Data Collection
Transparency about what data we collect, why we collect it, and how you can control your information.
Last updated: November 2, 2025
1. Data Collection Overview
We collect only the data necessary to provide our event management services effectively and securely. All data collection follows privacy-by-design principles and complies with GDPR, CCPA, and other applicable privacy regulations.
We never sell your personal data to third parties.
2. Required Data for Core Services
Account Creation
Collected Data:
- Email address (required)
- Name (first and last)
- Phone number (optional but recommended)
- Password hash (never stored in plain text)
Purpose:
- User authentication and account security
- Event notifications and communications
- Customer support and assistance
- Legal compliance and verification
RSVP and Event Participation
Collected Data:
- Event-specific custom field responses
- Attendance confirmation and check-ins
- Notes and special requests for hosts
- Number of attendees in your party
- SMS consent status and timestamp
- SMS consent IP address and opt-in method
Purpose:
- Process RSVP requests and approvals
- Generate digital tickets and QR codes
- Manage event capacity and logistics
- Send event updates and reminders from the event host you RSVP'd to
- Provide personalized event experiences
- Document express consent for compliance requirements
3. SMS and Communication Data
Text Message Communications
How We Handle Phone Numbers:
- Encryption: All phone numbers are encrypted using AES-256 encryption
- Storage: Only encrypted phone numbers and obfuscated versions (***-***-1234) are stored
- Access: Only authorized systems (the event host and Dojo Pomodoro messaging platform services) can decrypt phone numbers for message delivery
- Deletion: Phone numbers are permanently deleted when consent is withdrawn, while minimal consent logs (timestamp and IP address) are retained for compliance
SMS Consent Tracking:
- Explicit opt-in captured through an unchecked consent checkbox on RSVP forms
- Timestamp when consent was given or withdrawn
- IP address for legal compliance and fraud prevention
- Method of consent (RSVP form, direct opt-in, etc.)
- Associated event host (e.g., Neon District Events) for each consent
- Opt-out history and reasons for legal compliance
SMS messages are sent by Jeans on behalf of the event host you RSVP'd to (for example, Party Nights Presents or Max, Orson, Danya) using Dojo Pomodoro as a messaging platform service provider, and are delivered through Twilio SMS infrastructure.
4. Analytics and Usage Data
PostHog Analytics
Collected Data:
- Page views and navigation patterns
- Feature usage and interactions
- Error reports and performance metrics
- Device type and browser information
- Geographic location (country/region level only)
Privacy Protections:
- IP addresses are automatically anonymized
- No personally identifiable information in analytics
- Data is aggregated and anonymized for reporting
- 12-month automatic data retention limit
5. Technical and Security Data
Security Monitoring
- Login attempts and authentication events
- Suspicious activity detection
- API usage patterns and rate limiting
- Security incident logs
System Performance
- Load times and response rates
- Error rates and crash reports
- Database query performance
- Infrastructure usage and scaling data
6. Data We Do NOT Collect
We Explicitly Do Not Collect:
- Financial Information: Credit card numbers, bank account details
- Biometric Data: Fingerprints, facial recognition, voice prints
- Social Media Content: Posts, messages, or activity from other platforms
- Browsing History: Your activity on other websites
- Private Communications: Content of your messages or calls outside our platform
- Sensitive Personal Data: Political views, religious beliefs, health information (unless voluntarily provided for event accessibility)
7. Data Retention Periods
Account Data
Retained while your account is active. Deleted within 30 days of account closure unless legal obligations require longer retention.
Event and RSVP Data
Maintained for historical records and host analytics. Personal identifiers are anonymized after 2 years unless consent is maintained.
SMS Consent and Phone Data
Deleted immediately upon consent withdrawal. Opt-out records maintained indefinitely for compliance purposes.
Analytics Data
Automatically deleted after 12 months. Aggregated, anonymized insights may be retained longer for business intelligence.
8. Your Data Control Options
You Can:
- Access all personal data we have about you
- Correct or update inaccurate information
- Delete your account and associated data
- Export your data in a portable format
- Withdraw SMS consent at any time (text STOP)
- Opt out of analytics tracking
- Limit data processing for specific purposes
- File complaints with data protection authorities
9. Data Sharing and Third Parties
Service Providers
We only share data with trusted service providers who help us deliver our services:
- Clerk: User authentication and account management
- Twilio: SMS message delivery on behalf of the hosting business (encrypted phone numbers only)
- Convex: Secure database hosting and real-time features
- PostHog: Privacy-focused analytics (anonymized data only)
We Never Share Data For:
- Marketing by third parties
- Data broker sales or purchases
- Advertising networks or ad targeting
- Social media integration beyond authentication
- Any commercial purposes unrelated to our service
10. International Data Transfers
Your data may be processed in countries other than your residence. We ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions where applicable.
11. Contact Us About Your Data
To exercise your data rights or ask questions about data collection:
- Data Requests: Contact us through our platform for access, correction, or deletion requests
- SMS Opt-out: Text STOP to any message we send
- General Questions: Visit dojopomodoro.club
- Privacy Policy: Full Privacy Policy