Privacy policy

Last updated:

Feb 2, 2026

1. Introduction

Eventwise Ltd ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our event financial management platform.

Company Details:

  • Company Name: Eventwise Ltd

  • Company Number: [12307894]

  • Registered Address: Formal House, 60 St Georges Place, Cheltenham, GL50 3PN, United Kingdom

  • Contact Email: chris@eventwise.com

This policy applies to all users of the Eventwise platform, including trial users, paying customers, and visitors to our website.

2. Legal Basis for Processing

We process your personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR)

  • EU General Data Protection Regulation (EU GDPR)

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR)

Our legal bases for processing include:

  • Contractual necessity: To provide our services to you

  • Legitimate interests: To improve our services and communicate with customers

  • Legal obligation: To comply with accounting, tax, and regulatory requirements

  • Consent: Where you have explicitly agreed (e.g., marketing communications)

3. Information We Collect

3.1 Account Information

When you register for Eventwise, we collect:

  • Full name

  • Email address

  • Company/organisation name

  • Job title

  • Phone number

  • Billing address

  • Password (encrypted)

3.2 Financial and Event Data

Through your use of our platform, we process:

  • Event budgets and financial forecasts

  • Revenue and expense entries

  • Invoice data (amounts, dates, payment terms)

  • Purchase orders and supplier information

  • Ticketing data (when integrated with ticketing platforms)

  • Bank account details (for payment processing)

  • Accounting data synchronised from connected platforms

3.3 Technical Information

We automatically collect:

  • IP address

  • Browser type and version

  • Device type and operating system

  • Pages visited and time spent on platform

  • Referring website/source

  • Cookies and similar tracking technologies (see Section 9)

3.4 Communications

We store:

  • Support tickets and customer service inquiries

  • Email correspondence

  • Chat messages within the platform

  • Feedback and survey responses

3.5 Integration Data

When you connect third-party services, we access:

  • Data from accounting software (Xero, QuickBooks, etc.)

  • Ticketing platform data (Skiddle, Eventbrite, etc.)

  • Payment processor information

  • Calendar and scheduling data

4. How We Use Your Information

We use your personal data to:

4.1 Provide and Improve Services

  • Operate and maintain the Eventwise platform

  • Process transactions and manage billing

  • Provide customer support

  • Send service-related notifications (account updates, system alerts)

  • Analyse usage patterns to improve features

  • Develop new functionality

4.2 Security and Fraud Prevention

  • Authenticate users and prevent unauthorised access

  • Detect and prevent fraudulent activity

  • Monitor platform security and integrity

4.3 Legal and Compliance

  • Comply with legal obligations (tax, accounting regulations)

  • Enforce our Terms of Service

  • Respond to legal requests and prevent harm

4.4 Marketing (With Your Consent)

  • Send newsletters and product updates

  • Share industry insights and best practices

  • Promote new features and services

  • Conduct customer satisfaction surveys

You can opt out of marketing communications at any time using the unsubscribe link in emails or by contacting us.

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

5.1 Service Providers

We work with trusted third-party providers who process data on our behalf:

Infrastructure and Hosting:

  • Cloud hosting providers (AWS, Google Cloud)

  • Content delivery networks (CDNs)

Payment Processing:

  • Stripe (payment processing)

  • GoCardless (direct debit payments)

Communication Services:

  • Email delivery services (SendGrid, Mailgun)

  • Customer support platforms (Intercom, Zendesk)

Analytics and Monitoring:

  • Google Analytics (website usage)

  • Mixpanel (product analytics)

  • Sentry (error tracking)

All service providers are carefully selected, contractually bound to protect your data, and required to comply with GDPR standards.

5.2 Integration Partners

When you connect third-party services, we share necessary data with:

  • Accounting software (Xero, QuickBooks, Sage)

  • Ticketing platforms (Skiddle, Eventbrite, Dice)

  • Payment gateways

  • CRM systems

You control these integrations and can disconnect them at any time.

5.3 Legal Requirements

We may disclose data when required by law:

  • Court orders or legal processes

  • Government or regulatory requests

  • Protection of our rights and safety

  • Prevention of fraud or illegal activity

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change and your rights regarding your data.

6. International Data Transfers

6.1 Data Storage Location

Your data is primarily stored on servers located in:

  • Primary: European Economic Area (EEA)

  • Backup: United Kingdom

6.2 Transfers Outside UK/EEA

Some service providers may process data outside the UK and EEA. When this occurs, we ensure adequate protection through:

Transfer Mechanisms:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms

  • UK International Data Transfer Agreement (IDTA): UK-approved transfer mechanism

  • Adequacy Decisions: Transfers to countries with adequate data protection (e.g., Switzerland)

  • UK Extension to EU-US Data Privacy Framework: For US-based processors

Safeguards: All international transfers include:

  • Contractual obligations to maintain GDPR-level protection

  • Technical and organizational security measures

  • Regular compliance audits

  • Data processing agreements

You can request details of specific safeguards for any transfer by contacting chris@eventwise.com.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

7.1 Active Accounts

  • Account data: Retained while your account is active

  • Event and financial data: Retained while your account is active plus 6 years (UK tax/accounting requirements)

  • Communications: Retained for 3 years from last interaction

7.2 Closed Accounts

After account closure:

  • Financial records: 6 years (legal and accounting obligations)

  • Account information: 30 days (to allow for reactivation requests)

  • Marketing data: Deleted immediately unless consent to retain

7.3 Backup Data

Data in backups is automatically deleted according to our retention schedule (typically 90 days for system backups).

7.4 Legal Holds

Data may be retained beyond standard periods when required for:

  • Ongoing legal proceedings

  • Regulatory investigations

  • Unresolved disputes

You can request deletion of your data at any time, subject to legal retention requirements.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right to Access

Request a copy of the personal data we hold about you, including:

  • What data we process

  • Why we process it

  • Who we share it with

  • How long we retain it

Response time: Within 30 days

8.2 Right to Rectification

Request correction of inaccurate or incomplete data.

How to exercise: Update via your account settings or contact support

8.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data when:

  • No longer necessary for original purpose

  • You withdraw consent (where consent was the basis)

  • You object to processing and no overriding grounds exist

  • Data was unlawfully processed

Exceptions: We may retain data where required by law or for legal claims.

8.4 Right to Restrict Processing

Request limitation of how we use your data while:

  • Verifying data accuracy

  • Determining legitimate grounds for processing

  • You need the data for legal claims

8.5 Right to Data Portability

Receive your data in a structured, commonly used format (CSV, JSON) to transfer to another service.

What's included: Data you provided to us, excluding derived or inferred data.

8.6 Right to Object

Object to processing based on legitimate interests, including:

  • Direct marketing (absolute right)

  • Profiling for marketing

  • Processing for research purposes

8.7 Right to Withdraw Consent

Withdraw consent for processing at any time (doesn't affect lawfulness of processing before withdrawal).

8.8 Right to Lodge a Complaint

File a complaint with your supervisory authority:

UK Users: Information Commissioner's Office (ICO)

  • Website: ico.org.uk

  • Phone: 0303 123 1113

EU Users: Your national data protection authority (find at edpb.europa.eu)

How to Exercise Your Rights

Contact us at:

  • Email: chris@eventwise.com

  • Post: Eventwise Ltd, Formal House, 60 St Georges Place, Cheltenham, GL50 3PN

We will respond within 30 days and may request identity verification.

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services.

9.2 Types of Cookies We Use

Essential Cookies (Always Active)

  • Authentication and account access

  • Security and fraud prevention

  • Load balancing and performance

  • Session management

Performance Cookies (Can Be Disabled)

  • Analytics and usage statistics

  • Error tracking and diagnostics

  • Feature usage monitoring

Functional Cookies (Can Be Disabled)

  • Remember your preferences

  • Language and region settings

  • Dashboard customisations

Marketing Cookies (Requires Consent)

  • Advertising campaign tracking

  • Social media integration

  • Retargeting and personalisation

9.3 Managing Cookies

You can control cookies through:

  • Browser settings: Block or delete cookies in your browser preferences

  • Cookie banner: Adjust preferences via our cookie consent tool

  • Opt-out tools: Use browser extensions or privacy tools

Note: Disabling essential cookies may impair platform functionality.

9.4 Third-Party Cookies

We use services that may set their own cookies:

  • Google Analytics (analytics)

  • LinkedIn Insight Tag (marketing)

  • Facebook Pixel (marketing)

  • Intercom (support chat)

Refer to third-party privacy policies for how they use cookies.

10. Data Security

10.1 Technical Measures

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest

  • Access controls: Role-based permissions and multi-factor authentication

  • Network security: Firewalls, intrusion detection, DDoS protection

  • Regular testing: Penetration testing and security audits

  • Monitoring: 24/7 system monitoring and threat detection

10.2 Organisational Measures

  • Staff training: Regular data protection and security training

  • Access limitation: Strict need-to-know data access policies

  • Background checks: Vetting of employees with data access

  • Incident response: Documented breach notification procedures

  • Vendor management: Due diligence on all third-party processors

10.3 Data Breach Notification

In the event of a data breach affecting your personal data:

  • Supervisory authority: Notified within 72 hours

  • You: Notified without undue delay if high risk to your rights

  • Information provided: Nature of breach, likely consequences, mitigation measures

11. Children's Privacy

Eventwise is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

If you believe we have collected data from a child, please contact chris@eventwise.com immediately.

12. Links to Third-Party Sites

Our platform may contain links to external websites (e.g., integration partners, resources). We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies before providing personal data.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices

  • Legal or regulatory requirements

  • New features or services

Notification of Changes:

  • Material changes: Email notification and prominent notice in platform

  • Minor changes: Updated policy posted with new "Last Updated" date

  • Your options: Continued use constitutes acceptance; you may close your account if you disagree

Policy History: Previous versions available upon request.

14. Contact Information

For privacy-related questions, concerns, or requests:

Data Protection Officer:

  • Email: chris@eventwise.com

  • Post: Eventwise Ltd, Formal House, 60 St Georges Place, Cheltenham, GL50 3PN, United Kingdom

General Inquiries:

Response Time: We aim to respond to all privacy inquiries within 5 business days, with full resolution within 30 days as required by GDPR.

15. Specific Provisions for Different User Types

15.1 Trial Users

During your trial period:

  • We collect minimal personal data (name, email, company)

  • Financial data you enter is stored securely

  • You can delete your account and data at any time

  • Trial data is automatically deleted after 90 days of inactivity

15.2 Paying Customers

For active subscriptions:

  • We process payment information

  • We retain financial records per legal requirements

  • Account data is retained while subscription is active

  • You can export all data before cancellation

15.3 Team Members/Sub-users

If you're added to an account by your organisation:

  • Your employer/organisation controls your account

  • We process your data on behalf of the account owner

  • Contact your organisation's administrator for data requests

  • Your rights under GDPR still apply

15.4 Event Attendees (If Applicable)

If we process data about event attendees through ticketing integrations:

  • We act as a data processor for the event organiser

  • The event organiser is the data controller

  • Contact the event organiser for data requests

  • This policy explains how we handle that data technically

16. Legal Framework Summary

This policy complies with:

UK Regulations:

  • UK GDPR (retained EU law post-Brexit)

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations 2003

EU Regulations:

  • EU GDPR (Regulation 2016/679)

  • ePrivacy Directive (2002/58/EC)

International Frameworks:

  • Standard Contractual Clauses (EU Commission)

  • UK International Data Transfer Agreement

  • ISO 27001 (Information Security Management)

Industry Standards:

  • PCI DSS (Payment Card Industry Data Security Standard)

  • SOC 2 Type II compliance (in progress)

17. Glossary of Terms

Data Controller: The entity that determines purposes and means of processing personal data (typically you, the account owner, for your event data).

Data Processor: The entity that processes data on behalf of the controller (Eventwise for technical processing).

Personal Data: Any information relating to an identifiable individual.

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).

Special Category Data: Sensitive data (racial origin, health, religion, etc.) - we do not intentionally collect this.

Supervisory Authority: Government body overseeing data protection (ICO in UK, national authorities in EU).

By using Eventwise, you acknowledge that you have read and understood this Privacy Policy.