1. Introduction

1.1 Purpose and Scope

• This Privacy Policy governs the collection, use, disclosure, and protection of personal data on the LuminEvent Platform, ensuring compliance with the NDPR, GDPR, and PCI DSS.
• It applies to all authenticated users (attendees and organizers) accessing the web application at https://luminevent.com.
• The policy details how data is handled to support ticket purchases, event management, and account settings, ensuring transparency and user trust.

1.2 Commitment to Privacy

• LuminEvent is committed to safeguarding user privacy through encryption, access controls, and legal compliance.
• We collect only necessary data, use it transparently, and protect it from unauthorized access.

2. Data Collection

2.1 Personal Data Collected

• Attendees: Name, email, phone (optional), profile picture (optional), payment details (via Paystack), ticket history, preferences, and order info.
• Organizers: Name or organization name, email, phone, bank details, event info, and payout history.
• Automatically Collected: IP, browser, device info, OS, usage data, interaction logs (via Google Analytics).
• Linked Accounts: For optional Google login: provider ID and email address.

2.2 Purpose of Collection

• (a) Authenticate users and secure accounts (e.g., 2FA)
• (b) Process ticket purchases and payouts
• (c) Send notifications (e.g., refunds, reminders)
• (d) Provide personalized event recommendations
• (e) Enable event management tools
• (f) Improve platform performance via analytics
• (g) Fulfill legal obligations

3. Data Use

3.1 Primary Uses

• (a) Process ticket purchases and generate QR codes
• (b) Facilitate payouts to organizers
• (c) Send transactional notifications
• (d) Secure sensitive actions via 2FA
• (e) Populate user dashboards
• (f) Provide customer support

3.2 Analytics

• Google Analytics is used to analyze anonymized usage data to optimize performance (e.g., page load time, event popularity).
• No personally identifiable data is used for analytics.

3.3 Marketing

• With explicit user consent, LuminEvent may send promotional emails (e.g., event updates, discounts).
• Users can opt out anytime via Account Settings or email links.

4. Data Sharing

4.1 With Organizers

• Attendee data (e.g., name, email, ticket details) is shared with organizers to facilitate check-in and refunds.

4.2 With Service Providers

• (a) Paystack – Payment/payout processing (PCI DSS compliant)
• (b) AWS SES – Email delivery
• (c) Google – Login authentication
• (d) Google Analytics – Anonymized usage tracking
• All providers are bound by data protection agreements.

4.3 Legal Compliance

• Data may be disclosed to comply with Nigerian laws, court orders, or regulatory audits.
• Disclosures are limited and users are notified where allowed.

4.4 No Sale of Data

• LuminEvent does not sell, rent, or trade personal data.

5. Data Security

5.1 Data Retention

• Data is retained while the account is active or as required by law.
• Inactive accounts (2 years of no login) are deleted after 30-day notice.
• Order data is retained for 7 years per tax laws.

5.3 Breach Notification

• Users are notified of data breaches within 72 hours with details and mitigation steps.

6. User Rights

6.1 Data Protection Rights

• (a) Access personal data (e.g., ticket history)
• (b) Request corrections
• (c) Request account deletion
• (d) Restrict processing (e.g., pause marketing)
• (e) Data portability (e.g., export order data)
• (f) Withdraw consent for non-essential processing

6.2 Exercising Rights

• Submit requests to support@luminevent.com.
• LuminEvent will respond within 30 days and verify identity via 2FA.

7. Cookies and Tracking

7.1 Cookie Usage

• (a) Essential functions (e.g., session handling)
• (b) Analytics (e.g., tracking page views)
• (c) Personalization (e.g., saving event preferences)

7.2 Consent and Opt-Out

• Users are prompted to consent to cookies on first visit with options to customize.
• Consent can be withdrawn via settings or browser controls.

8. Third-Party Links

8.1 External Links

• The Platform may link to external sites (e.g., organizer websites or social media).
• LuminEvent is not responsible for third-party privacy practices or content.

9. Contact

9.1 General Inquiries

• For support, contact support@luminevent.com or (Phone number), available 9 AM – 5 PM WAT, Monday–Friday.

11. Updates

11.1 Policy Updates

• This policy may be updated to reflect legal or operational changes.
• Major updates will be communicated at least 7 days prior via email or banner.