Privacy policy

Live from 2026-05-18.

Lelemon is an events platform that lets people find, host, attend, and review live gatherings. This policy explains what personal data we hold about you, why we hold it, how long, who else sees it, and the rights you can exercise over it. It is written to comply with the EU General Data Protection Regulation ("GDPR") and the Swiss Federal Act on Data Protection ("FADP", revised 2023).

1. Who is the controller

Lelemon (the "platform") acts as data controller for the data you create on your account and the data we collect about how you use the platform. Our Data Protection Officer can be reached at privacy@lelemon.ch.

2. What we collect

2.1 Account data (always collected)

• Name, email, role (event creator / guest / service provider / venue provider).
• Profile fields you fill in yourself: country, languages, skills, bio, social handles.
• Events you host or attend (organiser metadata, RSVPs, tickets).
• Bookings, payments, payouts (when applicable to your role).

2.2 Behavioural data (consent-gated)

Only when you have explicitly granted consent via the first-load consent banner or the toggle in Account Settings → Privacy, we record:

• Events, venues, and services you view, save, RSVP to, or leave.
• Search queries and category filters you apply on discovery surfaces.
• Groups you join and connections you make.

Without consent, none of the above is stored — the consent gate is enforced inside the logging primitive itself, not as a UI overlay. Withdrawing consent stops all new logging immediately; you can delete the existing log from the same Privacy section.

3. Why we collect it (lawful basis)

• Account data — contract (GDPR Art. 6(1)(b) / FADP Art. 31). We can't run the platform without it.
• Behavioural data — consent (GDPR Art. 6(1)(a) / FADP Art. 6). Used to improve recommendations and personalise your discovery experience.
• Payment + tax data — legal obligation (GDPR Art. 6(1)(c)). Required to issue invoices, run payouts, and meet anti-money-laundering rules.

4. Future automated decision-making

We plan to build an AI assistant that, in the future, may proactively suggest events you would like and — with your explicit per-action approval — create them on your behalf using platform tools (venues, services, attendees). The behavioural data you consent to share today may be used as input to that assistant.

Any decisions the assistant makes that produce a real-world effect on you (booking a venue, hiring a service, spending credits) will require explicit per-action approval before they take effect, satisfying your right under GDPR Art. 22 / FADP Art. 19 not to be subject to purely automated decisions. We log every assistant action against your account so you can audit and reverse it.

5. How long we keep it

• Behavioural log — 90 days from the date of each entry. Entries older than 90 days are dropped automatically on any read.
• Account data — retained while the account is active. When you schedule deletion, your account enters a 30-day grace period and is permanently deleted at the end of it. Sign in during the grace period to cancel.
• Financial records — retained for the period required by tax law in your country (typically 7–10 years), regardless of account status.

6. Who else sees it

• Event creators see attendee names + the answers you give to mandatory event questions.
• Venue / service providers see the bookings you make with them.
• Backend platform — Supabase (Supabase, Inc., USA — EU/Swiss data residency in the Zurich region) hosts our database (Postgres), authentication, and (when enabled) file storage on our behalf as a data processor under contract (DPA). Account-creation data (email, hashed password, OAuth identifiers from Google/Apple if you choose them) and your platform profile (display name, role, legal-acceptance records) live in a Postgres instance physically located in Zurich, Switzerland — so day-to-day storage doesn't leave the EU/Swiss perimeter. Some operational metadata (logs, support tooling) may transit to the US under Standard Contractual Clauses + supplementary technical measures.
• Payment processor — Stripe (Stripe Payments Europe, Limited, Ireland) handles card data, payouts, and refunds on our behalf as a data processor under contract (DPA). Stripe operates servers in the EU; some operational data may transit to the US under Stripe's Standard Contractual Clauses.
• Email processor — Resend (Resend, Inc., USA) delivers transactional and lifecycle email on our behalf as a data processor under contract (DPA). What Resend receives: your email address, your name where included in the message, and the message content (subject + body) we asked it to send. Resend retains delivery metadata (bounces, complaints) so we can maintain a suppression list. Transfer to the US is covered by Standard Contractual Clauses + supplementary technical measures. You can ask us at privacy@lelemon.ch for a copy of the DPA or for confirmation of the current sub-processor list.
• When AI features ship, the underlying language model provider (Anthropic / OpenAI / equivalent) will process the prompts we send to it on our behalf as a data processor under contract. Cross-border transfer to the US will rely on Standard Contractual Clauses + supplementary measures. You will be informed before this changes.
• Public authorities when legally compelled (we publish a transparency report).

7. Your rights

You can exercise the following rights from Account Settings → Privacy or by emailing privacy@lelemon.ch:

• Access (GDPR Art. 15) — download your full data bundle as JSON.
• Erasure (Art. 17) — delete your activity history or your full account.
• Portability (Art. 20) — the JSON export is in a machine-readable format.
• Withdraw consent (Art. 7(3)) — flip the analytics toggle off at any time.
• Rectification (Art. 16) — edit your profile fields directly.
• Objection (Art. 21) — write to us if you believe a specific processing is unlawful.
• Lodge a complaint (Art. 77) — with your local data protection authority (EU: the supervisory authority of your member state; Switzerland: FDPIC).

8. Security

Data is encrypted in transit (HTTPS) and at rest where stored on our servers. The current v1 prototype additionally stores some user state in browser localStorage on your own device for offline-first behaviour — this is not transmitted to us unless you take an action that requires it.

9. Changes to this policy

Material changes (new processing purposes, new processors, longer retention) will be notified in-app before they take effect, and where required will reset consent so you can opt in again with full information.

See also our Terms of Service and Cookies notice.