Privacy Policy

1. Introduction

E&EL Global Inc. ("we," "our," or "us") operates the nYtevibe platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Registered Company: E&EL Global Inc.

Product: nYtevibe

Service Type: Nightlife venue discovery and booking platform

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

Name and contact information (email, phone number)
Account credentials and profile information
Payment information (processed securely through third-party providers)
Location data (with your consent)
Communication preferences

2.2 Usage Information

We automatically collect certain information about your use of the Service:

Device information and IP address
Browser type and version
Pages visited and time spent on the Service
Search queries and booking history
App usage patterns and preferences

2.3 Behavioral and Engagement Data

We collect behavioral data to improve user experience:

Venue view tracking and browsing patterns
Booking history and preferences
Click tracking and interaction patterns
Session duration and app usage patterns
User engagement scores and metrics
Venue follow/unfollow actions
Review and rating history
Credibility score calculations
Booking reliability metrics (completion rate, no-show rate, cancellation patterns)
Venue loyalty metrics
Device information and browser fingerprints

2.4 Machine Learning and Predictive Data

For platform improvement and personalization, we collect and analyze:

Customer credibility predictions
Booking behavior pattern analysis
Preference learning algorithms
Personalized venue recommendations
Wait time predictions
Fraud detection patterns
ML model training data (anonymized)

2.5 Business Account Data (Venue Owners)

If you are a venue owner, we collect additional business information:

Business registration information
Business verification documents
Tax identification numbers
Bank account information (for payouts)
Business hours and operational data
Venue performance analytics
Subscription and billing information

2.6 Location Data Collection

Types of Location Data:

IP Address Location: General geographic location from IP addresses
Precise Location: GPS coordinates (if enabled by user)
City/State/Country: Geographic region for recommendations
Venue Proximity Data: Distance from venues for proximity notifications
Location History: Historical location data (if enabled)
Check-in Location: Exact location when checking in at venues
Geofencing Data: Entry/exit from predefined geographic areas

Location Data Uses:

Venue proximity notifications
Location-based venue recommendations
Wait time estimation based on location
Security and fraud prevention
Analytics and user behavior insights

Location Data Controls:

Users can disable precise location sharing
Location history retention is configurable (default: 30 days)
Proximity notifications can be disabled
Geofencing can be disabled
IP location tracking can be disabled

3. SMS Communications and OTP/2FA Data Collection

When you provide your phone number for SMS communications, we collect and process:

Phone number for verification and communication purposes
Consent records for SMS communications
Message delivery status and engagement data
Opt-out preferences and communication history
OTP verification attempts and success/failure logs
2FA authentication events and security logs

3.1 OTP/2FA Specific Data Collection

For Two-Factor Authentication (2FA) purposes, we collect additional security-related data:

OTP code generation timestamps
Verification attempt timestamps and results
Device and IP address information for security verification
Failed verification attempt logs (for security monitoring)
Account security event logs

3.2 OTP Security and Retention

OTP codes and related security data are handled with the highest level of security:

OTP codes are single-use and expire in 10 minutes
Security logs are retained for fraud prevention and account security
Failed verification attempts are monitored for suspicious activity
All OTP-related data is encrypted and securely stored

SMS Data Processing: We process SMS data in accordance with applicable laws and regulations. Message and data rates may apply. You can opt-out at any time by replying "STOP" to any SMS message. However, opting out of SMS may limit your ability to use 2FA security features.

4. How We Use Your Information

We use the collected information for the following purposes:

Provide and maintain the Service
Process bookings and reservations
Send verification codes and notifications
Communicate with you about the Service
Improve and personalize your experience
Analyze usage patterns and trends
Comply with legal obligations
Prevent fraud and ensure security

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Third-Party Service Providers

We share information with third-party service providers who assist us in operating the Service:

Payment Processing:

Stripe, Inc. - Payment processing, subscription billing, payment data storage
Payment information is encrypted and processed securely by Stripe
We do not store complete credit card numbers on our servers

SMS Communications:

Infobip - SMS delivery, OTP verification, two-factor authentication
Phone numbers are shared with Infobip for message delivery
Message delivery status and engagement data is tracked

Real-Time Communications:

Pusher - WebSocket connections, real-time push notifications
User connection data and notification preferences are shared

Cloud Storage:

Amazon Web Services (AWS) S3 - Media file storage, document storage
Cloudflare R2 - Alternative cloud storage for media and documents
User-uploaded content (photos, documents) is stored in cloud storage

Analytics:

PostgreSQL Analytics Database - Separate analytics database for user behavior tracking
Behavioral analytics, engagement metrics, and usage patterns
Data may be anonymized or aggregated

Geographic Services:

Geocoding Services - Address-to-coordinate conversion
Location data for venue mapping and proximity features

Data Processing Agreements: All third-party providers have data processing agreements (DPAs). Providers are required to comply with applicable privacy laws. International data transfers are governed by standard contractual clauses.

5.2 Legal Requirements

We may disclose information if required by law or to protect our rights, property, or safety, or that of our users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

7. Data Retention

7.1 Retention Periods by Data Type

Account Data:

Active accounts: Retained indefinitely
Deleted accounts: 30-day grace period, then permanent deletion
User can configure retention: indefinite, 1 year, 2 years, 5 years

Booking Data:

Default retention: 2 years (730 days)
Configurable by user: 1 year, 2 years, 5 years
Anonymous booking statistics: Retained for analytics (indefinite)

Location Data:

Default retention: 30 days
Configurable by user: 3 months, 6 months, 1 year
Precise location: 30 days default
IP location: Real-time only (not stored)

Analytics Data:

Default retention: 1 year (365 days)
Configurable by user: 6 months, 1 year, 2 years
Anonymized analytics: Retained for platform improvements (indefinite)

Communication Data:

Default retention: 1 year (365 days)
Configurable by user: 6 months, 1 year, 2 years
SMS opt-in records: Retained per legal requirements (7 years)

Business Data:

Default retention: 3 years (1095 days)
Required by law: Tax and business records (7 years)
Subscription data: Retained for billing history

OTP/Security Data:

OTP codes: Expired after 10 minutes, deleted after 24 hours
Security logs: Retained 90 days for fraud prevention
Failed login attempts: Retained 30 days

7.2 Automatic Deletion

Users can enable automatic data deletion
Automatic deletion respects legal requirements
Some data (tax records, business documents) must be retained by law

8. Your Rights and Choices

You have the following rights regarding your personal information:

Access: Request access to your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Portability: Request a copy of your data in a portable format
Opt-out: Unsubscribe from marketing communications
SMS Opt-out: Reply "STOP" to any SMS message

8.1 Comprehensive Privacy Controls

We provide 80+ granular privacy settings across 8 categories:

Profile Visibility (12 settings):

Control who can see your profile information
Manage searchability (email, phone, name)
Control visibility of booking history, reviews, follows, achievements

Location Privacy (9 settings):

Enable/disable location sharing
Control precise vs. approximate location
Manage proximity notifications
Control location history and geofencing

Analytics Privacy (11 settings):

Control behavioral tracking
Manage engagement analytics
Control session and click tracking
Enable/disable preference learning
Control third-party analytics and advertising

Communication Privacy (11 settings):

Control email, SMS, and push notifications
Manage marketing communications
Control booking reminders and venue updates
Set quiet hours for notifications
Configure digest mode (daily/hourly summaries)

Booking Privacy (10 settings):

Control visibility of booking history
Manage booking preferences sharing
Control party size and special requests visibility
Manage booking analytics and insights

Business Privacy (10 settings):

Control business profile visibility
Manage venue ownership display
Control business contact information visibility
Manage business analytics sharing

Data Retention (10 settings):

Configure retention periods for different data types
Enable automatic data deletion
Control data export and portability
Manage right to be forgotten requests

Third-Party Privacy (10 settings):

Control social media integration
Manage payment processor data sharing
Control analytics services and advertising networks
Manage marketing partner data sharing

8.2 Accessing Privacy Settings

Privacy settings available through user dashboard
API endpoints for programmatic access: GET /api/user/privacy-settings
Bulk category updates supported
Default settings respect privacy by design

8.3 Privacy Setting Changes

Changes take effect immediately
Users can export privacy settings configuration
Privacy settings can be reset to defaults

8.4 Right to Data Portability

Users can export all their data in machine-readable format (JSON/CSV)
Export includes: Profile information, booking history, reviews and ratings, privacy settings configuration, communication preferences, analytics data (if enabled)
Export API endpoint: GET /api/user/privacy-settings/export
Export processing: Typically within 7 days

8.5 Right to Deletion (Right to be Forgotten)

Users can request complete account deletion
Deletion process:
1. Immediate: Account marked for deletion
2. 30-day grace period: Data recoverable
3. Permanent deletion: After 30 days, data permanently removed
Data that cannot be deleted (legal requirements):
- Transaction records (7 years required by law)
- Business verification documents (if user is venue owner)
- Aggregated, anonymized analytics (no personal identifiers)
Deletion API endpoint: POST /api/user/privacy-settings/reset

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. You can control cookie settings through your browser preferences.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites.

11. Children's Privacy

11.1 Age Restrictions

Our Service is not intended for children under 13 years of age
We do not knowingly collect personal information from children under 13
If we discover a child under 13 has provided information, we will delete it immediately

11.2 Users 13-18 Years Old

Users between 13 and 18 years old may use the Service with parental consent
We recommend parental supervision for users under 18
Parents or guardians can request deletion of minor's account
Venue owners must be 18 years or older to create business accounts

11.3 Parental Rights

Parents can review their child's personal information
Parents can request deletion of their child's account
Parents can revoke consent and have information deleted
Contact: privacy@nytevibe.com with subject "COPPA Request"

12. International Data Transfers

12.1 Data Storage Locations

Primary servers: United States
Cloud storage (AWS S3): United States (may use international edge locations)
Cloudflare R2: United States and international edge locations
Analytics database (PostgreSQL): United States
SMS service (Infobip): International (multiple regions)

12.2 Transfer Safeguards

Standard Contractual Clauses (SCCs) for international transfers
Data Processing Agreements (DPAs) with all third-party providers
GDPR-compliant transfer mechanisms for EU data
Adequate safeguards for cross-border transfers

12.3 EU/UK Residents

Additional rights under GDPR apply
EU Representative: E&EL Global Inc., Delaware office
Contact: privacy@nytevibe.com

13. Marketing Communications and Advertising

13.1 Marketing Opt-In/Opt-Out

Marketing emails: Opt-in required, opt-out available anytime
Promotional SMS: Opt-in required, reply "STOP" to opt-out
Push notifications: Configurable in app settings
Users can control marketing frequency (normal, reduced, minimal)

13.2 Advertising and Third-Party Tracking

We do not currently use third-party advertising networks
We do not sell user data to advertisers
Behavioral tracking for internal analytics only
Users can disable advertising tracking in privacy settings

13.3 Referral Program Data

Referral codes and commission data are collected
Referral program participation is optional
Referral data shared only with referral program participants

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will provide at least 30 days notice.

15. Compliance with Laws

This Privacy Policy is designed to comply with applicable privacy laws, including but not limited to:

General Data Protection Regulation (GDPR): European Union data protection regulation
California Consumer Privacy Act (CCPA): California data protection law
Children's Online Privacy Protection Act (COPPA): Protection for children under 13
Telephone Consumer Protection Act (TCPA): SMS consent and opt-out requirements
CAN-SPAM Act: Email marketing regulations

Compliance Commitment: We are committed to maintaining compliance with all applicable privacy laws and regulations. If you have concerns about our compliance, please contact us at privacy@nytevibe.com.