Legal

Privacy Policy

Last updated: June 2025

1. Who we are

Hearthfire ("we", "us", "our") operates the Hearthfire platform for event discovery, ticketing, and payments. This policy explains how we collect, use, and protect personal data when you use our website and mobile applications.

2. Data we collect

  • Account data — name, email address, profile picture, and authentication credentials when you create an account.
  • Transaction data — order details, payment method identifiers (processed by Stripe), and payout information for event organisers.
  • Usage data — pages visited, features used, device type, browser, IP address, and approximate location derived from IP.
  • Cookies & similar technologies — see our Cookie Policy for details.

3. How we use your data

  • To provide, maintain, and improve the platform.
  • To process ticket purchases and payouts.
  • To send transactional emails (order confirmations, receipts).
  • To detect fraud and enforce our terms of service.
  • To analyse usage trends (when you consent to analytics cookies).

4. Legal bases (GDPR)

We process personal data on the following legal bases: contract (to fulfil ticket purchases), legitimate interest (fraud prevention, platform security), and consent (analytics and marketing cookies).

5. Data sharing

We share data only as necessary: with Stripe for payment processing, with event organisers so they can fulfil your tickets, and with infrastructure providers that host our systems. We do not sell personal data.

6. Data retention

We retain account and transaction data for as long as your account is active, plus any period required by law (e.g. tax records). Usage data and logs are retained for up to 12 months.

7. Your rights

Depending on your jurisdiction you may have the right to access, correct, delete, or port your personal data. You can also withdraw consent for optional cookies at any time by clearing the th-consent cookie. To exercise your rights, contact us at privacy@hearthfire.community.

8. Security

We use encryption in transit (TLS), hashed credentials, and scoped access controls to protect your data. Stripe handles all payment-card data; we never store card numbers directly.

9. Contact

For privacy-related questions, reach us at privacy@hearthfire.community.