This Privacy Policy explains how riga.2see.live ("we", "us", "our") collects, uses and protects your personal data in accordance with the General Data Protection Regulation (GDPR, EU 2016/679) and applicable Latvian law.
The data controller responsible for your personal data is the operator of riga.2see.live, reachable at:
| Data | Purpose | Legal basis |
|---|---|---|
| Email address (login) | Send magic-link to log you in without a password; identify your account | Consent (Art. 6(1)(a) GDPR) |
| Email address (digest subscription) | Send personalized event picks based on your interest phrase, at your chosen frequency | Consent (Art. 6(1)(a) GDPR) |
| Interest phrase you submit ("джаз для детей") | Match your phrase against events when sending digest | Consent (Art. 6(1)(a) GDPR) |
| Wishlist (event IDs you saved) | Remember which events you marked as favourites; sync with our Telegram bot if you log in | Consent / Contract (Art. 6(1)(b)) |
| Telegram account ID, username, first name, photo URL (if you log in with Telegram) | Identify your account; show your name and avatar; sync wishlist with bot | Consent (Art. 6(1)(a) GDPR) |
| Event submission: email + ticket URL + organizer fields | Verify link is live; scrape event details for publication; notify you when live | Consent (Art. 6(1)(a) GDPR) |
| Marketing preferences (optional) | If you request paid promotion assistance: connect you with our marketing services | Consent (Art. 6(1)(a) GDPR) |
| Anonymous usage analytics (only if you accept cookies) | See which categories/events are popular; improve the site | Consent (Art. 6(1)(a) GDPR) |
We do not collect payment information, government IDs, or any special categories of personal data.
We use the following categories of storage:
| Category | Purpose | Storage | Consent |
|---|---|---|---|
| Strictly necessary | Remember language preference, wishlist, onboarding state, login session token | browser localStorage | Not required (Art. 5(3) ePrivacy) |
| Analytics | Understand which events are viewed, which features are used, improve the site | Google Analytics 4 via Google Tag Manager (cookies _ga, _ga_*) | Opt-in via cookie banner |
| UX research | Anonymous session recordings and click heatmaps to identify usability issues. Personal fields (email, name, phone, password) automatically masked. | Hotjar (cookies _hjSession*, _hjid) | Opt-in via cookie banner |
| Marketing / advertising | None active today; reserved for possible future remarketing (Meta Pixel, Google Ads) | — | Opt-in via cookie banner |
We implement Google Consent Mode v2. Analytics and advertising signals are denied by default until you accept via the cookie banner. You can change your choice at any time by clicking the «Cookies» link in the footer. Necessary storage (login, wishlist, language) functions without consent because it is essential to the service you requested.
Strictly necessary storage uses browser localStorage, which lives only on your device and is never transmitted to our servers. Analytics cookies are set by Google when you accept; they are subject to Google's privacy policy.
We share your data only with the following processors under data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Brevo (Sendinblue) | Transactional email delivery (magic-link login, digest subscription emails) | EU (France) |
| Fly.io | API server hosting | EU (Amsterdam region) |
| Cloudflare Pages | Static website hosting | Global CDN (EU transfer SCCs) |
| Google (GA4 + Tag Manager) | Anonymous traffic analytics (only with your cookie consent) | Global (EU transfer SCCs) |
| Hotjar | Anonymous session recordings & heatmaps for UX research (only with your cookie consent). Personal fields (email, name, phone, password) are automatically masked via data-hj-suppress | EU (Malta) |
| Telegram | Optional Telegram-account login (only if you click «Log in with Telegram») | Global |
| Anthropic (Claude API) | AI-powered search and event categorization (anonymous queries, no personal data sent) | USA (SCCs) |
We do not sell your personal data to third parties.
| Data type | Retention period |
|---|---|
| Submission records (email, URL, status) | 12 months from submission date |
| Published event data (title, date, venue, etc.) | Retained as public event record; deleted on request |
| Email delivery logs | 30 days (managed by Brevo) |
As a data subject you have the right to:
To exercise any right, email us at info.riga@2see.live. We will respond within 30 days.
If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the supervisory authority:
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, and unauthorised disclosure. All data is transmitted over HTTPS. Access to our systems is restricted and logged.
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. For material changes, we will notify you via email if we hold your address.
For any questions about this Privacy Policy or your personal data, please contact: info.riga@2see.live