Privacy Policy
Effective: 26 October 2025
Klipspringer is a privacy‑respecting event ticketing platform run by Mårdhund (lit. "marten dog"). Each event operates as a single‑tenant instance with its own database and configuration. We design the system to collect as little personal data as possible and to process it only for the purpose of running events.
This document explains how we process personal data, what limited information we store, and the principles that guide our decisions.
1. Data Controller and Processor Roles
For each event, the Event Organizer acts as the Data Controller, determining what personal data is collected and why. Klipspringer acts as the Data Processor, handling data solely on behalf of and under the instructions of the Event Organizer.
If you are an attendee, your point of contact for privacy matters is the organizer of the event you registered for. You may also contact Klipspringer at privacy at mardhund dot com for assistance identifying the appropriate controller.
Klipspringer does not collect or process data beyond what is technically required for registration, ticketing, and event management. Depending on the event configuration, the following categories may apply:
| Category | Examples | Purpose | Stored by Klipspringer |
|---|---|---|---|
| Account Information | First name, email address | Required for account creation and communication | Yes |
| Optional Personal Details | Family name, date of birth, address, postal code, country | Used for age verification or mailing info | Yes, if enabled by organizer |
| Event Participation | Ticket tier, RSVP status, roommate code, check-in time | To manage attendance and logistics | Yes |
| Orders and Payments | Transaction ID, amount, tax rate, payment provider | Required for accounting and refunds | Partial metadata only |
| Identity Verification | Verification status, timestamp | To confirm age or identity before entry | Status only; ID handled by Didit |
| Notifications | Delivery method (webpush, ntfy), message delivery status | To send event updates | Yes, if enabled by organizer |
| Custom Responses | Answers to questions (e.g. allergies, T-shirt size) | Collected at the organizer's discretion | Yes, if enabled by organizer |
Klipspringer never collects or processes biometric data, government identifiers, or behavioral analytics.
2. Purpose and Legal Basis
Processing of personal data through Klipspringer occurs only for the following purposes:
- To provide event registration, ticketing, and check‑in functionality (performance of a contract).
- To handle payments, refunds, and invoicing (performance of a contract and legal obligation).
- To send legitimate event communications such as updates or schedule changes (legitimate interest).
- To comply with lawful requests and regulatory requirements (legal obligation). Klipspringer does not engage in profiling, marketing, or behavioral tracking.
3. Cookies
Klipspringer uses a single cookie, connect.sid, which maintains your session while logged in. This cookie is strictly necessary under Article 5(3) of Directive 2002/58/EC and does not require consent.
4. Retention
Event data is retained only as long as necessary for the operation of the event.
- Basic attendee data (first name, email address) remains until the event concludes.
- Optional data (address, birth date, questionnaire responses) is retained only if required by the organizer.
Within thirty one (31) days of the event's conclusion, Klipspringer contacts the organizer to either: a) transfer data to the organizer for lawful continued use, or b) permanently delete all records from the database.
If an attendee submits a deletion request to Klipspringer directly, we will forward the request to the relevant Event Organizer without undue delay. The Event Organizer, as the Data Controller, is responsible for responding and determining whether legal grounds exist to fulfill or deny the request.
5. Subprocessors
Klipspringer relies on a minimal set of trusted sub‑processors necessary to deliver its services:
| Processor | Purpose | Data Retention | Location |
|---|---|---|---|
| Hetzner Online GmbH | Hosting infrastructure | Until event deletion | EU (Germany) |
| Didit | Identity verification | Deleted immediately after verification | EU |
| Stripe, Inc. | Payment processing | Retained by Stripe per financial laws | EU/US (via SCCs) |
| PayPal Holdings, Inc. | Payment processing | Retained by PayPal per financial laws | EU/US (via SCCs) |
All sub‑processors are contractually bound to process data solely under the organizer’s instructions and in compliance with the GDPR.
6. Data Location
Each event instance stores its database within the European Union or another jurisdiction recognized as providing adequate protection under Article 45 of the GDPR. If data is transferred outside the EU/EEA, it is protected using Standard Contractual Clauses or equivalent legal mechanisms.
7. Security
Each event runs in isolation with its own database and credentials. Data in transit is encrypted using TLS 1.3. All storage uses encrypted volumes. Administrative access is restricted to authorized personnel operating under confidentiality agreements.
8. Your Rights
Individuals whose data is processed through Klipspringer have the following rights under Articles 12–23 of the GDPR:
- The right to access personal data held about you.
- The right to rectify inaccurate data.
- The right to request erasure ("right to be forgotten").
- The right to restrict or object to processing.
- The right to data portability where applicable.
These rights apply regardless of your location. Klipspringer applies GDPR protections to all users worldwide. We do not limit these rights based on residency or citizenship.
9. Legal Compliance and Exceptions
Klipspringer will comply with lawful orders, subpoenas, and court directives under applicable law, including 18 U.S.C. § 2703. Disclosure will be limited to the minimum scope required by law.
In cases where there is a credible and immediate risk of serious harm to an individual, Klipspringer may disclose relevant information to competent authorities to protect life and safety
10. Changes to this Policy
This policy may be updated to reflect new legal requirements or technical changes. The current version is always available at https://klipspringer.net/legal/privacy-policy/. Material updates will include a new effective date.
11. Contact
For inquiries or complaints regarding this policy or the handling of personal data, contact:
Klipspringer
Email: privacy@mardhund.com
Website: https://klipspringer.net
12. Right to lodge a complaint
If you are located in Canada and believe your privacy rights have been violated, you have the right to lodge a complaint with the relevant data protection authority.
Canada
For events hosted on infrastructure located in Québec, this is the Commission d’accès à l’information (CAI):
Montréal
2045, rue Stanley,
bureau 900
Montréal (Québec) H3A 2V4
Téléphone : 514 873-4196
Télécopieur : 514 844-6170
Numéro sans frais : 1 888 528-7741
For events hosted on infrastructure located in Canada, this is the Office of the Privacy Commissioner of Canada
30 Rue Victoria, Gatineau, QC J8X 2A1, Canada
European Union or EEA
If you are located in the EU or EEA, you have the right to lodge a complaint with the data protection authority in your country of residence under the General Data Protection Regulation (GDPR). A list of national supervisory authorities is available at:
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
Klipspringer does not currently maintain a GDPR Article 27 representative in the EU. However, we will respond to good-faith GDPR inquiries and assist event organizers in fulfilling their obligations as data controllers.