Privacy Policy

Enigma (“Enigma,” “we,” “us”) is operated by [Enigma legal entity name], [registered address]. For any privacy question, contact us at [privacy@enigma.app].

For information about our own account holders (venue owners and staff), we are the data controller. For the guest information a venue enters into Enigma — such as a parent's contact details or a birthday child's name and age — the venue is the controller and Enigma acts as a processor, handling that data only on the venue's instructions.

• Account information — name, work email, venue name and password, provided when you sign up.
• Guest & booking data — entered by venues to run parties: parent/guardian contact details, party date, guest count, package and payment status, and limited details about the birthday child (first name, age, birthday).
• Usage data — basic, privacy-respecting analytics about how the product is used, to keep it fast and reliable.

• To provide and operate the Enigma service for your venue.
• To send transactional messages (e.g. password resets, booking confirmations a venue triggers).
• To secure the service, prevent abuse, and meet legal obligations.

We do not sell personal data, and we do not use it for third-party advertising.

Enigma is a tool for businesses; it is not directed to children and children do not create accounts or interact with Enigma directly. To run a party, a venue may record a birthday child's first name, age and birthday. We process that limited information solely to provide booking and reminder features to the venue.

• We collect only what a venue needs to run the booking — no more.
• We never use children's details for marketing or advertising.
• The venue is responsible for obtaining any parental consent required by law (for example, under the U.S. Children's Online Privacy Protection Act, where applicable).
• A venue or parent can ask the venue to correct or delete a child's details at any time, and we will action verified requests promptly.

We share data only with service providers who help us run Enigma, under contracts that require them to protect it — for example, [cloud hosting], [email delivery], and the [AI assistant provider] used for the missed-call feature. We may also disclose information where required by law.

We keep account data while your venue is active and for a reasonable period afterward. Guest and booking data is retained per the venue's instructions; when a venue closes its account, we delete or return its data within [30 days], except where law requires otherwise.

We use industry-standard measures — encryption in transit, access controls and regular review — to protect personal data. No system is perfectly secure, but we work to reduce risk and respond quickly to any issue.

Depending on where you live, you may have rights to access, correct, export or delete your personal data. Account holders can email [privacy@enigma.app]. Guests should contact the venue that holds their booking; we will support the venue in fulfilling verified requests.

Our marketing site uses only essential cookies needed for it to function. We do not run third-party advertising trackers on it.

We'll update this policy as the product grows and post the new date above. Questions? Email [privacy@enigma.app]. See also our Terms of Service.