PRIVACY POLICY

Last Updated: June 2026

This Privacy Policy describes how TheatreDigitalized ("we", "us", or "our"), trading as Confoozd.com, collects, uses, and shares information in connection with your use of our services, platform, and website.

We are committed to protecting your personal data and respecting your privacy in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The data we collect

To provide our services to theatres, promoters, and clients, we process data essential to our operational infrastructure and event distribution. This includes:

• Box Office & Show Information Data: Schedule details, performance metrics, ticket metadata, seating configurations, and show assets required to sync digital displays.
• Client Stripe API Data: Secure operational access tokens and configuration metadata necessary to connect your payment infrastructure seamlessly to ticket management profiles.
• Client Communications: Corporate email addresses, technical contact data, support tickets, and correspondence essential to standard account handling and customer support.

Lawful bases for processing

Under the GDPR, we rely on the following legal bases to process your information:

• Performance of a Contract: Processing client emails, operational box office parameters, and API configuration profiles is required to deliver the technical platform functions and services you signed up for.
• Legal Obligations: To satisfy explicit fiscal auditing requirements, tax obligations, or legal requests issued by law enforcement and regulatory frameworks.
• Legitimate Interests: For continuous optimization of application parameters, platform hardening, security protocols, and direct client support channels.

How data is shared and transferred

We do not broker, rent, sell, or trade your operational data. Information is shared strictly with reliable sub-processors necessary to host, secure, and run our service:

• Payment Infrastructure Providers: Integration metrics and tokens are passed securely to Stripe via credential tokens to fulfill financial routing operations.
• Cloud Architecture Providers: Scalable host environments where databases and analytical files remain encrypted at rest and in transit.

Data retention

We retain your personal data and API structural elements only for as long as necessary to fulfill the purposes for which they were collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Active integration points and API tokens are retained until an account is deactivated or a formal deletion request is processed.

Your GDPR Rights

As a data subject located within the EU or UK, you possess comprehensive legal privileges regarding your data footprint:

• Right of Access & Correction: Request copies of your internal data entries or demand corrections to outdated email metrics and system preferences.
• Right to Erasure ("Right to be Forgotten"): Request permanent purge criteria across system infrastructure, provided it does not conflict with financial retention mandates or pending contractual terms.
• Right to Restrict or Object to Processing: Restrict how metadata parameters are queried or halt analytical processes built on your operational parameters.
• Right to Data Portability: Request a structured machine-readable download of the personal data you have provided to us.

To exercise any of these privileges, please submit an explicitly detailed request to our designated email endpoint: [email protected]. You also retain the right to lodge a complaint with a relevant data protection supervisory authority.