Privacy Policy
Last updated: 13 April 2026
1. Who We Are
PayEvents ("we", "us", "our") operates the website payevents.co.uk and provides a marketplace connecting venues with event contractors (DJs, bands, caterers, photographers, and other service providers) in the United Kingdom.
If you have questions about this policy, contact us at admin@payevents.co.uk.
2. What Data We Collect
We collect the following categories of personal data:
- Account information: name, email address, password (hashed), role (venue or contractor).
- Profile information: business name, location, phone number, bio, profile photo, portfolio images and videos, services offered, pricing, and availability dates.
- Payment information: Stripe processes your payment card details. We store only Stripe customer and subscription IDs — never your full card number.
- Communications: messages exchanged through the platform, availability requests, and support tickets.
- Usage data: IP address, browser type, pages visited, and actions taken on the platform (e.g. job postings, applications, reviews).
- Cookies: see our Cookie Policy.
3. How We Use Your Data
We process your personal data for the following purposes:
- To create and manage your account (legal basis: contract performance).
- To facilitate bookings between venues and contractors (contract performance).
- To process payments via Stripe Connect escrow (contract performance).
- To send transactional emails — booking confirmations, application updates, and invoice notifications (contract performance).
- To display contractor profiles publicly so venues can find and book them (legitimate interest).
- To improve our platform through analytics and usage patterns (legitimate interest).
- To comply with legal and regulatory obligations (legal obligation).
4. Data Sharing
We share your data only with:
- Stripe: for payment processing and Stripe Connect payouts.
- Other users: your profile information is visible to other platform users. Messages are shared between the sender and recipient.
- Service providers: hosting, email delivery (SendGrid/SMTP), and error tracking services that process data on our behalf under data processing agreements.
- Law enforcement: if required by law or to protect our legal rights.
We do not sell your personal data to third parties.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or accounting purposes (e.g. invoices are kept for 6 years per HMRC requirements).
6. Your Rights (UK GDPR)
Under UK data protection law, you have the right to:
- Access your personal data (Subject Access Request).
- Rectify inaccurate or incomplete data.
- Eraseyour data ("right to be forgotten").
- Restrict processing of your data.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interest.
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, email admin@payevents.co.uk. We will respond within 30 days.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Passwords hashed with bcrypt.
- Optional two-factor authentication (TOTP).
- HTTPS encryption in transit.
- JWT-based authentication with secure token management.
- Regular security reviews and dependency updates.
8. International Transfers
Your data is primarily stored on servers within the United Kingdom or European Economic Area. Where data is transferred outside the UK/EEA (e.g. Stripe's US infrastructure), appropriate safeguards such as Standard Contractual Clauses are in place.
9. Children
PayEvents is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on the platform. Your continued use of PayEvents after any changes constitutes acceptance of the updated policy.
11. Complaints
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.