Privacy Policy

Last Updated: October 26, 2025

PopUpAt takes your privacy seriously. This policy explains what data we collect, how we use it, and what we don't do with it.

1. What Data We Collect

Account Information:

• Email address (required for account creation)
• Password (hashed and encrypted—we never see your actual password)
• Profile information (business name, description, location, availability, etc.)
• Photos you upload for your profile

Contact Information You Choose to Share:

• If you include your phone number or email in your public profile, other users can see it
• This is 100% voluntary—you control what you share
• We're not responsible for what other users do with publicly shared contact info

Payment Information:

• Handled entirely by Stripe (our payment processor)
• We never see or store your credit card details
• Stripe may share basic info with us (like whether payment succeeded)

Usage Data:

• Basic stuff like when you log in, what pages you visit, errors you encounter
• Helps us fix bugs and improve the platform

2. How We Use Your Data

We use your information to:

• Show your profile to other users (that's the whole point)
• Let you browse and connect with venues/vendors
• Process your subscription payments
• Send you important emails (account confirmations, beta updates, billing notifications)
• Fix bugs and improve the platform
• Occasionally suggest potential collaborations as a fellow PopUpAt user

That's it. We're not doing anything shady.

3. What We DON'T Do

We do NOT:

• Sell your data to anyone
• Share your data with advertisers
• Track you across other websites
• Spam you with marketing emails (unless you opted in)
• Use your data for anything beyond running PopUpAt

4. Cookies & Analytics

Essential Authentication Cookies: We use a cookie called popupat_token to keep you logged in. This is an essential cookie required for the platform to function—without it, you'd have to log in on every page. This cookie is secure (HTTPS only), httpOnly (can't be accessed by JavaScript), and expires after 7 days.

Analytics: We use Google Analytics to understand how visitors use our site. This collects anonymous data like pages visited and traffic sources. No personally identifiable information is shared with Google.

We keep it simple. No tracking pixels, no ad networks, no nonsense.

5. Data Security

We take reasonable steps to protect your data:

• Passwords are hashed using bcrypt (industry standard)
• All connections use HTTPS (encrypted)
• Authentication cookies are httpOnly and secure (can't be stolen by malicious scripts)
• Payment info is handled by Stripe (PCI-compliant)
• We use secure hosting and follow best practices

That said, we're not a bank. We do our best, but no system is 100% secure. Use strong passwords and don't share your login credentials.

6. Third-Party Services

Stripe: Handles all payment processing. They have their own privacy policy at stripe.com/privacy.

Email Services: We may use services like SendGrid or Mailchimp to send emails. They have access to your email address but are bound by their own privacy policies.

We don't share your data with anyone else.

7. Your Rights

Access Your Data: Email us at Gwen@PopUpAt.com and we'll send you everything we have on you.

Update Your Data: You can edit your profile anytime from your account settings.

Delete Your Data: You can delete your account from your settings. We'll soft-delete your data (hide it but keep it for legal/operational reasons). If you want it fully gone, email us and we'll take care of it.

Export Your Data: Need a copy of your data? Email us and we'll send it to you.

8. Data Retention

When you delete your account, we soft-delete your data—it's hidden from the platform but kept in our database for legal compliance and operational reasons.

If you want your data fully removed, email us at Gwen@PopUpAt.com and we'll delete it permanently (within a reasonable timeframe).

We may keep some data longer if required by law or to resolve disputes.

9. Publicly Shared Information

Anything you put in your public profile (business name, description, photos, contact info) is visible to other PopUpAt users. That's how the platform works.

If you include your email or phone number in your profile description, other users can see it and contact you directly. We're not responsible for what they do with that information.

Share wisely. Only include contact info you're comfortable making public.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last Updated" date at the top of this page.

For minor changes, we'll just update the page. For major changes (like adding new data collection practices), we'll send you an email.

Continued use of PopUpAt after changes means you accept the updated policy.

11. Contact Us

Questions about privacy? Concerns about your data? Want to request deletion or export?

Email us at Gwen@PopUpAt.com and we'll get back to you as quickly as we can.

We're doing our best to handle your data responsibly. If you have concerns, let us know.