Legal

Privacy Policy

Last updated: 8 May 2026

This Privacy Policy explains how Tees Blissful Events(operating the Blissful platform — the “Service”) collects, uses, and shares personal data. We comply with Zambia's Data Protection Act, 2021 and apply equivalent standards regardless of where you are located.

1. Two roles

We act in two capacities. For account-level data (your organizer email, login credentials, billing) we are a data controller. For Attendee data that an Organizer collects via their event registration form (names, emails, phones, custom fields) we act as a data processor on behalf of the Organizer — they decide what to collect and why; we just store and process it under their instructions.

2. What we collect

From Organizers:

Account data: name, email, hashed password, role.
Profile data: display name, slug, brand colour, logo, contact info, bio.
Subscription & payment data: plan, billing history, payout details (bank or mobile-money), payments processed via Lenco.
Event content: event details, custom registration fields, email blasts, banner images.
Usage data: IP address, browser/device, pages visited, timestamps, device camera permission for the QR check-in scanner (camera images are not stored).

From Attendees (collected by the Organizer through Blissful):

Name, email, optional phone.
Anything the Organizer adds as a custom field (dietary preferences, t-shirt size, ID number, etc.).
Payment outcome (PAID / FAILED / REFUNDED) — actual card numbers and Mobile Money PINs are handled exclusively by Lenco; we never store them.
Check-in events (timestamp, scanner identity).

3. How we use the data

To deliver the Service: create accounts, sell tickets, send confirmation emails and tickets, run check-in.
To send transactional emails: registration confirmations, reminders, payment notifications, password resets.
To send Organizer-initiated email blasts to their own attendees (Pro and Business plans only).
To prevent fraud, abuse, and chargebacks.
To comply with legal obligations, including tax records and law-enforcement requests.
To improve the Service through aggregated, non-identifying analytics.

4. Lawful bases (for users in jurisdictions that require one)

Contract: we need to process your data to deliver tickets and run events you signed up for.
Legitimate interests: running the platform safely, preventing fraud, improving features.
Consent: for non-essential cookies and Organizer-initiated marketing emails.
Legal obligation: tax records, anti-money-laundering, court orders.

5. Sharing

We share personal data only with:

Lenco — to process Card and Mobile Money payments.
Resend — to deliver transactional and blast emails.
Cloudflare R2 — for storing uploaded images (logos, banners).
Neon — our managed Postgres database hosting.
Vercel — application hosting and edge / function runtime.
Upstash — rate-limiting and caching.
Google — when you choose “Continue with Google” sign-in, we exchange tokens with Google's OAuth service.
Zambian authorities — when legally required by court order or statute.

Each of these sub-processors is bound by contract or industry-standard obligations to protect your data.

We do not sell personal data, ever, to anyone, for any purpose.

6. Data retention

Account data: kept while your account is active, deleted within 90 days of account closure (longer if required by tax / legal records).
Event content and attendee lists: kept while the parent Organizer's account is active. When an Organizer deletes an event we delete it within 30 days; backups are purged within 90 days.
Payment records: kept for 7 years to meet Zambian Revenue Authority recordkeeping requirements.
Email logs (delivery receipts, dedupe keys): kept for 12 months for troubleshooting.
R2 banner / logo uploads: deleted when the Organizer replaces or removes them.

7. Your rights

Under Zambia's Data Protection Act and equivalent laws, you have the right to:

Access the personal data we hold about you;
Correct inaccurate data;
Delete your data (“right to erasure”), subject to legal-retention exceptions;
Object to processing or withdraw consent;
Receive a copy of your data in a portable format;
Lodge a complaint with the Zambian Data Protection Commissioner.

To exercise these rights email blissful@teesblissfulevents.com. Attendees should contact the Organizer of the event they registered for in the first instance — they are the data controller for that registration.

8. Security

We protect your data with industry-standard practices: TLS in transit, encrypted backups, hashed passwords, rate limiting, atomic state transitions on payment flows, role-based access for staff, and audit logging. No system is perfectly secure; we will notify you of any breach involving your data within 72 hours, as required by Zambian law.

9. International transfers

Some of our sub-processors host infrastructure outside Zambia (Vercel and Neon are predominantly US-based). Where this happens, we rely on standard contractual safeguards and the recognised adequacy of the destination's data-protection regime, or seek your consent where required.

10. Cookies

We use a small number of strictly necessary cookies (session, CSRF) which don't require consent. We do not use third-party advertising or tracking cookies on the marketing site or dashboard.

11. Children

The Service is not directed at children under 13 (or the age of digital consent in your country). We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

12. Changes to this policy

We may update this Policy as the Service evolves. Material changes will be announced via email or in-product notice at least 14 days before they take effect.

13. Contact

For privacy questions or to exercise any of the rights in section 7, email blissful@teesblissfulevents.com or write to Tees Blissful Events, Geddes, Nkana East, Kitwe, Zambia.