Antimony Privacy Policy

Version 1.0

Your privacy and personal life are especially important for us, at Antimony. We are here to improve your event experience, and for that we need to collect some personal information. This privacy policy provides you with everything you need to know about what data we collect, how we use and process it, and most importantly, how we protect you. This privacy policy applies to all mobile applications published by Antimony and our website www.theantimony.com, as well as with the services we offer. We comply with the General Data Protection Regulation, and, when implemented, with the Romanian Law.

Personal data

To offer our Apps, Websites and Services we process data, some of which can be regarded as Personal Data. “Personal data” is considered by the relevant legislation as “information or pieces of information that could allow a person to be directly or indirectly identified”.

Information we collect about you

Antimony is a social platform meant to connect you with relevant suggestions like festivals, parties, concerts, and other events that you may be interested in. When you create your personal profile, you can provide us additional information about your festival experience and your preferences in events, artists, or venues. We process this data and add it to your profile to give you relevant promotions or events.

Personal information is collected in a variety of ways:

Information you provide

Antimony is a social platform so you will be asked to create an Antimony account. To do that, you will have a range of options: sign in with your Facebook account, Google, or Apple account, or create a new Antimony account with your e-mail address or telephone number. When doing so, you authorize us to access and store personal details like your name /username, email address, phone number and gender (optional).

For your public profile, we will ask you for a few additional information such as a profile picture and a brief description. If you use Antimony chat, you provide us with the content and if you contact us for customer service or other inquiry, like the Emergency chat, we will be able to access the content of that communication. Your private and group chat conversations are confidential. We are only processing them to give you access to your chat history.

If you choose to make a purchase via our Services, we require you to provide your payment information. We will never store any of your payment information without asking your explicit consent. When you make a payment, we store (non-personal) information about the transaction like date, price and country code and link this to your account – as well as your email address where you prefer to receive the order confirmation.

Information we collect when you use our Services

When you use our Services, we collect information about the services you have used and how you have used them. We might know things such as the events you visit, your calendar, the groups you join and your activity in our many communities. The types of information that we might collect when you use our services are:

Device Phonebook. We may ask you to share your phonebook to identify which of your contacts already have an Antimony account. If you give us explicit permission, we will only use it to match your contacts with our database and we will never store any of your contact information on our servers.
Device information. When you use the App, we automatically collect information from your device. This information could include your device brand and type, your browser type and language, the operating system used by your device, access times and IP-address. We use your mobile device ID (AAID for Android and IDFA for iOS) to track user sessions and to improve performance. This information is not linked with your personal account and cannot be used to track you. Device IDs cannot be deleted but can be reset in your phone’s “Settings” overview.
Content Information. When you share any content such as chat messages, photos, or videos on our Services, we keep a copy of them on our servers. In case you wish to upload photos or videos that already exist on your device, we will request access to your photo library. Rest assured that we will only store and utilize the content that you have chosen to upload.
Information about how you use our Services. We gather data on your usage of the Services, which includes but is not limited to, the number of invites you send, the number of groups you are part of, and the number of artists you have favorited, with the aim of enhancing our product and services. We also collect anonymous technical data regarding the performance and diagnosis of our applications and web pages.
Anonymous analytics. We will collect anonymous data about the time you spend on a page, the pages you access or the bounce rate for developing purposes.
Location Information. We try to provide you with relevant social context based on your location. For us to provide optimal service, we request your permission to access your device’s location information when you use the app. If you grant explicit consent, Antimony will be able to collect the geographic location of your mobile device while the application is either actively running or running in the background. We will only collect your location when you are inside the Event’s perimeter. We use either your approximate or precise location to:

Identify nearby events that may interest you
Enhance user-friendliness by having the app know when you are at an event
Help you and your friends find each other
Understand your preferences and improve our services accordingly
Provide anonymous and irreversibly aggregated real-time visitor heat maps to festival organizers to aid them in crowd control measures.

Information we collect from Third Parties

If another user allows access to their contact list, we may combine information from that user’s contact list with your information to determine whether you already know each other. This information will be used to create friend suggestions at that moment and will never be stored by Antimony.

How will we use your information

To provide you with an exceptional event experience, we may utilize the information we gather about you for the following purposes:

Deliver and improve our products and services, and oversee our business operations
Manage your account and provide customer support
Communicate with you and send you receipts of your purchases
Personalize our services by presenting you with relevant suggestions for friends, events, artists, or communities
Conduct research and analysis about your use of, or interest in, our products, services, or content, as well as those of others
Perform mobile application analytics
Provide functions or services as disclosed to you at the time of collection.

How long do we retain your information

Your personal data will be kept in storage for as long as your account remains active. If you opt to deactivate your account, your personal data will typically be deleted within 30 calendar days. If you wish to have your personal data erased sooner, please contact us at privacy@theantimony.com. However, please be aware that we may reserve the right to retain information related to your use of our services in an irreversibly anonymized form.

How we protect your information

Our top priority is to safeguard your personal data and prevent it from being accessed, altered, disclosed, used, or destroyed without authorization. To achieve this, we have implemented rigorous security measures that include, but are not limited to:

Regularly updating and testing our security systems and procedures to detect and address any potential vulnerabilities.
Limiting access to your personal data to authorized personnel and third-party service providers who require it for legitimate business purposes.
Employing encryption to protect your personal data during transmission and storage.
Employing firewalls, intrusion detection and prevention systems, and other technologies to safeguard against unauthorized access to our systems.
Ensuring that our third-party service providers handling your personal data have adequate security measures in place to protect your data.
Providing training and guidance to our employees and contractors on the importance of data protection and security.

Through these measures, we aim to ensure that your personal data is secure and protected against unauthorized access or disclosure.

Account security: We serve our website and our APIs exclusively via HTTPS. We use JWT authentication tokens for API logins to help you protect your account data.
Servers – Physical security: Our infrastructure runs inside data centers designed and operated by Microsoft Azure in Ireland. Microsoft Azure data centers feature state of the art environmental security controls to safeguard against fires, power loss, and adverse weather conditions. Physical access to these facilities is highly restricted and they are monitored by professional security personnel.
Software security: Application and database servers are not directly accessible from the internet. We monitor documented threats from public security research databases (such as the Common Vulnerabilities and Exposures catalog). Our developers receive training in secure software development, including Open Web Application Security Project guidelines. All code changes are subject to a multi-point code review with specific attention paid to security.
DDoS mitigation: User data and specific location can be charged subjects. We maintain firewalls on our edge servers and origin load balancers to protect against bandwidth and protocol-based attacks, and we use intelligent web application firewalls and elastic scaling of our compute capacity to mitigate attacks at the application layer, including complex and evolving attacks.
Data security: All customer data is stored encrypted with at least dual redundancy. We store and secure chat messages in a dedicated database with no personal identifiable data attached.
Logging: We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in vaulted storage. We implement measures to detect and prevent log tampering or interruptions.
Regular audits: We conduct regular internal security audits to review our hardware, software, and physical security configurations. If we discover a vulnerability, we follow a formal incident response framework to ensure rapid mitigation and transparent customer communication.

How we share information

We may share your information in many ways.

With other Antimony Users

Your profile will be visible to other registered users of our Services. This includes the following information:

Profile picture (optional)
Name or Alias
Events you are going to and have been to
Your friends / connections on Antimony
Artists and or other performances you like
Hometown (optional)
Age (optional)
Nationality (optional)
Tagline (optional)
Gender (optional)

If you have granted us consent to share your location with specific users or groups, we utilize your geolocation to update them on your whereabouts within the event map. You retain complete control over which users and/or groups you choose to share your location with and can make your selections accordingly.

If you send chat messages to other users who are in the same group as you, they will have visibility into the content of these messages. Similarly, when you send chat messages, pictures, and/or videos to the Antimony community, all users of the platform will have access to this content.

It is important to note that other users may take screenshots or make recordings of your profile, locations, and/or chats, so please exercise caution when sharing personal information.

With Third Parties

Antimony can share generic aggregated data in the form of reports with our business partners, trusted affiliates, and advertisers. It is important to note that this data will be presented in an anonymized and aggregated format that does not contain any of your personal information.

Also, we may share your data with third-party entities if we believe that doing so is necessary to comply with any valid legal process, governmental request, or applicable law, rule, or regulation. This may also include investigating and acting against potential violations of our Terms of Service, as well as safeguarding the rights, property, and safety of ourselves, our users, or any other individuals. Furthermore, we may share your data to detect and resolve any instances of fraud or security concerns.

As an ultimate point, in the event of a merger or acquisition, we may share your data with third parties. If Antimony Experiences is involved in a merger, acquisition, financing, liquidation, bankruptcy, or any transaction in which all or a portion of our business is sold or acquired by another company, we may share your information with that company both before and after the transaction is completed.

With Data Processors

We may share your personal data with third-party companies that provide data processing services to Antimony. Before sharing your data, we will enter a data processing agreement with these parties to ensure they handle your data carefully and only receive the data necessary for their services. These parties will use your data only in accordance with our instructions and not for their own purposes. These parties are considered “processors” under the Relevant Legislation. We have provided a table below that lists the processing parties and explains in their own words what data they process, why, and where. We strive to keep this table up to date, but if you notice any discrepancies, please contact us at privacy@theantimony.com.

Company	Functionality	Data Type	Reason	Country / Transfer mechanism
Microsoft Azure	Servers	– All user data	Storage of data	Ireland / GDPR
Functional Software Inc	Sentry Error Reporting	– Mobile ad IDs – IDFVs/Android IDs – Instance IDs – Analytics – App Instance Ids	Sentry uses the data to provide crash reporting and performance analytics. The precise information collected can vary by the device and environment.	U.S.A. / Standard Contractual Clauses for Data Transfer
Noti-Fire Apps Ltd.	Novu notifications	– Instance ID – Email addresses	Novu uses Instance IDs and email addresses to determine which devices to deliver messages to	Israel / Standard Contractual Clauses for Data Transfer
Cloudflare, Inc.	Data routing	– Traffic identifier	Cloudflare uses an anonymous identifier to direct traffic to the fastest server	U.S.A. / Standard Contractual Clauses for Data Transfer

Links

Third-party, advertising, or other content may appear on our Services and may link to external websites. We have no control over the content on those websites and are not responsible for their content or privacy practices. We recommend that you review the privacy policies of those websites.

Modifications to this privacy policy

Our privacy policy may be updated periodically, and we will post a notification on our Services along with a link to the updated policy when we make significant changes. If you are not a registered user, we recommend visiting our website and reviewing this policy regularly.

Are you under the age of eighteen?

While our Services are available to a general audience, we only allow individuals who are 18 years old or above to use our Services. We do not intentionally gather, maintain, or utilize personal information from children under the age of 18.

Your rights

We treat the information we collect as personal data, and as such, you have certain rights regarding it. These rights include:

The right to request access to the personal data we have about you.
The right to request that we correct, update, shield, or delete your personal information in our records. However, we may keep some data in a blacklist register in the event of fraud, non-payment, or other wrongful acts.
The right to request a copy of the personal data we have processed about you, which we can send to another party upon your request.
The right to file a complaint against the processing of your data.
The right to file a complaint with the Romanian Data Protection Authority if you believe we are processing your data unlawfully.
The right to withdraw your consent to process your data at any time. We cannot process your data once you withdraw your consent. If you want us to delete your data, please specify this in your request.

To exercise these rights, please send an email to privacy@theantimony.com, and we will respond within 30 days. If you have any further questions about this privacy policy, please contact us using the information provided below.

Contact information

Data Protection Officer

Alexandru Tuca

privacy@theantimony.com