Legal

Privacy Policy

Last updated 2026-07-03. This policy explains what personal data Party collects and how we use it.

1. Data we collect

Account data (name, email, avatar) when you sign up with email or Google OAuth. Event activity: registrations, waitlist entries, check-ins, and reviews. Approximate device location, only when you explicitly enable it, to sort nearby events. Payment metadata via Paddle when you purchase a paid ticket — we receive a transaction reference and amount but never store full card numbers. LINE Notify tokens, only if you voluntarily connect LINE.

2. How we use it

To operate core features: event discovery, registration, ticketing, QR check-in, organiser dashboard, and in-app notifications. To display nearby events when you opt in. To process and reconcile paid-ticket transactions through Paddle. To detect and prevent abuse. We do not sell your personal data to third parties.

3. Sub-processors and third parties

Supabase (database, auth, storage — Singapore), Paddle (payment merchant of record — processes buyer name, email, payment method for paid tickets; see paddle.com/legal/privacy), Google (OAuth sign-in), LINE (optional notifications), Vercel (hosting), Resend (transactional email), World ID / Worldcoin Foundation (human and 18+ age verification — we only receive zero-knowledge proof results, see Section 5 of this policy). Each sub-processor receives only data needed for their function.

4. Paddle and payment data

When you purchase a paid event ticket, Paddle acts as the merchant of record and independently collects billing information (name, email, payment method, billing address) for payment processing and tax compliance. Your purchase contract for payment is with Paddle, not Party, and Paddle's handling of this data is governed by Paddle's own Privacy Policy. Party receives only a payment confirmation and transaction reference — not raw card data.

5. World ID human and age verification

If you choose to complete human verification or 18+ age verification with World ID, the verification flow is handled by the World ID network operated by the Worldcoin Foundation (worldcoin.org). Party does not receive and cannot access your biometric data, ID document images, or actual date of birth — we only receive the output of a zero-knowledge proof computation: an anonymous nullifier tied to that verification action (used to prevent the same person from verifying multiple accounts) and a boolean success result. 18+ verification additionally records a completion timestamp on your account, which likewise contains no identity or birthdate information. World ID's own collection and processing of your biometric/document data is governed by World ID's own Privacy Notice (see world.org/legal/privacy-notice). To request deletion of the verification records Party retains (the nullifier and verification timestamp), contact ryan910814@gmail.com — we will process and remove them within a reasonable time. This request does not affect data retained by the World ID network itself; for that, contact the Worldcoin Foundation directly.

6. Data retention

We retain account and event data while your account is active. Transaction records for paid tickets are kept for 7 years for legal and accounting compliance. You may request deletion at any time; we remove personal data except where retention is legally required.

7. Your rights

You may access, correct, export, or delete your personal data. You may withdraw consent for optional features (location, LINE notifications) in account settings. Contact us to exercise these rights.

8. Cookies

We use strictly necessary session cookies for authentication. We do not use advertising or cross-site tracking cookies.

9. Notice of personal data collection (Taiwan PDPA Article 8)

Under Taiwan's Personal Data Protection Act Article 8, when we collect personal data directly from you we disclose: (1) the collector is Party, operated by Ryan Lee in Taiwan; (2) the purpose is account management, event registration and ticketing, payment processing, and customer support; (3) the categories of data collected are listed in Section 1 above; (4) data is used within Taiwan and at the locations of the sub-processors listed in Section 3 (including Singapore), by Party and those sub-processors, for as long as the purpose subsists; (5) you may, under Article 3 of the Act, request to inquire about, review, obtain a copy of, supplement or correct, or stop the collection, processing or use of, or delete, your personal data; (6) providing personal data is voluntary, but declining to provide data required for account registration, event registration, or payment will mean we cannot provide the corresponding service.

10. Governing law and jurisdiction

This policy is governed by the laws of Taiwan (R.O.C.). Disputes arising from this policy are subject to the jurisdiction of the Taiwan Taipei District Court as the court of first instance.

11. Changes

Material changes to this policy will be communicated by email or in-app notice at least 14 days before they take effect.

12. Contact

For privacy questions or data requests: ryan910814@gmail.com or party.com.tw/contact.