Privacy Policy

DraVan Technologies SARL-S ("we", "us", "our") operates PulUp, an event creation and sharing platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using PulUp, you consent to the data practices described in this policy.

2.1 Account Information

When you create an account, we collect:

• Email address (required for authentication)
• Display name or nickname (if provided)
• Password (encrypted and stored securely by Nhost)
• Account creation date and authentication tokens

2.2 Event Information

When you create or interact with events, we collect:

• Event details (title, date, location, description, theme)
• Event settings (capacity, cost, dress code, public/private status)
• Optional links (playlist URLs, external links)
• Event participation data (RSVPs, attendance)

2.3 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the platform
• Device Information: Browser type, operating system, IP address
• Cookies: Essential cookies for authentication and session management, plus analytics cookies (if you consent)

We process your personal data based on the following legal grounds:

• Performance of Contract: To provide PulUp's event creation and sharing services
• Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
• Consent: For analytics and marketing communications (where applicable)
• Legal Obligations: To comply with applicable laws and regulations

Specifically, we use your data to:

• Create and manage your account
• Enable you to create, share, and manage events
• Facilitate event RSVPs and participant communication
• Send service-related notifications (e.g., event reminders, account updates)
• Improve platform performance and user experience
• Prevent abuse, fraud, and security incidents
• Analyze usage patterns to enhance features (anonymized data)

We do not sell your personal data. We share data only in the following circumstances:

4.1 Service Providers

• Nhost: Our authentication and database provider (EU-based infrastructure). Nhost processes user authentication data and event information on our behalf.

4.2 Event Participants

• When you create or join an event, your display name and participation status may be visible to other event participants
• Public events are visible to anyone with the event link

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights and safety.

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion, except where we have a legal obligation to retain it
• Event Data: Events you create remain accessible until you delete them or delete your account
• Analytics Data: Aggregated and anonymized usage data may be retained indefinitely for statistical purposes

As a user in the European Union, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at privacy@pulup.com. We will respond within 30 days.

We implement industry-standard security measures to protect your data:

• Encrypted data transmission (HTTPS/TLS)
• Secure password hashing (managed by Nhost)
• Regular security audits and updates
• Access controls and authentication mechanisms
• EU-based data storage (compliant with GDPR data residency requirements)

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We use cookies to enhance your experience:

• Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how you use PulUp to improve the platform. You can opt out of these cookies.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies will prevent you from using certain features of PulUp.

For detailed information about cookies we use, including technical specifications and legal basis, please see our Cookie Policy.

Your data is primarily stored and processed within the European Union through Nhost's EU-based infrastructure. If we transfer data outside the EU, we ensure adequate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with GDPR requirements.

PulUp is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If we discover that we have collected data from a child without parental consent, we will delete it immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending an email notification (for material changes)

Your continued use of PulUp after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or wish to exercise your data protection rights, please contact us:

For GDPR-related complaints, you may also contact the Luxembourg National Commission for Data Protection (CNPD).