Legal

Privacy Policy

Effective date: June 24, 2026 · tulum-rsvp.com

1. Who we are

Tulum·rsvp (“we”, “us”, “our”) operates the platform at tulum-rsvp.com. The platform enables venue operators to collect RSVPs, track marketing attribution, sell tickets, and run branded guest loyalty programs with Apple and Google Wallet passes.

This Privacy Policy describes how we collect, use, and protect personal data. It applies to everyone who uses our platform — both venue operators who hold accounts and guests who interact with operator-branded RSVP or loyalty pages.

For guests: when you RSVP to an event or join a loyalty program on a venue's page, the venue operator is the data controller for your information. We act as a data processor on their behalf, subject to this policy.

Contact: contact@tulum-rsvp.com

2. Data we collect

From venue operators

From guests

3. How we use your data

For operators

For guests

4. Legal basis for processing (GDPR)

Where the GDPR applies, we rely on the following legal bases:

5. Third-party services and sub-processors

We share personal data only with service providers necessary to operate the platform:

ServicePurposeLocation
SupabaseDatabase and file storageUnited States
ClerkUser authentication and session managementUnited States
StripePayment processing and subscription billingUnited States
ResendTransactional email deliveryUnited States
VercelApplication hosting and edge deliveryUnited States
Apple Inc.Apple Wallet pass delivery and APNs push notificationsUnited States
Google LLCGoogle Wallet pass deliveryUnited States

We do not sell, rent, or trade personal data to any third party for advertising or marketing purposes.

6. Cookies

We use cookies strictly necessary for authentication and session management, set by Clerk. We do not use advertising cookies, tracking pixels, or behavioral analytics from third-party ad networks. No third-party advertiser receives data from cookies set on tulum-rsvp.com.

7. Data retention

8. Your rights

GDPR — European Union and UK

CCPA / CPRA — California residents

LFPDPPP — Derechos ARCO (Mexico)

To exercise any of these rights, email us at contact@tulum-rsvp.com. We will respond within 30 days.

9. Security

10. International data transfers

Our sub-processors are primarily based in the United States. Data transferred outside Mexico is protected by the contractual safeguards and data processing terms of each sub-processor (Supabase, Clerk, Stripe, Resend, Vercel, Apple, Google). Where required, we rely on standard contractual clauses or equivalent mechanisms.

11. Children

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered operators at least 14 days before taking effect, and noted with an updated effective date at the top of this page. Continued use of the platform after the effective date constitutes acceptance of the revised policy.

13. Contact

Tulum·rsvp
Tulum, Quintana Roo, México
contact@tulum-rsvp.com


This document was prepared as a starting point and does not constitute legal advice. Consult a qualified attorney for advice specific to your jurisdiction and business.