Privacy Policy

1. Who We Are

The data controller for the Service is Festival Abroad Media LLC, 30 N. Gould St. Ste R, Sheridan, WY 82801, USA. For privacy requests, contact hello@festivalabroad.com.

2. Information We Collect

2.1 Account and sign-up

When you create an account, log in, or sign up via our modal or forms, we may collect:

• Name and email address
• Marketing preferences (email, and where offered SMS/WhatsApp opt-in)
• Sign-up source, page URL, and campaign tags (UTM parameters) where present

2.2 Festival matcher (registration wizard)

When you use our "find your perfect festival" wizard on the homepage or related flows, we may collect:

• Name, email address, and optional phone number
• Country, city, postcode, and timezone (from what you enter and/or approximate location from your IP)
• Festival preferences: vibe tags, budget, travel style, how many festivals you attend per year, purchase triggers
• Artists you select via our Spotify search (artist name and Spotify ID – we do not access your Spotify account)
• Past festivals you name or select from our database
• Optional date of birth and gender (where shown in the flow)
• Whether you completed or abandoned the wizard, and A/B test variant where applicable

Progress may be saved temporarily in your browser (session storage) so you can resume. Partial submissions may be stored on our servers when you provide an email.

2.3 Preferences and on-site activity

• Genres, regions, tracked artists, shortlists, and similar preferences when you use those features
• Search queries and pages you view
• Forms you submit (e.g. concierge, corrections, careers)

2.4 Information collected automatically

• Device and log data: Browser type, operating system, IP address, and request logs
• Usage data: Pages viewed, navigation paths, and interactions (subject to cookie choices)
• Approximate location: Country/city/timezone derived from IP or hosting headers (e.g. Vercel geo)
• Cookies and similar technologies: See our Cookie Policy

2.5 Third-party sources

We use third-party services to show travel and venue content (e.g. Amadeus, Stay22, Google Places). Information you provide on those partners' sites is governed by their privacy policies, not ours.

3. How We Use Your Information

We use personal information to:

• Run the Service, including festival matching, accounts, and magic-link login
• Send service emails (e.g. login links, match results, profile completion) where relevant
• Send marketing emails, SMS, or WhatsApp messages only where you have opted in (you can unsubscribe at any time)
• Improve the website, measure performance, and run A/B tests
• Prevent abuse, enforce our Terms, and comply with law
• Operate B2B licensing and aggregated insights where data is not used to identify you

3.1 Lawful bases (UK / EEA)

Where UK GDPR or EU GDPR applies, we rely on:

• Contract: Providing the Service you request (e.g. account, matcher results by email)
• Consent: Email/SMS/WhatsApp marketing, non-essential cookies, and optional sensitive fields where we ask for them
• Legitimate interests: Security, analytics (where permitted), improving the Service, and partial-save reminders – balanced against your rights
• Legal obligation: Where we must retain or disclose data by law

Optional date of birth and gender are used only to personalise recommendations. Where required, we ask for your consent in the wizard. You may skip optional steps where offered.

4. How We Share Information

We do not sell your personal information. We share data with service providers who process it on our behalf, including:

• Supabase: Database, authentication, and hosting
• Brevo: Email delivery, contact lists, and marketing automation (when you opt in)
• Google Analytics: Website analytics when you consent to analytics cookies
• Meta (Facebook): Advertising measurement (pixel / Conversions API) when you consent to marketing cookies
• Vercel: Hosting and edge delivery
• Spotify API: Artist search only (server-side; no connection to your Spotify login)
• Amadeus, Stay22, Google Places: Travel and venue features as described on those pages

We may also share information if required by law, to protect rights and safety, or in connection with a business transfer. Affiliate booking links take you to third-party sites governed by their policies.

5. Cookies and Tracking

We use cookies and similar technologies for essential operation, analytics, and marketing. You can accept, reject, or customise categories via our cookie banner. Details are in our Cookie Policy.

Marketing and advertising tools (including Meta) are intended to run only in line with your cookie choices.

6. Your Rights and Choices

6.1 GDPR (UK / EU / EEA)

You may have the right to:

• Access, correct, or delete your personal data
• Restrict or object to certain processing
• Data portability
• Withdraw consent at any time (without affecting prior lawful processing)
• Lodge a complaint with your supervisory authority

6.2 California (CCPA/CPRA)

California residents may request access, deletion, and correction, and opt out of "sale" or "sharing" as defined by law. We do not sell personal information for money. Contact us to exercise rights.

6.3 Marketing and account

• Unsubscribe from marketing emails via the link in any message or our unsubscribe page
• Update preferences in your account where available
• Email hello@festivalabroad.com for access or deletion requests

7. Data Security

We use technical and organisational measures to protect personal information. No online transmission or storage is completely secure; use the Service at your own risk where applicable.

8. Data Retention

We keep personal data for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. Contact and wizard data are typically retained while your account or marketing relationship is active, unless you ask us to delete it sooner (subject to legal exceptions). Cookie consent choices are stored for up to 365 days. Analytics retention follows Google Analytics settings where applicable.

9. International Transfers

We are based in the United States. Your information may be processed in the US and other countries where our providers operate. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for transfers from the UK/EEA.

10. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children under 16. Contact us if you believe a child has provided data and we will delete it where appropriate.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be highlighted on the site where appropriate.

12. Contact Us

Questions or requests about this policy or your data: