Privacy Policy
1. Introduction
Welcome to EventLock ("EventLock," "we," "our," or "us"), a product of Gromitron Industries LLC. We built EventLock to help event and entertainment companies manage their bookings, clients, and contractors more efficiently.
This Privacy Policy explains what personal information we collect through EventLock (including eventlock.app, go.eventlock.app, and all associated portals), how we use and share it, and the rights you have over your data.
By using EventLock, you agree to the practices described in this Policy. If you do not agree, please do not use the service.
2. Who This Policy Covers
This Policy applies to:
- Companies — businesses and individuals that subscribe to EventLock to manage their operations ("Companies" or "tenants")
- Clients — clients of a Company who interact with EventLock portals to review and sign proposals or contracts
- Contractors — independent contractors or staff of a Company who use the contractor portal to receive assignments, review agreements, or provide their information
If you are a Client or Contractor of a Company that uses EventLock, your relationship is primarily with that Company, not with Gromitron Industries LLC. See Section 10 for more on our role as a data processor in those situations.
3. Information We Collect
3.1 Account Information
When you create an EventLock account or are invited to one, we collect:
- Name
- Email address
- Password (stored in hashed/encrypted form — we never see it in plain text)
- Account type (Company admin, staff, contractor, or client)
If you sign in with Google or Apple, we receive a name, email address, and unique identifier from that provider. We do not receive your password from those providers.
3.2 Profile and Contact Information
Company administrators and staff may add or update:
- Business name and contact details
- Staff names, email addresses, and roles
Contractors may supply:
- Full legal name
- Contact information (phone number, email address, mailing address)
- Professional details (bio, skills, rates, availability)
3.3 Contractor Tax and Identity Information
To support compliance with tax-reporting obligations, Contractors may be asked to supply sensitive tax information, which may include:
- Social Security Number (SSN) or Employer Identification Number (EIN)
- Tax form data (equivalent to W-9 or similar forms)
- Business address
This information is collected and stored on behalf of the Company and is used solely for purposes the Company directs (e.g., issuing 1099s or similar documents). EventLock treats this data as highly sensitive and applies additional safeguards described in Section 7.
3.4 Booking and Event Data
When Companies create bookings, proposals, and contracts through EventLock, we store:
- Event details (dates, times, venues, event descriptions)
- Booking terms, rates, and conditions
- Contract content and amendment history
- Signature events and timestamps
- Cancellation-policy acknowledgments
3.5 Messages and Communications
EventLock supports in-app and portal messaging between Companies, their clients, and their contractors. The content of these messages is stored and associated with the relevant booking or party record.
3.6 Usage, Device, and Log Data
When you access EventLock, we automatically collect:
- IP address
- Browser type and version
- Device type and operating system
- Pages and features accessed, and timestamps
- Referring URL
3.7 Cookies and Similar Technologies
EventLock uses session cookies and similar technologies to:
- Keep you signed in during a session
- Maintain preferences and portal state
- Understand how the service is used
We do not use third-party advertising cookies. You can disable cookies in your browser settings, but some features may not work correctly without them.
4. How We Use Your Information
We use the information we collect to:
- Create and maintain your account and authenticate you
- Operate the platform: manage bookings, contracts, proposals, and communications
- Send SMS notifications (e.g., booking alerts, assignment reminders) via Twilio
- Enable Client and Contractor portal access
- Respond to support requests and communications
- Detect, investigate, and prevent abuse, fraud, and security incidents
- Meet our legal obligations
- Improve and develop EventLock (using aggregate, de-identified data)
We do not use your personal information for advertising targeting.
5. How We Share Your Information
5.1 Within a Company's Workspace
Authorized users within a Company (admins, staff) can view the data associated with that Company's account, including client records, contractor profiles, and booking details. Access is limited to the Company's own data — tenants cannot see other Companies' data.
5.2 With Clients and Contractors
Companies share booking proposals, contracts, and related communications with their Clients and Contractors through EventLock portals. This is the core purpose of the service. The Company controls what is shared with whom.
5.3 With Service Providers (Subprocessors)
We share data with third-party providers who help us run the platform:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Cloud database, authentication, and application data hosting | USA (with additional regions possible) |
| Optional Google Sign-In (OAuth) | USA | |
| Apple | Optional Apple Sign-In (OAuth) | USA |
| Twilio | SMS notifications | USA |
Each subprocessor is bound by data protection agreements consistent with applicable law.
5.4 For Legal Reasons
We may disclose information if we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, or legal process
- Protect the rights, property, or safety of Gromitron Industries LLC, our users, or the public
- Enforce our Terms of Service
5.5 Business Transfers
If Gromitron Industries LLC is acquired, merges with another company, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the service.
5.6 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes.
6. Third-Party Sign-In (Google and Apple)
If you choose to sign in with Google or Apple:
- We receive your name, email address, and a unique identifier from that provider.
- We do not receive your password.
- Your use of those sign-in services is also governed by Google's or Apple's own privacy policies, which we encourage you to review.
- You may disconnect a social sign-in by contacting us at info@gromitron.com.
7. Security
We take security seriously. Measures we employ include:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted password storage (hashed — we cannot read your password)
- Row-level security controls to segregate tenant data
- Access controls limiting staff access to data they need to operate the service
- Additional handling controls for contractor tax/identity data
No system is perfectly secure. If we learn of a security breach that affects your data, we will notify you as required by applicable law.
8. Data Retention
We retain your information as long as your account is active or as needed to provide the service and meet our legal obligations.
- Account data: retained while the account is active; deleted or anonymized upon request or within a reasonable period after account closure (see Section 11)
- Booking and contract records: may be retained longer where required by law or legitimate business need (e.g., tax and audit purposes)
- Log and usage data: typically retained for 90 days
- Contractor tax data: retained as long as the Company requires it or as required by applicable tax law
9. Children
EventLock is not directed to individuals under the age of 18 and is not intended for use by children. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such data, please contact us at info@gromitron.com and we will delete it promptly.
10. Data Controller and Processor Roles
For Company account data (the Company's own account, admin users, and billing): Gromitron Industries LLC is the data controller.
For Client and Contractor data that a Company enters and manages through EventLock: The Company is the data controller — the Company decides what information to collect, from whom, and for what purpose. Gromitron Industries LLC acts as a data processor on behalf of the Company, processing that data only as directed.
If you are a Client or Contractor and have questions or requests about your personal data, your first point of contact should be the Company that engaged you. We will cooperate with Companies to fulfill their obligations to their end users.
11. Your Rights
11.1 GDPR Rights (European Economic Area, UK, and Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR (or equivalent law):
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate or incomplete data.
- Erasure ("Right to be Forgotten"): Request deletion of your data under certain conditions.
- Restriction: Ask us to restrict processing of your data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to certain uses of your data.
- Withdraw Consent: Where processing is based on consent, withdraw it at any time.
To exercise these rights, contact us at info@gromitron.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
11.2 CCPA / CPRA Rights (California Residents)
California residents have the right to:
- Know what personal information we collect, use, disclose, or sell.
- Delete personal information we hold about you (with exceptions for legal obligations and legitimate business needs).
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information — we do not sell or share personal information, so this right is already honored.
- Non-discrimination — we will not discriminate against you for exercising these rights.
To submit a CCPA request, email info@gromitron.com with the subject line "California Privacy Request."
11.3 Other Users
Regardless of your location, you may contact us at info@gromitron.com to request access to, correction of, or deletion of your personal information. We will respond within a reasonable timeframe.
12. International Users
EventLock is operated from the United States. If you access EventLock from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our subprocessors operate. By using EventLock, you consent to the transfer of your information to these locations.
Where required, we use appropriate safeguards (such as standard contractual clauses) for international data transfers.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of this page. For material changes, we will provide additional notice (such as an in-app notification or email to account holders). Your continued use of EventLock after changes take effect constitutes acceptance of the revised Policy.
14. Contact Us
If you have questions about this Privacy Policy or your personal data, contact us:
Gromitron Industries LLC
Email: info@gromitron.com
Website: gromitron.com