* LEGAL / 002

PRIVACY POLICY

LAST UPDATED: APRIL 30, 2026

01

WHAT WE COLLECT

ARTISTS — name, email, artist name, slug, social links, Stripe Connect account ID.

EVENT DATA — titles, dates, venues, flyer images.

TRANSACTION DATA — ticket purchases, amounts, Stripe payment intent IDs.

FAN DATA — name and email of ticket buyers, linked to the purchasing artist.

We do not collect payment card numbers — these go directly to Stripe.

02

HOW WE USE IT

To operate the platform: create accounts, process payments, send ticket confirmations.

To send transactional emails: ticket QR codes, presale notifications, event reminders.

We do not use your data for advertising. OUTSYDE products are ad-free.

03

WHO WE SHARE IT WITH

STRIPE — payment processing and artist payouts. We share transaction data required for Stripe Connect to function.

RESEND — transactional email delivery. We share recipient email and ticket details required to send confirmation emails.

SUPABASE — our database infrastructure. Data is stored on Supabase servers.

We do not sell data to any third party. Ever.

04

FAN DATA AND ARTIST RESPONSIBILITY

Fan emails collected through ticket purchases belong to the artist who hosted the event. Artists access this data through their OUTSYDE dashboard.

Artists are responsible for using fan data in compliance with applicable laws (CAN-SPAM, GDPR, etc). OUTSYDE provides the tools — the artist is the data controller for their fans.

05

DATA RETENTION

ACTIVE — data retained while account is active.

DELETED — artist profile and event data deleted within 30 days.

Transaction records retained for 7 years for legal and tax compliance. Fan purchase records retained per artist request up to 3 years.

06

YOUR RIGHTS

You can request a copy of your data at any time.

You can request deletion of your account and associated data.

EU/UK residents have additional rights under GDPR — contact us at legal@outsyde.com.

California residents have rights under CCPA — contact us at legal@outsyde.com.

07

COOKIES

OUTSYDE uses only essential cookies required for authentication (Supabase session). No tracking cookies. No advertising pixels. No third-party analytics.

08

SECURITY

Data is encrypted in transit (TLS) and at rest (Supabase AES-256).

Access to production data is restricted to essential personnel.

We recommend artists use strong unique passwords and enable 2FA on their email accounts.

09

CONTACT

Privacy questions or data requests — legal@outsyde.com.