croatian company, hosted on EU infrastructure, and designed to meet GDPR requirements from the ground up — not as an afterthought.

Infrastructure

EU infrastructure only

Eventyca runs on Supabase's EU (Frankfurt) region. Your data — events, contacts, financials, audience lists — is stored exclusively on European servers operated under EU data protection law. We do not use US-based services for any data storage.

GDPR compliance

Built for GDPR from day one

Most software treats GDPR compliance as a legal checkbox bolted on at the end. We built Eventyca in the EU, for EU businesses, with GDPR in mind from the first line of code. Every data flow, every consent mechanism, and every data retention policy was designed to comply.

After the Schrems II ruling, using US-hosted tools for EU audience data carries real legal risk. With Eventyca, your subscriber lists, contact data, and financial records never leave European servers.

Data residency

All data stored in Supabase EU region (Frankfurt). Never transferred outside the EU.

Right to erasure

Audience members can be deleted on request, complying with GDPR Article 17 right to erasure.

Consent tracking

Email opt-in status tracked per audience member. Unsubscribes processed automatically.

Data Processing Agreement

A full DPA is available for organisations that require one. Email us to request.

Security practices

How we protect your data

HTTPS everywhere

All traffic encrypted in transit with TLS. No unencrypted connections.

Row-level security

Every database row is protected by RLS policies. Organisation data is completely isolated — one tenant cannot access another's data.

Encrypted at rest

All data encrypted at rest using AES-256. Database backups are also encrypted.

Access controls

Role-based permissions (Admin / Member) control what each team member can view or edit.

Continuous backups

Automated daily backups with point-in-time recovery. Your data is never at risk of permanent loss.

What we store

Data we hold and why

Organisation data

Company name, address, billing info. Required to operate your account and issue invoices.

Event data

Shows, costs, revenues, artist bookings. This is the core of your Eventyca workspace.

Contacts

Professional contacts (agents, vendors, staff). Stored securely, visible only to your organisation.

Audience data

Ticket buyer emails and profiles imported from your ticketing platform. Used only for campaigns you initiate.

Questions about security?

Contact us at info@eventyca.com — we respond within one business day.

Contact us