Privacy Policy
Last updated: July 2026
Where VenueCircuit is right now
VenueCircuit is in private pilot. What you can use today is a public demo built on a shared, fictional dataset — there are no user accounts yet, and the role switcher inside the demo is a preview of how role-based access will work, not an access-control system. Anything you type into the demo is disposable demo data: it may be visible to other visitors and is periodically reset. Please don't put real business data in it.
What we collect
Today, the personal data we collect is what you deliberately send us: your email address and venue name if you request a pilot seat, and whatever you write into the feedback widget. That's the whole list.
When production accounts launch, we'll collect what setup requires — name, email, role, venue or company details — plus the operational data you enter (show records, ledger entries, settlements, riders, guest lists). That data will belong to your organization, not us. This section will be updated before any of that goes live.
How we use it
Your data is used for exactly one thing: running VenueCircuit. It powers your dashboard, show records, financial tracking, team coordination, and everything else the platform does. That's it.
We won't sell your data. We won't share it with data brokers. We won't use show records or ledger entries to train models, run ads, or build profiles. This operational data isn't a product we're monetizing — it's information you trusted us to hold while you run your business.
Where it's stored
VenueCircuit runs on Supabase, which uses PostgreSQL hosted in the United States. Pilot requests are stored write-only from the public site: the form can add a request, but nothing public can read the list back — only we can. Feedback submissions are delivered to us by email via Netlify Forms.
Supabase and Netlify are infrastructure providers, and like any infrastructure provider, they have access to the systems your data sits on. They operate under their own security and compliance standards.
For production accounts we plan per-organization isolation, Supabase Auth for login security, and database-enforced role access. Those protections are not live yet — which is exactly why the current demo runs on fictional data.
Who sees this data
Pilot requests and feedback go to the small team that runs VenueCircuit, and are used only to reply to you. We don't sell them, share them with data brokers, or add you to anyone else's list.
In production, access within an organization will be role-based — people added to an org will see what their role allows and nothing more. The demo's role switcher shows that model on fictional data today.
Integrations
The integrations you can open in the demo (ticketing, point-of-sale, accounting, payroll) are clearly labelled simulations running on the fictional dataset — no third-party connection is made and no credentials are collected.
When real integrations launch, we'll use OAuth or API keys you provide, we won't store those credentials in plain text, and we won't reuse them beyond the sync you authorized. Each third-party service has its own privacy policy that covers their end.
Your rights
You can request an export of your data or ask us to delete your account and everything associated with it. Email us at hello@venuecircuit.app and we'll take care of it.
We're building self-serve export tooling — it's on the roadmap for during beta. Until then, reach out and we'll do it manually. We won't make you file a ticket and wait three weeks. This is a small team and we respond like humans.
Cookies & analytics
We use two analytics tools. The first is Plausible Analytics — privacy-focused and cookie-free; it records aggregate page views only, with no fingerprinting, cross-site tracking, ad networks, or pixel trackers.
The second is Google Analytics 4, which we use to understand which pages and buttons lead people to try the demo or ask about the pilot. It sets first-party cookies and records page views plus interaction events (for example, clicks on demo, pricing, and contact links, and form submissions). We configure it with IP anonymization, and we don't use it for advertising or ad personalization. For visitors in the EEA, UK, and Switzerland, Google Analytics storage is off by default — only cookie-free Plausible runs there.
There are no login cookies today because there are no accounts yet. When accounts launch, session cookies will be first-party Supabase Auth tokens that expire and aren't shared with anyone.
Contact
Questions about this policy, your data, or anything else: hello@venuecircuit.app