Privacy Policy
Last updated: 15 July 2026.
This Privacy Policy explains how EventMonster collects, uses, shares, and protects personal data, in line with the UK General Data Protection Regulation, the EU General Data Protection Regulation, and the Data Protection Act 2018.
EventMonster is currently operating in a testing phase ahead of the formal registration of a company to own and operate the platform. Personal data is processed under this Privacy Policy throughout that phase on the same basis described below; once a company is registered, it will assume responsibility as controller/processor in EventMonster's place, without any reduction in your rights under this policy.
For account data, EventMonster acts as the data controller. This includes your name, email address, organisation details, login credentials, and records of how you use the platform. We use this data to operate your account, provide customer support, secure the platform, and, where you have not opted out, send you service updates. Our lawful basis for this processing is performance of our contract with you and, for security and service-improvement purposes, our legitimate interests.
Where an organiser sells tickets or collects RSVPs through EventMonster, the attendee or guest data submitted (such as name, email, and any additional fields the organiser configures) is controlled by that organiser, not by EventMonster. EventMonster acts only as a data processor on the organiser's behalf for that data, processing it solely to operate the ticketing or invitation feature the organiser has set up, and organisers are responsible for their own lawful basis for collecting and using it. If you are an attendee or guest with a question about how your data is being used, you should first contact the organiser of the event you interacted with; EventMonster will assist an organiser in responding to such requests where required.
We do not sell personal data to any third party, and we do not use attendee or guest data collected on an organiser's behalf for EventMonster's own marketing.
Online payments are processed directly by Stripe using the organiser's own connected Stripe account, under Stripe's own privacy policy. EventMonster does not receive or store full card numbers or other sensitive payment credentials; we may receive limited transaction metadata (such as amount and status) needed to confirm a ticket purchase.
We use a limited set of third-party processors to operate the platform, including our hosting and database provider, our transactional email provider (for ticket delivery, RSVP confirmations, and account emails), and Stripe for payment processing. These providers process data under contract with us and only for the purposes we specify. Some of these providers may process data outside the UK or EEA; where they do, we rely on appropriate safeguards such as the UK International Data Transfer Addendum or the EU Standard Contractual Clauses.
We use essential cookies required for the platform to function, such as keeping you logged in, and limited analytics cookies to understand aggregate usage of the site. We do not use third-party advertising cookies. Where consent is required for non-essential cookies, we will ask for it before setting them.
We retain account data for as long as your account is active and for a reasonable period afterwards to comply with legal, accounting, or dispute-resolution obligations. Organisers control the retention of their own attendee and guest data and can delete it from their dashboard; EventMonster deletes processor-held copies of that data in line with the organiser's instructions or, absent instructions, within a reasonable period after an event has concluded and any legal retention need has passed.
Under UK and EU data protection law you have the right to request access to, correction of, deletion of, or a portable copy of your personal data, and to object to or restrict certain processing. To exercise these rights over your EventMonster account data, or if you are an attendee unable to resolve a request directly with an event organiser, contact us using the address below. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local EU supervisory authority.
EventMonster is not directed at children, and we do not knowingly collect personal data from anyone under 16 without appropriate parental or guardian consent having been obtained by the organiser or account holder responsible for that data.
In the event of a personal data breach that poses a risk to individuals, we will notify affected organisers and, where required by law, the relevant supervisory authority, without undue delay.
We may update this Privacy Policy from time to time to reflect changes in the law or in how EventMonster operates; the date at the top of this page will be updated when we do, and material changes will be highlighted where appropriate.
Data requests and privacy questions can be sent to the address below.