Privacy Policy

Eventmate AI is operated by PartyMate, Inc., a Delaware corporation. We operate the website eventmate.ai, the Experience Graph API, the Eventmate MCP connector for AI assistants (including Claude and ChatGPT), and related developer tooling (collectively, the “Service”). This policy describes what personal data we collect, how we use it, who we share it with, how long we keep it, and your rights regarding that data.

This policy covers two distinct usage paths. Where data handling differs, we say so explicitly:

• Experience Graph API — developers and businesses who request API access and integrate our event/venue data.
• Eventmate MCP connector — consumers who connect Eventmate to Claude, ChatGPT, or another MCP-compatible AI assistant to discover events.

We collect only what we need to provide the Service.

Experience Graph API (B2B)

• Contact information — name, work email, company, role, and intended use case when you submit our “Request API access” form.
• Account information — once an API key is issued, we associate it with your contact record to authenticate requests and bill usage (if applicable).
• Usage data — API call counts, response times, error rates, and IP address per request. Used to operate the Service, prevent abuse, and improve performance.
• Analytics — aggregated page visits, referrers, and device class on eventmate.ai.

Eventmate MCP connector (consumers)

• Phone number — collected by our authentication provider (Supabase) when you verify a one-time SMS code, but only if you choose to sign in. Used solely as your account identifier across Eventmate and the wider PartyMate platform.
• Taste preferences — the venues, artists, organizers, and labels you choose to save (“follows”). Stored against your account so that future recommendations are personalized to you.
• Connector queries — cities, date ranges, and free-text search terms you send through the connector. Used to return results and, for a short window, to debug errors and prevent abuse.
• OAuth session data — short-lived access and refresh tokens issued by our authentication provider.

You can use the MCP connector anonymously (without signing in). In that mode we collect only the connector queries above, with no link to an identity.

What the Experience Graph itself contains

The Experience Graph contains data about public events, venues, artists, and organizers. It does not contain personal data about attendees.

We never collect, request, or store any of the following through the Service:

• Payment card information regulated by PCI DSS.
• Protected health information (PHI).
• Government identifiers (e.g. SSN, passport numbers, national IDs).
• Authentication credentials of other systems (API keys, passwords, MFA codes).
• The full content of your AI-assistant conversation. The MCP connector receives only the tool arguments the assistant sends to fulfill your request (e.g. “Berlin, next weekend”). We do not pull, reconstruct, or infer your wider chat log.

• To respond to API access requests and provision API keys.
• To personalize event recommendations to your saved taste preferences in the MCP connector.
• To operate, secure, and improve the Service.
• To send transactional updates (onboarding, security notices, breaking-change announcements). We do not send marketing emails without your opt-in.
• To comply with applicable laws.

We follow the principle of data minimization: tools return only the fields directly relevant to your request, with no behavioral profiling or surveillance, and no expansion of collection beyond what each request reasonably requires.

We use the following sub-processors. Each receives only the data necessary to perform its function under a data processing agreement.

• Supabase — authentication, database, OAuth 2.1 server. Data stored in the EU (Frankfurt).
• Vercel — hosting, edge delivery, and serverless compute for the MCP server and eventmate.ai.
• Resend — transactional email delivery.
• Telegram — internal notification of new B2B API access requests.
• Sentry — error and performance monitoring.

When you use the MCP connector, your AI-assistant provider acts as a separate, independent controller of the data you send through their assistant. Their privacy policies govern that side of the flow:

• Anthropic (Claude)
• OpenAI (ChatGPT)

We do not sell or rent personal data. We share data only with the sub-processors listed above, when required by law, or as part of a corporate transaction (e.g. merger or acquisition), in which case you will be notified.

• B2B contact and account records — kept for as long as you maintain an account, plus a reasonable period for legal and audit purposes.
• Consumer account and taste data — kept for the lifetime of your Eventmate / PartyMate account. Delete your account at any time and we will remove the associated data within 30 days.
• Operational logs — retained up to 30 days for debugging and abuse prevention, then deleted or fully aggregated.
• Aggregated usage metrics — may be retained longer in a form that does not identify individuals.

Depending on where you live, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise any of these rights — including account deletion — email privacy@eventmate.ai. We respond within 30 days.

All traffic to the Service is encrypted in transit via HTTPS/TLS. Data at rest is encrypted in our database. Access tokens are short-lived and refreshable. Row-level security policies on our database restrict each user's data access to their own records. No method of transmission over the internet is 100% secure; we encourage you to use strong, unique credentials.

Eventmate AI is operated from the United States, and stores consumer authentication and account data in the European Union (Supabase Frankfurt). If you access the Service from outside these regions, your information may be transferred to and processed in the United States, the European Union, or other countries where our sub-processors operate, under appropriate safeguards.

The Experience Graph API is intended for businesses and developers and is not directed at children.

The Eventmate MCP connector is suitable for general audiences, including users aged 13–17. We do not knowingly collect personal data from children under 13, and we do not display content inappropriate for a general audience through the connector.

We may update this policy from time to time. Material changes will be posted on this page with a revised effective date and, where appropriate, notified to active customers and connector users.

PartyMate, Inc.
San Marcos, California, USA
privacy@eventmate.ai