Privacy Policy

Last updated: March 22, 2026

1. Information We Collect

When you create an account, we collect your name, email address, and optionally your phone number. When you attend events, we record check-in data and Venom Points earned. When you make purchases, we collect shipping addresses and payment information (processed securely by Stripe and iyzico).

2. How We Use Your Information

  • To manage your membership, tier status, and Venom Points
  • To process ticket purchases and merch orders
  • To send push notifications about events and your account (via OneSignal)
  • To enable safety features (emergency alerts, get-me-home)
  • To display event photos you are tagged in
  • To compute leaderboard rankings and badge achievements

3. Third-Party Services

We use the following third-party services:

  • Supabase — Database, authentication, and file storage
  • Stripe — International payment processing
  • iyzico — Payment processing for Turkey
  • OneSignal — Push notification delivery
  • Cloudflare R2 — Audio file storage for set recordings
  • Expo / EAS — App distribution and over-the-air updates

Each service processes data according to their own privacy policies. We do not sell your data to any third party.

4. Data Retention

Your account data is retained as long as your account is active. Venom Points expire after 12 months (spending balance only; total earned VP is permanent for tier calculation). You can delete your account at any time from the app, which permanently removes all personal data.

5. Push Notifications

We send a maximum of 4-6 push notifications per month, each carrying value (event announcements, ticket confirmations, tier upgrades). You can manage notification preferences in the app or disable them entirely through your device settings. Critical notifications (security alerts, order confirmations) are always sent.

6. Your Rights

  • Access your personal data at any time through the app
  • Request correction of inaccurate data
  • Delete your account and all associated data
  • Export your data upon request
  • Opt out of non-essential notifications

7. Security

All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. Payment information is processed directly by Stripe/iyzico and never touches our servers. QR tickets use SHA-256 hash with HMAC-SHA256 for tamper-proof validation.

8. Tracking & Advertising

Snake Project does not track you across other apps or websites. We do not use advertising identifiers (IDFA). We do not share your data with advertising networks or data brokers.

9. Contact

For privacy-related questions, contact us at support@snakeproject.co