Privacy Policy

1. Introduction

Welcome to Vybru. This Privacy Policy ("Policy") describes how Vybru LLC, a Wyoming limited liability company ("Vybru," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you access or use the Vybru platform, including our website, applications, APIs, and all related services (collectively, the "Platform").

Vybru is a multi-tenant event and venue management platform designed for promoters, event organizers, and venue operators. The Platform provides tools for event creation, ticketing, payment processing, crew management, inventory management, vendor management, venue management, and public event pages.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Policy. If you do not agree with this Policy, please do not use the Platform.

2. Information We Collect

We collect information in several ways depending on how you interact with the Platform. The types of information we collect include:

2.1 Account Information

When you create an account on Vybru, we collect information that you voluntarily provide, including:

• Full name and email address
• Password (authentication is managed securely via AWS Cognito; we do not store plaintext passwords)
• Organization name and organizational details
• Profile information, including avatar images
• Account type designation (e.g., standard, partner)

2.2 Event & Ticketing Data

When you create events, purchase tickets, or interact with event-related features, we collect:

• Event details, including event name, description, dates, times, location, venue information, and pricing
• Ticket purchase information, including buyer name, email address, ticket tier selections, and order quantities
• Attendee records, including unique QR code tokens generated for event check-in purposes
• Order history, payment status, and transaction records

2.3 Payment Information

Payment processing on the Platform is handled by Stripe, Inc. ("Stripe"), a PCI-compliant third-party payment processor.

• Vybru does not store credit card numbers, bank account numbers, or other sensitive financial instrument details on its servers. All such information is collected and processed directly by Stripe in accordance with Stripe's own privacy policy and PCI DSS requirements.
• For event organizers using Stripe Connect, Stripe manages connected account details, including bank account information and payout configurations.
• We maintain records of transaction history, payout records, refund records, and payment status for operational, accounting, and compliance purposes.

2.4 Content & Uploads

When you upload content to the Platform, we collect and store:

• Images, photographs, and other media files uploaded via our storage infrastructure (AWS S3)
• Event page content, including descriptions, frequently asked questions, lineup information, and event schedules
• Rich text content created using the Platform's built-in content editor

2.5 Communication Data

We collect information related to communications facilitated through the Platform, including:

• Email addresses used for ticket confirmations and transactional notifications (delivered via AWS Simple Email Service)
• Organization invitation emails sent to prospective team members
• Bulk email communications sent by organizers to event attendees
• In-app notification data and delivery records

2.6 Automatically Collected Information

When you access or use the Platform, we automatically collect certain technical information, including:

• Internet Protocol (IP) address
• Browser type and version
• Device type, operating system, and device identifiers
• Usage data, including pages visited, features used, and access timestamps
• Referring URLs and navigation paths
• Cookies and similar tracking technologies (see Section 11 below)

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Platform and its features
• To process ticket purchases, manage orders, and facilitate payment transactions
• To send transactional emails, including ticket confirmations, order receipts, organization invitations, and password reset communications
• To enable event management features, including crew scheduling, inventory tracking, vendor coordination, and venue management
• To process payouts to event organizers and partners via Stripe Connect
• To generate unique QR codes for ticket validation and event check-in
• To facilitate organization member management, role assignments, and team invitations
• To analyze usage patterns and improve, optimize, and enhance the Platform
• To detect, prevent, and address fraud, unauthorized access, and other security concerns
• To comply with applicable legal obligations, regulations, and lawful requests
• To enforce our Terms of Service and protect the rights, property, and safety of Vybru, our users, and the public

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

4.1 Payment Processors (Stripe)

We share necessary transaction and account information with Stripe for payment processing, payout disbursement, and connected account management. Stripe's collection and use of your information is governed by Stripe's own privacy policy, available at stripe.com/privacy.

4.2 AWS Services

We utilize Amazon Web Services ("AWS") infrastructure for core Platform operations, including AWS Cognito for user authentication, AWS Simple Email Service (SES) for email delivery, and AWS S3 for file storage. Data processed through these services is subject to AWS's privacy and security practices.

4.3 Event Organizers

When you purchase tickets to an event, certain information—including your name, email address, ticket details, and check-in status—is shared with the organizer(s) of that event to facilitate event management, attendee communication, and check-in operations.

4.4 Event Partners

Event partners with revenue-sharing arrangements may have access to relevant financial information, including revenue share data and related transaction details, as necessary for the partnership arrangement.

4.5 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or legal process; (b) protect and defend the rights or property of Vybru; (c) prevent or investigate possible wrongdoing in connection with the Platform; (d) protect the personal safety of users of the Platform or the public; or (e) protect against legal liability.

4.6 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any change in ownership or use of your personal information, as well as any choices you may have regarding your information.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

• Account data is retained for as long as your account remains active. Upon account deletion, we will remove or anonymize your personal data, subject to the exceptions below.
• Transaction and order data is retained for a minimum of seven (7) years to comply with legal, financial, tax, and regulatory obligations.
• User-generated content (e.g., event pages, images, uploads) will be deleted upon request, subject to reasonable backup retention periods and any applicable legal holds.
• Event data may be retained for historical record-keeping and analytics purposes in an aggregated or anonymized form.
• Payment information stored by Stripe is subject to Stripe's own data retention policies. Vybru does not control Stripe's retention of payment instrument data.

6. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using HTTPS/TLS protocols
• User authentication managed through AWS Cognito with secure password hashing and multi-factor authentication support
• Payment data handled exclusively by PCI DSS-compliant Stripe—credit card numbers and bank account details are never stored on Vybru servers
• Role-based access controls and granular permission systems within the Platform
• Regular security reviews and vulnerability assessments
• Secure cloud infrastructure provided by AWS with industry-standard physical and network security controls

Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

• Right of Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You may request that we correct any inaccurate or incomplete personal information.
• Right to Deletion: You may request the deletion of your account and associated personal data, subject to legal retention obligations.
• Right to Data Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to Opt Out: You may opt out of non-essential communications, including marketing emails and promotional notifications.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at info@vybru.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. GDPR — European Users

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR) and equivalent local legislation:

8.1 Data Controller

Vybru LLC is the data controller responsible for your personal data. Our contact information is provided in Section 15 of this Policy.

8.2 Legal Bases for Processing

We process your personal data on the following legal bases:

• Contract Performance: Processing necessary for the performance of a contract with you, such as creating your account, processing ticket purchases, and facilitating event management services.
• Legitimate Interests: Processing necessary for our legitimate interests, including improving the Platform, preventing fraud, and ensuring security, provided such interests are not overridden by your fundamental rights and freedoms.
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent, such as for certain marketing communications or optional analytics.
• Legal Obligations: Processing necessary to comply with a legal obligation to which Vybru is subject, such as tax reporting, financial record-keeping, and responding to lawful governmental requests.

8.3 International Data Transfers

Your personal data is processed and stored in the United States. For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure that your data receives an adequate level of protection.

8.4 Additional Rights

In addition to the rights listed in Section 7, European users have the following rights:

• Right to Restriction of Processing: You may request that we restrict the processing of your personal data under certain circumstances.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Erasure: You may request the erasure of your personal data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent.
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

8.5 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement if you believe that our processing of your personal data violates the GDPR.

8.6 Data Protection Contact

For all data protection inquiries and requests related to GDPR, please contact us at info@vybru.com.

9. CCPA — California Residents

If you are a resident of the State of California, the following additional provisions apply to you under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected your information, our business or commercial purpose for collecting your information, and the categories of third parties with whom we share your information.

9.2 Right to Delete

You have the right to request the deletion of personal information we have collected from you, subject to certain legal exceptions (e.g., data required for completing a transaction, complying with legal obligations, or security purposes).

9.3 Right to Opt-Out of Sale

Vybru does not sell personal information to third parties as defined under the CCPA. Because we do not engage in the sale of personal information, there is no need to opt out. If our practices change in the future, we will update this Policy and provide a "Do Not Sell My Personal Information" mechanism.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices or rates, provide you a different level or quality of goods or services, or suggest that you may receive a different price, rate, or quality of goods or services for exercising your rights.

9.5 Categories of Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information:

• Identifiers (name, email address, IP address, account identifiers)
• Commercial information (transaction records, purchase history, payment status)
• Internet or other electronic network activity information (browsing history, usage data, interaction with the Platform)
• Professional or employment-related information (organization details, role information)
• Audio, electronic, or visual information (uploaded images, media files, profile photos)

10. Children's Privacy

The Platform is intended for users who are at least thirteen (13) years of age. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information promptly.

Users between the ages of 13 and 18 may use the Platform only with the involvement and consent of a parent or legal guardian. Parents and guardians are responsible for supervising their minor children's use of the Platform.

If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information, please contact us at info@vybru.com so that we can review and delete such information.

11. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Platform. The types of cookies we use include:

• Essential Cookies: These cookies are strictly necessary for the operation of the Platform, including user authentication, session management, and security. They cannot be disabled without impairing core Platform functionality.
• Analytics Cookies: These cookies help us understand how users interact with the Platform, enabling us to improve and optimize the user experience. You may opt out of analytics cookies through your browser settings or any cookie preference mechanism we provide.

We do not use third-party advertising cookies or tracking technologies for targeted advertising purposes.

You can manage your cookie preferences through your web browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may prevent you from accessing certain features of the Platform. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

12. International Data Transfers

Vybru is based in the United States, and your personal information is stored and processed on servers located in the United States using Amazon Web Services (AWS) infrastructure. If you access the Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

We implement appropriate safeguards to protect your personal information during international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and other legally recognized transfer mechanisms as required by applicable law.

By using the Platform, you acknowledge and consent to the transfer of your personal information to the United States and other jurisdictions where we or our service providers operate.

13. Third-Party Links & Services

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by Vybru. This Privacy Policy does not apply to the practices of third parties. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

We encourage you to review the privacy policies of any third-party websites or services before providing your personal information or using their services.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Policy, we will notify you by email (sent to the email address associated with your account) or by posting a prominent notice on the Platform prior to the changes taking effect.

The "Effective Date" at the top of this Policy indicates when the most recent revisions were made. Your continued use of the Platform after any changes to this Policy constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: