Skip to content
HoldDate
Back to homeStart free trial
Legal

Privacy Policy

Last updated: April 2026

At HoldDate, we take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it — written in plain language so you actually understand it.

1. Information We Collect

Account Information

When you create a HoldDate account, we collect your name, email address, phone number, business name, and address. This information is used to set up your venue profile and communicate with you about your account.

Booking & Event Data

Information you enter about events, bookings, proposals, contracts, and invoices is stored to provide the Service. This includes event dates, venue spaces, pricing, and any custom notes you add.

Client Data

Information you enter about your clients — names, emails, phone numbers, and event details — is stored on your behalf to power the client portal, messaging, contracts, and invoices. You own this data and can export or delete it at any time.

Payment Information

All payment processing is handled securely by Stripe. HoldDate never stores credit card numbers or full bank account details. We receive transaction amounts, dates, payment status, and Stripe confirmation IDs for record-keeping and invoice reconciliation.

Usage Data

We collect anonymized information about pages visited, features used, and time spent in the application to help us improve the product. This includes browser type, device information, and IP address.

2. How We Use Your Information

  • Provide and maintain the HoldDate platform — event management, client portal, contracts, invoices, BEOs, and reporting.
  • Send transactional emails via Resend — booking confirmations, invoice reminders, contract notifications, payment receipts, and magic login links.
  • Process payments and payouts through Stripe Connect on behalf of your venue.
  • Improve the product — understanding which features are used most helps us prioritize what to build next.
  • Provide customer support when you contact us.
  • Send product update announcements (you can opt out at any time).
  • Enforce our Terms of Service and protect against fraud or abuse.

3. Data Sharing

We do not sell your data. We share data only with the following trusted third-party services required to operate HoldDate:

Stripe
Payment processing and Stripe Connect payouts for your venue.
Supabase
Secure database storage and authentication infrastructure.
Resend
Transactional email delivery (contracts, invoices, portal links).
Vercel
Hosting and content delivery network (CDN).
Upstash
Rate limiting to protect against API abuse.

We may also disclose data if required by law, court order, or to protect the rights and safety of HoldDate, our users, or the public.

4. Data Security

We implement multiple layers of security to protect your data:

  • All data is encrypted in transit using TLS/HTTPS.
  • All data is encrypted at rest in Supabase.
  • Row Level Security (RLS) policies ensure your data is isolated from other organizations.
  • API endpoints are rate-limited to prevent abuse.
  • Session inactivity timeout automatically signs users out after 8 hours.
  • Sensitive actions (payment processing, contract signing) are logged in an audit trail.
  • All portal operations are secured with unique, one-time portal tokens.

5. Data Retention

We retain your account data for as long as your account is active. Upon account deletion, we remove your data within 30 days. Some data may be retained for longer periods as required by law — for example, financial transaction records are typically retained for 7 years for tax and compliance purposes. You can request a data export at any time by contacting support.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access
Request a copy of the data we hold about you.
Correction
Request correction of inaccurate or incomplete data.
Deletion
Request deletion of your data ("right to be forgotten").
Portability
Export your data in a machine-readable format.
Withdraw Consent
Opt out of non-essential data processing at any time.
Objection
Object to how we process your data in certain circumstances.

To exercise any of these rights, contact us at support@holddate.com.

7. Cookies

HoldDate uses cookies and similar technologies for authentication and session management. We set a session activity cookie (hd_last_activity) to automatically sign you out after 8 hours of inactivity for security. We may use anonymized analytics cookies to understand platform usage. You can disable non-essential cookies in your browser settings without affecting core functionality.

8. Children's Privacy

HoldDate is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with their data, please contact us immediately so we can remove it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email and by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions, data requests, or concerns, contact our team:

support@holddate.com