Privacy Policy
Chillz N.L.E Ltd ("Chillz", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Services").
By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.
1. Information We Collect
1.1 Information You Provide
When you register for an account, purchase tickets, or interact with the Services, we may collect:
- Account information — name, email address, phone number, date of birth, gender, and profile picture.
- Payment information — credit card details, billing address, and transaction history. Payment processing is handled by PCI-compliant third-party processors; we do not store full card numbers on our servers.
- Event-related information — ticket purchases, event attendance, and preferences.
- Communications — messages you send through the Services, customer support inquiries, and feedback.
- Organizer information — if you create or manage events, we collect organization details, payout information (bank account details), and business contact information.
1.2 Information Collected Automatically
When you access the Services, we automatically collect:
- Device and usage data — IP address, browser type, operating system, device identifiers, pages viewed, time spent on the Services, referring URLs, and interaction patterns.
- Location data — approximate location based on your IP address. We do not collect precise GPS location without your explicit consent.
- Cookies and similar technologies — we use cookies, web beacons, and similar tracking technologies to enhance your experience. See Section 7 for details.
1.3 Information from Third Parties
We may receive information from:
- Social login providers — if you sign in using Google, Facebook, or Apple, we receive your name, email, and profile picture as authorized by your social account settings.
- Payment processors — transaction confirmation and fraud prevention data.
- Event organizers — organizers may provide attendee lists or buyer information in connection with event management.
1.4 Social Media Enrichment
To power discovery and social features — such as showing who else is attending an event — we may obtain and infer publicly available information associated with the contact details you or an event organizer provide. This includes social media handles (e.g., Instagram), profile photos, display names, follower counts, and other public profile attributes obtained from third-party data providers and publicly accessible sources. We associate this information with your contact record. This information may be inaccurate or out of date, and you may ask us to correct or remove it (see Section 6).
2. How We Use Your Information
We use the information we collect to:
- Provide and operate the Services — process ticket purchases, manage your account, deliver event information, and enable communication between buyers and organizers.
- Process payments — charge for ticket purchases, manage refunds, and handle payouts to event organizers.
- Communicate with you — send order confirmations, event updates, service announcements, and respond to inquiries.
- Personalize your experience — recommend events based on your location, preferences, and past activity.
- Marketing — with your consent, send promotional communications about events and features. You can opt out at any time (see Section 6).
- Improve the Services — analyze usage patterns, troubleshoot issues, conduct research, and develop new features.
- Ensure safety and security — detect fraud, enforce our Terms of Service, verify identity, and protect the rights and safety of our users and the public.
- Comply with legal obligations — meet regulatory requirements, respond to legal process, and cooperate with law enforcement when required.
- Social and community features — operate attendee avatar stacks, "who's going" guest lists, and connection prompts, including ordering attendees by public follower count to make these features useful. These features can be disabled by the event organizer and you can opt out of being shown (see Section 6).
3. Legal Basis for Processing (EEA/UK Users)
If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), we process your personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing the Services, processing transactions | Performance of a contract with you |
| Sending service-related communications | Performance of a contract / Legitimate interest |
| Fraud prevention and security | Legitimate interest |
| Marketing communications | Your consent |
| Analytics and service improvement | Legitimate interest |
| Legal compliance | Legal obligation |
| Social enrichment and social-proof features | Legitimate interest (right to object — see Section 6) |
You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
4. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
4.1 Event Organizers
When you purchase a ticket, the event organizer receives your name, email, and any information you provided during checkout (e.g., custom form fields required by the organizer). Organizers are independent data controllers for the data they receive.
4.2 Service Providers
We share information with third-party vendors who help us operate the Services, including:
- Payment processors — for processing transactions (e.g., Stripe, Tranzila).
- Email and SMS providers — for sending transactional and marketing communications.
- Cloud hosting and infrastructure — for storing and serving data.
- Analytics providers — for understanding how the Services are used.
- Customer support tools — for managing support requests.
These providers are bound by data processing agreements and may only use your data for the purposes we specify.
4.3 Legal and Safety
We may disclose information when we believe it is necessary to:
- Comply with applicable law, regulation, or legal process.
- Protect the safety, rights, or property of Chillz, our users, or the public.
- Detect, prevent, or address fraud, security, or technical issues.
- Enforce our Terms of Service.
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.
4.5 Social Proof and Guest Lists
Where an event organizer enables it, we may display limited attendee information to other people viewing the event, including:
- your profile photo and first name, shown publicly on the event page and in an aggregate count of attendees; and
- to verified ticket-holders for the same event, your associated public social handle (e.g., Instagram), so attendees can connect with one another.
We do not display your last name, email address, phone number, purchase amount, or other sensitive details through these features. Organizers control whether these features are enabled and at what level of visibility — for example, showing photos for all attendees, only for people with a public profile, or showing an anonymized count with no photos. You can opt out of being displayed in social-proof and guest-list features at any time — see Section 6.
5. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including Israel and the United States. When we transfer data outside the EEA/UK, we implement appropriate safeguards, such as:
- Standard Contractual Clauses approved by the European Commission.
- Adequacy decisions (Israel is recognized by the European Commission as providing adequate data protection).
- Other legally recognized transfer mechanisms.
6. Your Rights and Choices
6.1 All Users
You have the right to:
- Access and update your account information through your profile settings.
- Delete your account by contacting us at privacy@chillzapp.com.
- Opt out of marketing by clicking the unsubscribe link in any marketing email or adjusting your notification preferences.
- Opt out of social-proof and guest-list display — ask us not to show your profile photo, first name, or social handle in social-proof or guest-list features by updating your profile settings or contacting us at privacy@chillzapp.com. We will suppress your display going forward across events on the platform.
- Correct enriched social data — because some profile information is obtained from third-party sources, it may be inaccurate. If a social handle or profile shown for you is wrong or not yours, contact us at privacy@chillzapp.com and we will correct or remove it promptly.
6.2 EEA/UK Users (GDPR)
Under the General Data Protection Regulation, you have additional rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your personal data (subject to legal retention requirements).
- Right to restriction — request that we limit the processing of your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests or for direct marketing.
- Right not to be subject to automated decision-making — you will not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
To exercise these rights, contact us at privacy@chillzapp.com. We will respond within 30 days (extendable by 60 days for complex requests). You may also lodge a complaint with your local data protection authority.
6.3 Israeli Users (Protection of Privacy Law)
Under Israeli privacy law, you have the right to access, correct, and delete your personal data. Contact us at privacy@chillzapp.com to exercise these rights.
7. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Essential cookies — enable core functionality such as authentication, security, and accessibility.
- Analytics cookies — help us understand how visitors interact with the Services (e.g., Google Analytics).
- Marketing cookies — enable targeted advertising and measure campaign effectiveness (e.g., Facebook Pixel, Google Ads).
- Preference cookies — remember your settings and preferences (e.g., language, locale).
Managing Cookies
You can manage cookie preferences through your browser settings. Blocking essential cookies may impair the functionality of the Services. For more information about cookies, visit allaboutcookies.org.
8. Data Security
We implement industry-standard technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS/SSL) and at rest.
- Regular security assessments and vulnerability testing.
- Access controls and authentication requirements for our systems.
- Employee training on data protection.
While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
9. Data Retention
We retain your personal information for as long as necessary to:
- Provide the Services and fulfill the purposes described in this Policy.
- Comply with legal obligations (e.g., tax and accounting requirements).
- Resolve disputes and enforce our agreements.
When your information is no longer needed, we securely delete or anonymize it. Specifically:
- Account data is retained while your account is active and for up to 3 years after deletion, for legal and audit purposes.
- Transaction records are retained for 7 years to comply with tax and financial regulations.
- Analytics data is aggregated and anonymized after 26 months.
10. Children's Privacy
The Services are not intended for individuals under the age of 18 (or the age of legal consent in the applicable jurisdiction, whichever is higher). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@chillzapp.com and we will delete it promptly.
11. Third-Party Links
The Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review their privacy policies before providing any personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting a prominent notice on the Services or by email. Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Chillz N.L.E Ltd Email: privacy@chillzapp.com General inquiries: info@chillzapp.com
For data protection inquiries from the EEA/UK, you may also contact our data protection point of contact at the email address above.
14. Governing Law
This Privacy Policy is governed by the laws of the State of Israel. Any disputes arising from or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts in Tel Aviv, Israel.