Evently logo

Privacy Policy

Last Updated: 7/19/2025

Covaera ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform for event management, registrations, and related services.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number (optional), profile photo, and team/organization details
  • Event Information: Event details, registration data, payment information, and emergency contact details
  • Digital Waivers: Digital signatures, waiver acceptance data, and liability acknowledgments
  • Insurance Information: Coverage preferences, policy details, and risk assessment data when using our insurance services
  • Reservation Data: Time slot preferences, location data for reservations, and scheduling information
  • Communications: Messages you send through our platform, event communications, and support inquiries
  • Social Media: Social media account information when you connect your accounts for event promotion
  • Payment Information: Credit card details (processed securely through Stripe), billing addresses, and transaction history

1.2 Information Collected Automatically

  • Usage Analytics: Page views, event interactions, registration flow analytics, and platform usage patterns
  • Event Engagement: Event view tracking, time spent on event pages, and registration conversion metrics
  • Device Information: IP addresses (anonymized when possible), browser type, device identifiers, and operating system
  • Location Data: Geographic information for event discovery and location-based services (with your consent)
  • Cart and Session Data: Shopping cart contents, session identifiers, and temporary holds on event registrations
  • Performance Data: Page load times, error tracking, and system performance metrics
  • Cookies and Tracking: Essential cookies for platform functionality, analytics cookies (with consent), and marketing cookies (with consent)

1.3 AI and Smart Features Data

  • Smart Analytics: Event demand patterns, urgency signals, and registration velocity for intelligent badge generation
  • Recommendation Data: Event preferences, browsing history, and engagement patterns for personalized recommendations
  • Predictive Analytics: Registration likelihood, capacity forecasting, and demand prediction models

2. How We Use Your Information

We use your information to:

  • Core Services: Provide event registration, management, and discovery services
  • Payment Processing: Handle secure payments, refunds, and financial transactions
  • Reservations: Manage time slot bookings, availability tracking, and scheduling
  • Insurance Services: Facilitate event insurance through our partner Thimble, including policy generation and claims support
  • Digital Waivers: Process waiver signatures, maintain liability records, and ensure legal compliance
  • Communications: Send transactional emails, event updates, emergency notifications, and marketing communications (with consent)
  • Analytics and Insights: Generate event analytics, attendance reports, and performance insights for organizers
  • Platform Improvement: Enhance user experience, develop new features, and optimize platform performance
  • Safety and Security: Detect fraud, prevent abuse, and maintain platform security
  • Legal Compliance: Meet regulatory requirements, tax obligations, and legal standards
  • AI Features: Power smart badges, recommendation engines, and predictive analytics (when enabled and with consent)

3. Information Sharing and Disclosure

We share your information only in the following circumstances:

3.1 With Event Organizers

  • Registration and attendee information for events you register for
  • Emergency contact details and medical information (when provided)
  • Digital waiver status and completion records
  • Insurance policy information (when applicable)
  • Communication preferences and contact information

3.2 Service Providers

  • Stripe: Payment processing, refunds, and financial services
  • Clerk: Authentication, user management, and account security
  • Klaviyo: Email marketing and communications (with consent)
  • Mapbox: Maps, location services, and geocoding
  • Thimble Insurance: Event insurance policies and coverage services
  • Google Analytics: Website analytics and performance tracking (with consent)
  • Facebook/Meta: Social media integration and marketing pixels (with consent)
  • AI Service Providers: Smart analytics and recommendation engines (when enabled)

3.3 Legal and Safety Requirements

  • When required by law or legal process
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activity
  • In connection with insurance claims or liability issues

4. Data Security and Protection

We implement comprehensive security measures to protect your personal information:

  • Encryption: All sensitive data is encrypted in transit and at rest
  • Secure Authentication: Multi-factor authentication options and secure login through Clerk
  • Payment Security: PCI DSS compliant payment processing through Stripe
  • Access Controls: Limited access to personal information based on business need
  • Regular Security Audits: Ongoing security assessments and vulnerability testing
  • Data Backup: Secure, encrypted backups with geographic distribution
  • Incident Response: Rapid response procedures for any security incidents
  • Staff Training: Regular privacy and security training for all personnel

5. Your Privacy Rights and Choices

5.1 GDPR Consent Management

Granular Control: You have complete control over how we process your data through our GDPR-compliant consent system:

  • Essential Cookies: Required for platform functionality (always active)
  • Analytics: Google Analytics and performance tracking (optional)
  • Marketing: Email marketing, social media pixels, and promotional communications (optional)
  • Personalization: Customized recommendations and AI-powered features (optional)
  • Functional: Enhanced features like social media integration (optional)

You can modify these preferences anytime through your Account Settings → Privacy tab or through our privacy banner.

5.2 Access and Data Portability

  • Account Dashboard: View and update your personal information through your account settings
  • Data Export: Request a complete export of your personal data in machine-readable format
  • Registration History: Access your complete event registration and payment history
  • Waiver Records: View all digital waivers you've signed
  • Communication History: Access messages and communications related to your account

5.3 Data Deletion Rights

Complete Account Deletion: You have the right to delete your account and associated data. When you delete your account:

  • Your user profile and personal information will be permanently deleted within 30 days
  • All attendee records associated with your email will be removed
  • Your event registrations will be deleted (with notification to organizers)
  • Digital waiver signatures will be anonymized but retained for legal compliance
  • Insurance policies will be transferred to anonymous records for regulatory compliance
  • Events you organized will remain but without your personal information
  • Payment records will be anonymized to maintain financial and tax compliance
  • You will be unsubscribed from all marketing communications
  • Analytics data will be anonymized and your consent preferences will be deleted

Note: Some anonymized data may be retained for legal compliance, financial record-keeping, and insurance liability purposes for up to 7 years.

5.4 Communication and Marketing Preferences

You can control all communications through multiple channels:

  • Account Settings: Manage all preferences in your dashboard under Communications
  • Email Unsubscribe: Use the unsubscribe link in any marketing email
  • Event Communications: Opt out of specific event-related communications
  • SMS/Text Messages: Reply STOP to any text message to unsubscribe
  • Push Notifications: Manage through your device settings or account preferences

Note: You will continue to receive essential transactional communications related to your registrations, payments, and account security regardless of marketing preferences.

6. Data Retention and Lifecycle

We retain your personal information based on the following schedule:

  • Active Accounts: Data retained while your account remains active
  • Closed Accounts: Most personal data deleted within 30 days of account closure
  • Financial Records: Anonymized transaction data retained for 7 years for tax and regulatory compliance
  • Insurance Records: Policy and claims data retained according to insurance regulations (up to 10 years)
  • Digital Waivers: Anonymized waiver records retained for liability protection (up to 7 years)
  • Analytics Data: Anonymized usage data retained for up to 2 years for platform improvement
  • Marketing Data: Deleted immediately upon withdrawal of marketing consent
  • Security Logs: Retained for up to 1 year for security and fraud prevention

7. Special Considerations

7.1 Minors and Youth Events

Our platform may be used for youth events with special protections:

  • We do not knowingly collect personal information from children under 13
  • Youth events require parental or guardian consent for registration
  • Additional privacy protections apply to youth participant data
  • Parents/guardians can access and control their child's information
  • Enhanced data security for youth participant records

7.2 Medical and Health Information

When you provide medical information for event registration:

  • Health data is encrypted and access is strictly limited
  • Information is shared only with authorized event organizers and emergency personnel
  • Medical information is retained only as long as necessary for safety purposes
  • You can update or remove medical information through your profile

7.3 Insurance Data

When using our insurance services through Thimble:

  • Insurance applications and policies are governed by insurance regulations
  • Claims data may be shared with insurance carriers and regulatory bodies
  • Policy information is retained according to insurance law requirements
  • You have rights to access and correct insurance-related information

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own:

  • Data Centers: We use secure data centers in the United States and Europe
  • Safeguards: All international transfers include appropriate legal safeguards
  • EU-US Data Privacy Framework: We comply with applicable international data transfer frameworks
  • Encryption: All data is encrypted during international transfers

9. Third-Party Services and Integrations

Our platform integrates with various third-party services, each with their own privacy policies:

9.1 Payment and Financial Services

9.2 Authentication and User Management

9.3 Analytics and Tracking (Optional with Consent)

9.4 Communication Services

9.5 Maps and Location Services

9.6 Insurance Services

9.7 Social Media Integrations (Optional)

10. Cookies and Tracking Technologies

We use various types of cookies and tracking technologies:

10.1 Essential Cookies (Always Active)

  • Authentication and session management
  • Shopping cart functionality
  • Security and fraud prevention
  • Platform stability and performance

10.2 Analytics Cookies (Optional)

  • Google Analytics for usage insights
  • Performance monitoring and optimization
  • Event engagement tracking
  • User journey analysis

10.3 Marketing Cookies (Optional)

  • Facebook Pixel for advertising optimization
  • Email marketing effectiveness tracking
  • Social media integration
  • Retargeting and lookalike audiences

10.4 Functional Cookies (Optional)

  • Personalized recommendations
  • Language and region preferences
  • Enhanced user interface features
  • Social media sharing functionality

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements:

  • Notification: We will notify you of material changes via email and platform notification
  • Review Period: You will have 30 days to review changes before they take effect
  • Consent: Continued use of our platform after changes constitutes acceptance
  • Version History: Previous versions of this policy are available upon request

12. Contact Us and Data Protection

For privacy-related questions, concerns, or to exercise your data rights:

Privacy Officer:
Email: privacy@elevationlines.com
Response Time: We respond to privacy inquiries within 72 hours

Data Subject Requests:
Use our contact form and select "Privacy/Data Request"
Include: Your name, email, and specific request type

Emergency Privacy Concerns:
For urgent privacy or security issues, mark your email as "URGENT - PRIVACY"

13. Regional Privacy Rights

13.1 GDPR Rights (EU Residents)

Under the General Data Protection Regulation, EU residents have the following rights:

  • Right to Access: Obtain a copy of your personal data and processing information
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we process your personal data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing for direct marketing or legitimate interests
  • Right to Withdraw Consent: Withdraw consent for any consent-based processing
  • Right to Lodge a Complaint: File complaints with your local data protection authority

13.2 CCPA Rights (California Residents)

Under the California Consumer Privacy Act, California residents have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Access personal information in a portable format
  • Non-discrimination for exercising privacy rights

13.3 Other Regional Rights

We respect privacy rights under other applicable laws including PIPEDA (Canada), LGPD (Brazil), and other regional privacy regulations. Contact us for information about your specific rights.

14. Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • We will notify you at least 30 days before any transfer of your personal information
  • You will have the right to delete your account before the transfer
  • The acquiring party must honor this Privacy Policy
  • Your consent preferences will be transferred and respected

Privacy-First Commitment

At Covaera, privacy isn't an afterthought—it's built into everything we do. We're committed to transparency, user control, and responsible data handling. Your trust is essential to our mission of connecting communities through outdoor sports and events.