Privacy Policy

This Privacy Policy describes how VX Global Pte Ltd ("VXCES", "we", "us", or "our") collects, uses, and shares personal information when you use our services, including:

• vxces.com (editorial, events, and commerce platform)
• tickets.vxces.com (event ticketing)
• scheduler.vxces.com (scheduling and booking platform)

By using any of our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

We use the information we collect to:

• Provide, operate, and maintain our services
• Process bookings, ticket purchases, and payments
• Create and manage your account
• Sync bookings with your connected calendar
• Send booking confirmations, reminders, and cancellation notifications
• Send ticket PDFs and event-related communications
• Verify wallet ownership for token-gated features
• Prevent fraud, duplicate bookings, and abuse
• Respond to your enquiries and provide customer support
• Improve our services based on usage patterns
• Comply with legal obligations

We do not sell your personal information. We share information only in the following circumstances:

• With hosts and event organisers: when you make a booking or purchase a ticket, we share your name, email, and booking details with the host or event organiser so they can fulfil the service
• With guests you invite: if you add guest email addresses to a booking, those guests will receive calendar invitations and may see your name and email
• Service providers: we use third-party services to operate our platform:
  • Supabase (database and authentication)
  • Stripe (payment processing)
  • Resend (transactional email delivery)
  • Google (calendar integration and OAuth)
  • Vercel (hosting and infrastructure)
  • Xero (accounting and invoicing)
• Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request
• Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction

VXCES's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request access to the Google Calendar scopes necessary to check your availability and create booking events
• We do not use Google Calendar data for advertising or sell it to third parties
• We store OAuth tokens securely and only use them to provide calendar functionality you have explicitly authorised
• You can disconnect your Google Calendar at any time from your dashboard settings, which revokes our access

We use minimal cookies necessary for the operation of our services:

• Authentication cookies: to maintain your login session (managed by Supabase)
• Theme preference: a cookie to remember your light/dark mode preference

We do not use third-party tracking cookies, advertising cookies, or analytics services that track you across other websites. We do not use Google Analytics.

We retain your personal information for as long as necessary to provide our services and fulfil the purposes described in this policy:

• Account data: retained while your account is active, and deleted upon request
• Booking records: retained for the duration required by applicable tax and accounting regulations (typically 5-7 years)
• Ticket purchase records: retained as required by financial regulations and event organiser obligations
• Calendar tokens: stored while the integration is active and deleted when you disconnect your calendar
• Waitlist entries: retained until you unsubscribe or request deletion

We implement appropriate technical and organisational measures to protect your personal information, including:

• All data transmitted over HTTPS with TLS encryption
• Database-level Row Level Security (RLS) policies
• Server-side only access to sensitive credentials and API keys
• OAuth 2.0 for third-party integrations (no password sharing)
• HMAC-based token verification for sensitive operations
• Security headers including HSTS, Content-Type-Options, and frame protection

While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is 100% secure.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your personal data, subject to legal retention requirements
• Portability: request your data in a structured, machine-readable format
• Objection: object to the processing of your data for certain purposes
• Withdrawal of consent: withdraw consent for data processing where consent is the legal basis

To exercise any of these rights, please contact us at privacy@vxces.com. We will respond to your request within 30 days.

VXCES is operated by VX Global Pte Ltd from Singapore. Our service providers may process data in various jurisdictions. By using our services, you consent to the transfer of your information to Singapore and other countries where our service providers operate, which may have different data protection laws than your country of residence.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

If you have questions about this Privacy Policy or our data practices, please contact us: