Privacy Policy

Python Panda Studios LLC ("Company," "we," "us," or "our") operates the Events For Employees software-as-a-service platform, including all related websites, applications, APIs, and services (collectively, the "Service"). This Privacy Policy explains in detail how we collect, use, disclose, retain, and protect information when the Service is used by companies and their authorized users.

The Service is offered strictly on a business-to-business (B2B) basis. Companies that create accounts and invite users ("Company Customers" or "Companies") act as Data Controllers with respect to personal data of their employees and representatives. Python Panda Studios LLC acts as a Data Processor when processing personal data on behalf of those Companies and as a Data Controller with respect to its own business contact data and website visitors.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.

---

1. Scope and Applicability

This Privacy Policy applies to personal data processed in connection with: - Company administrators who register and manage Company accounts; - Employees and authorized users invited to the Service by a Company; - Communications sent through or related to the Service; - Website visitors where this Privacy Policy is posted.

This Privacy Policy does not apply to third-party websites, ticketing providers, payment processors, or services that are not operated or controlled by the Company, even if they are linked to or integrated with the Service.

2. Roles Under Data Protection Laws

2.1 Company Customers as Data Controllers

Company Customers determine: - Which employees or representatives are invited to the Service; - What categories of personal data are uploaded or shared; - How ticket requests, approvals, and internal content are handled; - How long employee data is retained and when access is revoked.

Company Customers are responsible for complying with applicable privacy and employment laws and for providing appropriate notices to their employees.

2.2 Python Panda Studios LLC as Data Processor

When processing employee data, we act solely on documented instructions from the Company Customer and process personal data only as necessary to provide, maintain, and secure the Service.

3. Categories of Personal Data Collected

3.1 Company and Administrator Information

When a Company registers for the Service, we collect: - Company name, business address, and industry; - Administrator names, job titles, email addresses, and phone numbers; - Account credentials and authentication information; - Subscription details, plan selection, and billing status; - Configuration details such as venues or event preferences.

3.2 Employee and Authorized User Information

When employees or representatives are invited or added by a Company, we may process: - First and last name; - Work email address; - Company affiliation, role, and permissions; - Ticket request history and approval status; - Activity logs related to use of the Service.

We do not independently verify employee information and rely on the Company Customer to ensure accuracy.

3.3 User-Generated Content

Users may upload content to the private company feed, including: - Photos and videos; - Captions, comments, and reactions; - Metadata associated with uploaded media.

All user-generated content is visible only within the relevant Company account unless otherwise configured by the Company.

3.4 Financial and Transaction Data

We do not store raw payment card numbers. Payment processing is handled by Stripe, which may collect: - Payment card details; - Billing address; - Transaction amounts and dates.

We store limited identifiers such as Stripe Customer IDs, Subscription IDs, and billing status.

3.5 Automatically Collected Technical Data

When users access the Service, we automatically collect: - IP address and approximate location; - Device type, operating system, and browser; - Log files, timestamps, and usage statistics; - Session identifiers, cookies, and authentication tokens.

4. Cookies and Similar Technologies

We use cookies and similar technologies to ensure the functionality, security, and performance of the Service.

4.1 Essential Cookies

These cookies are strictly necessary: - sessionid – Maintains authenticated user sessions; - csrftoken – Protects against cross-site request forgery attacks.

4.2 Functional Cookies

These cookies improve usability: - messages – Displays one-time system notifications following user actions.

4.3 Third-Party Cookies

Third-party providers may set cookies, including: - Stripe cookies for fraud prevention and payment security; - Load-balancer or infrastructure cookies associated with cloud hosting providers.

Users may control cookie settings through their browser, but disabling essential cookies may impair functionality.

5. Purposes of Processing

We process personal data for the following purposes: - Providing, operating, and maintaining the Service; - Authenticating users and enforcing access controls; - Processing subscriptions and payments; - Facilitating internal ticket requests and approvals; - Hosting, displaying, and managing user-generated content; - Communicating with Company Admins regarding the Service; - Monitoring performance, detecting misuse, and ensuring security; - Complying with legal, regulatory, and contractual obligations.

We do not sell personal data and do not use employee data for advertising purposes.

6. Legal Bases for Processing (Where Applicable)

Where required under applicable law, our processing is based on: - Performance of a contract with the Company Customer; - Legitimate interests in operating and securing the Service; - Compliance with legal obligations; and - Instructions from the Company Customer as Data Controller.

7. Data Sharing and Disclosure

7.1 Service Providers and Subprocessors

We share personal data with trusted service providers acting as subprocessors, including: - Stripe for payment processing; - Ticketmaster for sourcing event information; - DigitalOcean and/or AWS for hosting and media storage; - Email service providers for transactional and system communications.

Subprocessors are contractually required to protect personal data.

7.2 Disclosures to Company Customers

Company Admins may access employee data and content within their Company environment in accordance with internal policies.

7.3 Legal and Regulatory Disclosures

We may disclose personal data if required to do so by law, court order, or governmental request, or to protect the rights, safety, and security of the Company, users, or others.

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred subject to this Privacy Policy.

8. Data Retention and Deletion

We retain personal data only for as long as necessary to: - Provide and support the Service; - Comply with legal and accounting obligations; - Resolve disputes and enforce agreements.

Upon termination of a Company account, data may be deleted or returned at the Company’s request, subject to applicable law and backup retention practices.

9. Data Security Measures

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data, including: - Role-based access controls; - Encrypted data transmission; - Monitoring for unauthorized access; - Regular review of security practices.

Despite these measures, no system is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

Personal data may be processed and stored in countries other than where users reside. Where required, we rely on appropriate safeguards for cross-border transfers.

11. Data Subject Rights

Depending on applicable law, individuals may have rights to: - Access personal data; - Correct inaccurate or incomplete data; - Request deletion or restriction of processing; - Object to certain processing activities.

Requests should generally be directed to the Company Customer, who acts as the Data Controller.

12. Law Enforcement and Government Requests

We assess all law enforcement or governmental requests for personal data and disclose information only when legally required or permitted.

13. Children’s Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

14. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices or content.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated to Company Admins, and continued use of the Service constitutes acceptance of the updated Policy.

16. Contact Information

Python Panda Studios LLC 12860 W Cedar Dr. Ste 108 Lakewood, CO 80228 support@pythonpandastudios.com