Data Collection

We collect only the data necessary to provide our event management services effectively and securely. All data collection follows privacy-by-design principles and complies with GDPR, CCPA, and other applicable privacy regulations.

We never sell your personal data to third parties.

Account creation

Collected data:

• Email address (required).
• Name (first and last).
• Phone number (optional but recommended).
• Password hash (never stored in plain text).

Purpose:

• User authentication and account security.
• Event notifications and communications.
• Customer support and assistance.
• Legal compliance and verification.

RSVP and event participation

Collected data:

• Event-specific custom field responses.
• Attendance confirmation and check-ins.
• Notes and special requests for hosts.
• Number of attendees in your party.
• SMS consent status, timestamp, IP address, and opt-in method.

Purpose:

• Process RSVP requests and approvals.
• Generate digital tickets and QR codes.
• Manage event capacity and logistics.
• Send event updates and reminders from the event host you RSVP'd to.
• Provide personalized event experiences.
• Document express consent for compliance requirements.

How we handle phone numbers:

• Storage: Phone numbers are stored for account, RSVP, and SMS delivery features.
• Display: Host-facing views use obfuscated phone numbers where full numbers are not required.
• Access: Authorized systems use phone numbers for message delivery and event operations.
• Deletion: Phone numbers are permanently deleted when consent is withdrawn, while minimal consent logs are retained for compliance.

SMS consent tracking:

• Explicit opt-in captured through an unchecked consent checkbox on RSVP forms.
• Timestamp when consent was given or withdrawn.
• IP address for legal compliance and fraud prevention.
• Method of consent (RSVP form, direct opt-in, etc.).
• Associated event host for each consent.
• Opt-out history and reasons for legal compliance.

SMS messages are sent by Coucou on behalf of the event host you RSVP'd to using Coucou as a messaging platform service provider, and delivered through Twilio SMS infrastructure.

Service reliability data:

• Request metadata needed to deliver web pages and secure access.
• Application errors and failure states surfaced during normal use.
• Browser type and device characteristics relevant to compatibility.
• Performance timing signals needed to diagnose reliability issues.
• Security-related activity reviewed to prevent abuse.

Privacy protections:

• No third-party product analytics service is currently enabled.
• No advertising profiles or cross-site tracking cookies are used.
• Operational data is used only for reliability, security, and support.
• Retention is limited to what is needed for incident response and maintenance.

• Financial information: Credit card numbers, bank account details.
• Biometric data: Fingerprints, facial recognition, voice prints.
• Social media content: Posts or activity from other platforms.
• Browsing history: Your activity on other websites.
• Private communications: Content of messages or calls outside our platform.
• Sensitive personal data: Political views, religious beliefs, health information (unless voluntarily provided for accessibility).

• Account data: Retained while your account is active. Deleted within 30 days of account closure unless legal obligations require longer retention.
• Event and RSVP data: Maintained for historical records and host analytics. Personal identifiers anonymized after 2 years unless consent is maintained.
• SMS consent and phone data: Deleted immediately upon consent withdrawal. Opt-out records maintained indefinitely for compliance.
• Operational diagnostics: Retained only as long as needed to investigate incidents, prevent abuse, and maintain reliability.

You can:

• Access all personal data we have about you.
• Correct or update inaccurate information.
• Delete your account and associated data.
• Export your data in a portable format.
• Withdraw SMS consent at any time (text STOP).
• Clear browser cookies and local storage from your device.
• Limit data processing for specific purposes.
• File complaints with data protection authorities.

Service providers we share data with:

• Clerk: User authentication and account management.
• Twilio: SMS message delivery on behalf of the hosting business.
• Convex: Secure database hosting and real-time features.

We never share data for:

• Marketing by third parties.
• Data broker sales or purchases.
• Advertising networks or ad targeting.
• Social media integration beyond authentication.
• Any commercial purposes unrelated to our service.

Your data may be processed in countries other than your residence. We ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions where applicable.

To exercise your data rights or ask questions about data collection, visit coucou.events or read our Privacy Policy.