Privacy Policy
Effective date: 24 March 2026 · Last updated: 24 March 2026
EventBosh ("we", "us", or "our") operates the EventBosh mobile application and website (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service. We are committed to complying with the Australian Privacy Act 1988 (Cth), the UK GDPR, the EU GDPR, and Apple's App Store guidelines.
Data Controller: Jake Rose (Sole Trader), Melbourne, Victoria, Australia
Email: privacy@eventbosh.events
1. Information We Collect
Information collected automatically
You can use much of EventBosh without creating an account. When you use the Service, the following may be collected:
| Data Type | Details | Storage |
|---|---|---|
| Location Data | Approximate location (city-level bounding box) sent to our server to fetch relevant events. Precise coordinates are processed on-device only. | On-device (precise); server receives approximate only |
| City Preference | The city you manually select. | On-device |
| Saved Events | Events you save or bookmark. | On-device (signed-out) or our database (signed-in) |
| Account Email | If you create an account (web or app), we store your email for sign-in and notifications. | Supabase Auth |
| Calendar Access | If you grant permission, the App can add events to your device calendar. We do not read your existing calendar data. | On-device only; write-only access |
| Push Notification Token | If you enable push notifications, Apple or your browser provides a token so we can send notifications. | APNs / web push |
Information we do not collect
- We do not collect your name, phone number, or government identifiers.
- We do not collect payment or financial information.
- We do not use advertising identifiers (IDFA) or build advertising profiles.
- We do not track you across other apps or websites.
- We do not sell, rent, or trade your personal information to third parties.
2. How We Use Your Information
- Providing the Service — Displaying events relevant to your location and preferences.
- Personalisation — Using your saved events and followed categories to rank and recommend events.
- Push Notifications — Sending notifications about events you may be interested in (opt-in).
- Service Improvement — Aggregated, anonymised usage patterns may be used to improve the Service.
- Calendar Integration — Adding events to your device calendar at your request.
3. Legal Bases for Processing (GDPR)
If you are in the EEA or UK:
| Purpose | Legal Basis |
|---|---|
| Event discovery based on location | Consent (Art. 6(1)(a)) |
| Personalising your experience | Legitimate Interest (Art. 6(1)(f)) |
| Push notifications | Consent (Art. 6(1)(a)) |
| Service improvement | Legitimate Interest (Art. 6(1)(f)) |
| Calendar integration | Consent (Art. 6(1)(a)) |
4. Third-Party Data Sources
EventBosh displays event information sourced from publicly available listings on third-party platforms, including Eventbrite, Skiddle, Dice.fm, Songkick, Moshtix, and venue websites. Event descriptions may be transformed or summarised from the original source. Source attribution is provided where applicable.
5. Third-Party Services
- Mapbox — Used to display maps on the web. Governed by Mapbox's privacy policy.
- Apple MapKit — Used to display maps in the iOS app. Governed by Apple's privacy policy.
- Supabase — Hosts our authentication database for signed-in users. Supabase privacy.
- Third-Party Ticketing Platforms — When you tap a ticket link, you leave EventBosh. Your interaction is governed by that platform's privacy policy. We do not receive data about your purchases.
6. Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share information only for:
- Legal Compliance — If required by law or governmental request.
- Safety — To protect rights, safety, or property.
- Business Transfer — In connection with a merger or acquisition.
7. Data Retention
- Account data is retained while your account is active.
- On-device data persists until you clear it or uninstall the app.
- Approximate location is used transiently and not stored server-side.
- Push notification tokens are removed when notifications are disabled.
8. Data Security
We implement reasonable technical and organisational measures to protect your information. Server communications use HTTPS/TLS encryption. On-device data is protected by your device's built-in security.
9. Your Rights
Regardless of your location, you have the right to:
- Access the data we hold about you.
- Request deletion of your data.
- Withdraw consent for location, notifications, or calendar access via your device settings.
EU/UK Users (GDPR)
You additionally have the right to rectification, restriction, portability, objection, and lodging a complaint with your local data protection authority (the ICO for the UK).
Australian Users
Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to access and correct your personal information, and to lodge a complaint with the OAIC.
To exercise any rights, email privacy@eventbosh.events. We will respond within 30 days.
10. International Data Transfers
Your on-device data remains on your device. Approximate location data sent for event queries may be processed outside your country. For EU/UK users, any transfer complies with Chapter V of the GDPR using appropriate safeguards.
11. Children's Privacy
EventBosh is rated 16+. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided personal information, contact us at privacy@eventbosh.events.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated through the Service. Continued use after changes indicates acceptance.
13. Contact Us
Email: privacy@eventbosh.events
See also: Terms of Service · Support