Romp It Up 2026
Privacy Policy
Last updated: June 2026
This Privacy Policy explains how the Romp It Up festival application (“Romp It Up,” “we,” “us”) collects, uses, shares, and protects information about you when you use our website at rompitup.com (the “Service”). By creating an account or signing in, you agree to the practices described here.
1. Information we collect
We collect only what we need to run the festival app:
- Account information. When you register with an email and password, or sign in with Google or Facebook, we receive your name, email address, and (for social sign-in) your profile photo. Passwords you create are stored only as a salted one-way hash — we never see or store them in plain text.
- Authentication data. Sign-in is handled by Auth.js; for social logins we store a provider account identifier and tokens needed to keep you signed in.
- Festival activity. Items you save or interact with in the app (for example, saved schedule events), and messages staff send you.
- Technical data. Standard server logs (IP address, browser type, timestamps) used for security and reliability.
We do not collect payment-card information, government IDs, or sensitive categories of personal data, and the Service is not intended to gather precise location.
2. How we use your information
- To create and secure your account and sign you in.
- To show you the festival program and any features tied to your account.
- To send festival-related messages and respond to your requests.
- To maintain security, prevent abuse, and comply with legal obligations.
We do not sell your personal information, and we do not use it for third-party advertising or profiling.
3. How we share information
We share personal information only with service providers that help us run the app:
- Hosting & database: Railway (application hosting and managed PostgreSQL database).
- Authentication providers: Google and Facebook, when you choose to sign in with them.
- Email delivery: our transactional email provider, for account and festival notifications.
We may also disclose information if required by law or to protect the rights, safety, and security of attendees and the festival.
4. Data retention
We keep your account information for as long as your account is active. You can ask us to delete it at any time (see “Data deletion” below). We may retain limited records where required for legal, security, or accounting purposes.
5. Security
Data is encrypted in transit (HTTPS/TLS), passwords are hashed, and access to the production database is restricted. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect your information.
6. Your privacy rights (United States)
Depending on your state of residence, you may have rights to access, correct, delete, or obtain a copy of your personal information, and to opt out of its sale or sharing. States with comprehensive consumer-privacy laws include California (CCPA/CPRA), Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and a growing number of others. Regardless of which U.S. state you live in, you may contact us to exercise any privacy rights available to you, and we will honor them where they apply.
We do not sell or share personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.
7. Your privacy rights (Canada)
If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) — and provincial laws such as Quebec’s Law 25 — give you the right to access the personal information we hold about you, request corrections, and withdraw consent to our use of it (subject to legal or contractual limits). We collect, use, and disclose your information only with your consent or as permitted by law. Contact us using the details below to exercise these rights.
8. Data deletion
You can delete your account and associated personal data at any time. Email help@rompitup.com from the address on your account, or sign in and use the account page, and we will delete your data within 30 days (excluding records we must retain by law). If you signed in with Facebook or Google, removing the app from that provider’s settings also revokes its access.
9. Children's privacy
The Service is intended for a general festival audience and is not directed to children under 13. We do not knowingly collect personal information from children under 13; if you believe a child has provided us information, contact us and we will delete it.
10. Where your data is processed
The Service is hosted in the United States. If you access it from outside the U.S., you understand your information will be processed in the U.S., which may have different data protection rules than your home jurisdiction.
11. Changes to this policy
We may update this policy from time to time. When we do, we’ll revise the “Last updated” date above, and significant changes will be communicated through the app.
12. Contact us
Questions or requests about your privacy? Email help@rompitup.com.