Privacy Policy

Last updated: 11 May 2026

1. Who we are

ZACIO Limited is a boutique cultural marketing and events company based in Dublin, Ireland, producing immersive experiences for the African diaspora and global communities. We operate the website at www.zacio.ie and associated digital services (together, the “Services”).

Data Controller: ZACIO Limited, Dublin, Ireland.

Contact: hello@zacio.ie

2. What data we collect

We collect only what is necessary to provide our Services:

Account & Identity Data

  • Name, email address, and profile photo (provided at sign-up or via social login)
  • Authentication credentials managed securely by Clerk
  • Social login tokens if you choose to sign in with Facebook

Ticketing & Transaction Data

  • Eventbrite order IDs, ticket references, and event attendance records
  • Event preferences and onboarding interests you provide

Support & Communication Data

  • Messages, issue descriptions, and context you submit via our support form or Intercom chat
  • Support category, priority, and linked event or order details

Technical & Usage Data

  • IP address, browser type, and device information (collected by our hosting provider, Heroku)
  • Pages visited and features used within the platform

Media Data

  • Event images and video content served through our media CDN (Cloudinary)
  • We do not store user-uploaded personal images

3. How and why we use your data

PurposeData usedLegal basis (GDPR Art. 6)
Create and manage your accountName, email, profile photoContract (Art. 6(1)(b))
Authenticate your identity and maintain session securityAuth tokens, session cookiesContract / Legitimate interests (Art. 6(1)(b)(f))
Process event registrations and ticket ordersOrder data, email, nameContract (Art. 6(1)(b))
Provide customer supportSupport messages, order contextContract / Legitimate interests (Art. 6(1)(b)(f))
Prevent fraud and ensure platform securityIP address, account activityLegitimate interests (Art. 6(1)(f))
Personalise your event discovery experienceOnboarding preferences, event historyLegitimate interests (Art. 6(1)(f))
Send service communications (e.g. ticket confirmations)Email addressContract (Art. 6(1)(b))
Provide support chat (Intercom widget)Name, email, chat messagesConsent (Art. 6(1)(a))
Comply with legal obligationsTransaction recordsLegal obligation (Art. 6(1)(c))

4. Third-party data processors

We share data only with trusted processors bound by data processing agreements. We do not sell your personal data.

Clerk

Privacy policy ↗

Authentication, identity management, and session handling

Location: United States — Transfer mechanism: Standard Contractual Clauses (SCCs)

Eventbrite

Privacy policy ↗

Event ticketing, order management, and attendee records

Location: United States — Transfer mechanism: Standard Contractual Clauses (SCCs)

Intercom

Privacy policy ↗

Customer support chat and conversation management (consent-based)

Location: United States — Transfer mechanism: Standard Contractual Clauses (SCCs)

Heroku (Salesforce)

Privacy policy ↗

Cloud hosting and database infrastructure

Location: United States / EU (region-dependent) — Transfer mechanism: Standard Contractual Clauses (SCCs)

Cloudinary

Privacy policy ↗

Media storage and content delivery network for event images and video

Location: United States — Transfer mechanism: Standard Contractual Clauses (SCCs)

Meta (Facebook)

Privacy policy ↗

Optional social login via Facebook OAuth. Per Facebook Platform Policy, we provide a Data Deletion Callback at /api/auth/facebook/deletion and a deletion status page at /data-deletion.

Location: United States — Transfer mechanism: Standard Contractual Clauses (SCCs)

5. International data transfers

Some of our processors are based outside the European Economic Area (EEA), primarily in the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V — specifically, Standard Contractual Clauses (SCCs) approved by the European Commission. You may request a copy of the relevant safeguards by contacting us at hello@zacio.ie.

6. Data retention

Data typeRetention period
Account & profile dataUntil account deletion + 30 days
Ticketing & order records7 years (Irish financial record-keeping obligations)
Support conversations2 years from last activity, or account deletion
Session & authentication dataUp to 7 days (session cookies) or until logout
Technical / server logsUp to 30 days (Heroku log retention)

Where deletion is requested but legal retention obligations apply, we will restrict processing of that data to compliance purposes only.

7. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

  • TLS encryption for all data in transit (HTTPS)
  • Authentication handled by Clerk with industry-standard session management
  • Database hosted on Heroku with access controls and encrypted storage
  • Intercom identity verification using HMAC-SHA256 to prevent impersonation
  • Access to production systems restricted to authorised personnel only

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and, where required, affected individuals without undue delay.

8. Children's data

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data without parental consent, please contact us at hello@zacio.ie and we will delete it promptly.

9. Your rights under GDPR

As a data subject under the GDPR and the Irish Data Protection Act 2018, you have the right to:

Access (Art. 15)Obtain a copy of the personal data we hold about you.
Rectification (Art. 16)Have inaccurate or incomplete data corrected.
Erasure (Art. 17)Request deletion of your data where there is no lawful basis to retain it.
Restriction (Art. 18)Ask us to restrict processing while a dispute about accuracy or lawfulness is resolved.
Portability (Art. 20)Receive your data in a structured, machine-readable format where processing is based on consent or contract.
Object (Art. 21)Object to processing based on legitimate interests; we will cease unless we can demonstrate compelling grounds.
Withdraw consent (Art. 7)Withdraw consent at any time for consent-based processing (e.g. Intercom chat) without affecting prior lawful processing.
Lodge a complaintComplain to the Irish Data Protection Commission if you believe we have mishandled your data.

To exercise any right, you may:

  • Self-service deletion: Log in, go to Dashboard → Settings → Danger Zone and click Delete My Account — this immediately removes all your data and revokes your login.
  • Email request: Contact hello@zacio.ie — we will respond within one month (extendable by two months for complex requests). We may verify your identity before acting.

10. Cookies

For full details on the cookies and similar technologies we use, including how to manage your preferences, see our Cookie Policy.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The “Last updated” date at the top will always reflect the current version. For material changes we will notify users by email or a prominent notice on the website.

12. Contact & complaints

For any privacy questions or to exercise your rights, contact us at hello@zacio.ie.

If you are not satisfied with our response, you have the right to lodge a complaint with the Irish supervisory authority:

Data Protection Commission (DPC)

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Website: dataprotection.ie

Phone: +353 (0)57 868 4800