Privacy

The data controller is BB Power s.r.o., company ID (IČO) 08326223, with registered office at Kaprova 42/14, Staré Město, 110 00 Prague 1, Czech Republic, registered in the Commercial Register kept by the Municipal Court in Prague, file no. C 316982.

Contact for data protection questions: hello@praguepromoter.com

At signup and during service use:

• Email — required, for login and transactional emails

• First and last name — required after profile completion, shown next to your activity

• Phone — optional, for promoters as a quick contact

• Password — stored as bcrypt hash (we never store the original)

• Avatar — if you upload your own profile photo

• Google profile picture — if you sign in with Google OAuth, Google provides it; you can override with a custom avatar

Automatically during use:

• IP address — short-term for rate limiting and anti-spam (logs rotate after 30 days)

• Audit log of actions (who edited what when) — for internal security and accountability

• Your favorite events and iCal preferences — if you set them

We don't share data with ad networks. We don't sell data.

• Account operation, authentication, authorization (legal basis: contract)

• Transactional emails — verification, password reset, claim notifications, lead-publish notifications (legal basis: contract or legitimate interest)

• Security and audit (legal basis: legitimate interest)

• Rate limiting and anti-spam (legal basis: legitimate interest)

• Anonymous analytics (legal basis: legitimate interest — no identifiers)

We only use technical cookies necessary for the service:

• Auth.js session cookie — to keep you signed in (legitimate interest)

• Locale preference cookie — for site language

We don't set any marketing or tracking cookies. That's why there's no cookie banner.

For anonymous analytics we use Plausible Analytics — cookieless, no fingerprinting, no PII. It measures only aggregated metrics (visitor count, top pages, country level).

We rely on these external providers, who may have access to some data:

• Railway (US / EU) — application hosting and database

• Cloudflare (US / EU) — DNS, CDN, R2 storage for images, image transformations, web analytics

• Resend (EU) — transactional email sending

• Anthropic (US) — Claude API for AI extraction from posters and translations (event data, not user PII)

• Plausible Analytics (EU) — aggregated analytics

• Sentry (US) — error reports (may include technical fields like URL, browser, IP)

• Google (US) — OAuth login (if you use it)

• Mapy.com (EU) — map tiles (we don't share your identity with them)

International transfers to the US are covered by Standard Contractual Clauses (SCC) under GDPR.

• Account and profile — until you request deletion. After deletion we anonymize identifying fields; audit logs remain without a link to you.

• Transactional emails at Resend — 90 days (Resend default retention)

• Sentry error logs — 30 days

• Plausible — aggregated metrics indefinitely, but no PII

• Cloudflare logs — 30 days

You have the following rights, exercised by email to hello@praguepromoter.com:

• Access — what we have about you

• Rectification of inaccurate data

• Erasure (right to be forgotten)

• Restriction of processing

• Portability (export your data in a machine-readable format)

• Objection to processing based on legitimate interest

We handle most requests within 30 days. You can also delete your account yourself in /account → Delete account.

If you believe we're violating your rights, you can file a complaint with the Czech Office for Personal Data Protection (uoou.cz).

Some events (especially sex parties) are intended for persons aged 18+ and are gated. Before viewing details you must confirm you're at least 18 years old.

We don't collect birth dates at signup, but expect the service to be used by adults. If we discover a minor's account, we'll delete it.

The service runs over HTTPS with modern TLS. Passwords are stored as bcrypt hashes. Sensitive operations (sign-in, email change) require confirmation. Storage is in EU regions where possible.

Despite our measures, no system is 100% secure. If you discover a security vulnerability, please contact us directly at hello@praguepromoter.com — we'll respond within 24 hours.

We may update this policy. We'll inform you about material changes (new processor, new processing purpose) via email or banner. The current version is always here; the date is shown above.

By continuing to use the service after a change, you accept the new version.