Privacy Policy

1. Who we are

SaFest 2026 ("we", "us", "our") operates the website safest.com for the SaFest Psychedelic Music & Arts Festival taking place 10–12 July 2026 in the United Kingdom.

2. What data we collect

• Account information — name, email address, and authentication credentials when you create an account or log in via Google.
• Payment information — processed securely by Stripe. We do not store your card details.
• Usage analytics — anonymised page view and interaction data collected via Vercel Analytics, only with your consent.

3. Cookies we use

Strictly necessary cookies do not require consent under UK PECR. Analytics cookies are only set after you give explicit consent via our cookie banner.

4. Legal basis for processing

• Consent — for analytics cookies (you can withdraw at any time via the Cookie Settings link in the footer).
• Contract performance — to process your ticket purchase and provide access to the festival.
• Legitimate interest — for essential site security and authentication.

5. Third-party services

• Supabase — authentication and database hosting.
• Stripe — payment processing. See Stripe's Privacy Policy.
• Vercel — site hosting and analytics (with consent).
• Google — OAuth sign-in provider.
• Resend — email delivery for invitations and password resets.

6. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for analytics at any time
• Lodge a complaint with the ICO (ico.org.uk)

7. Data retention

We retain your account and ticket data for up to 12 months after the festival ends, or until you request deletion. Analytics data is anonymised and retained by Vercel in accordance with their data retention policies.

8. Contact us

For any privacy-related enquiries, contact us at hello@safest.com.