Privacy Policy

This Privacy Policy applies to personal information collected through the Platform from users including clients, staff, and site visitors. It also applies to information we collect in connection with support, verification, payments, communications, and related marketplace operations.

2.1 Information You Provide Directly

We may collect the following information from all users:

• full name
• email address
• hashed password
• profile photo
• phone number
• account preferences
• support communications
• chat messages sent through the Platform

We may collect the following additional information from staff:

• bio and profile information
• home address and approximate coordinates
• role types, hourly/day/flat rates, and availability
• certifications and uploaded documents
• portfolio materials and years of experience
• identity verification status and background check status
• payout-related information
• food and beverage receipts or reimbursement submissions where applicable

We may collect the following additional information from clients:

• company name and phone number
• event details including location, coordinates, guest count, budget, and timeline
• dietary restrictions, cuisine preferences, cocktail preferences, and service notes
• team preferences and favorites

2.2 Payment Information

Payments are processed by third-party payment processors such as Stripe. Vesper does not store full payment card numbers. We may store limited payment-related data such as transaction identifiers, payment status, amounts, invoice and receipt data, and last four digits of a payment card where provided by the payment processor.

2.3 Verification and Screening Information

If you use identity verification or background check features, we may collect or receive information related to document verification results, identity status, background check status, related provider reference numbers, and approval or rejection outcomes. Verification and screening may be conducted by third-party providers such as Didit and Checkr.

2.4 Information Collected Automatically

When you use the Platform, we may automatically collect IP address, browser type, device type, operating system, app or site usage data, pages viewed, interaction data, timestamps, login activity, session information, notification delivery and read status, approximate location derived from IP address, and cookies and similar technologies data.

2.5 Information from Third Parties

We may receive information from third parties including payment processors, identity verification providers, background check providers, SMS and communications providers, storage providers, authentication providers, and other users who interact with you through the Platform.

We use personal information to operate, improve, secure, and support the Platform. This includes:

• creating and managing accounts, authenticating users, and verifying contact information
• processing bookings, payments, deposits, balances, reimbursements, and payouts
• facilitating communications between clients and staff
• providing transactional emails, in-app notifications, and SMS messages
• conducting identity verification and background screening
• displaying profiles, ratings, badges, and marketplace activity
• operating support and ticketing workflows
• detecting, investigating, and preventing fraud, abuse, unauthorized access, or other harmful activity
• enforcing our Terms of Service and other policies
• complying with legal obligations and resolving disputes
• improving platform functionality, performance, and user experience

Where applicable under relevant law, we process personal information on one or more of the following bases: performance of a contract, compliance with legal obligations, legitimate business interests, consent where required, protection of vital interests, or establishment, exercise, or defense of legal claims.

5.1 Between Users

We share certain information between clients and staff as necessary to facilitate bookings and event execution. This may include names, profile details, ratings, event details, communications, check-in status, and other information reasonably necessary for the booking or event.

5.2 Service Providers

We share information with vendors and service providers that help us operate the Platform, including providers for payment processing, transactional email, SMS verification, identity verification, background checks, cloud storage, database hosting, authentication, and technical infrastructure. Examples include Stripe, Resend, Twilio, Didit, Checkr, Auth.js, AWS S3, Neon, Upstash, and Vercel.

5.3 Legal and Safety Reasons

We may disclose information if we believe it is necessary to comply with applicable law or legal process, enforce our agreements and policies, protect the rights, property, and safety of Vesper, users, or others, investigate fraud or security issues, or respond to emergencies.

5.4 Business Transfers

If Vesper is involved in a merger, acquisition, financing, reorganization, sale of assets, or bankruptcy transaction, personal information may be disclosed or transferred as part of that transaction, subject to applicable law.

5.5 With Your Direction or Consent

We may share information when you request it, direct us to do so, or otherwise consent.

We may use cookies, local storage, pixels, SDKs, and similar technologies to keep users signed in, remember preferences, analyze usage, improve performance, secure the Platform, and deliver essential site functionality. You may be able to control cookies through your browser or device settings, but disabling certain technologies may affect functionality.

6.1 What we set

• Session cookie (HttpOnly, Secure, SameSite=None) — issued by Auth.js when you sign in; identifies you across pages until sign-out or expiry.
• CSRF token cookie (HttpOnly) — protects form submissions and state-changing API calls from cross-site request forgery.
• Local storage: hero-event-prefill — stores the address, date, and guest count you enter into the hero “Find staff” form on the homepage so the event-creation wizard can pre-fill those fields after sign-in. Never transmitted off your device until you submit a form. Cleared automatically once the wizard consumes it.

We do not use third-party advertising cookies or cross-site tracking pixels. Analytics, if any, are first-party and aggregated.

We may send account and verification messages, password reset emails, booking confirmations, cancellation notices, deposit receipts, balance reminders, support acknowledgements, event reminders, payout notices, review requests, security alerts, and urgent operational notices. These communications are generally transactional or service-related. Promotional communications, if any, may include an unsubscribe option where required by law.

We retain personal information for as long as reasonably necessary to provide the Platform, complete transactions and bookings, maintain business and financial records, comply with legal and regulatory obligations, resolve disputes, enforce agreements, and detect and prevent fraud or abuse. Retention periods may vary depending on the nature of the information and legal requirements.

8.1 Indicative retention windows

• Financial records (payments, payouts, refunds, tax forms) — at least 7 years from the relevant tax year, as required by IRS and state recordkeeping rules.
• Account profile data — until you delete your account or request erasure, then through the deletion window in 8.2.
• Event records (event details, assignments, ratings, feedback) — minimum 3 years after event completion for dispute resolution and quality assurance.
• In-app messages and chat history — minimum 1 year for trust-and-safety review.
• Identity verification and background-check records — retained per the third-party processor's policy (Didit, Checkr) and applicable law.
• Server logs, security telemetry — typically 30–90 days.

8.2 Account deletion

To request deletion of your account and associated personal information, email support@vesper.la. We complete deletion requests within 30 days unless a longer period is required to satisfy a legal, regulatory, or financial-recordkeeping obligation — in which case the relevant records are retained only for the duration of that obligation and then deleted.

We use reasonable administrative, technical, and organizational measures designed to protect personal information, including access controls, authentication measures, encrypted transmission where appropriate, secure storage practices, and vendor controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your information may be processed and stored in countries other than the one in which you reside. By using the Platform, you understand that your information may be transferred to and processed in jurisdictions that may have different data protection laws than your jurisdiction. Where required, we will take steps intended to provide appropriate safeguards for such transfers.

Depending on your location and applicable law, you may have rights regarding your personal information, including the right to access, correct, delete, or restrict certain information, object to certain processing, withdraw consent, request data portability, or opt out of certain communications. We may need to verify your identity before acting on a request. Some rights are subject to exceptions and limitations under applicable law.

To exercise rights requests, contact us at support@vesper.la.

If you are a California resident, you may have rights under California law, subject to applicable exceptions, including the right to know, delete, and correct certain personal information and the right to not be discriminated against for exercising privacy rights. We do not sell personal information for money. We also do not share personal information for cross-context behavioral advertising as those terms are defined under California law. California residents may submit privacy requests to support@vesper.la.

If applicable, users in the EEA, UK, or similar jurisdictions may have rights under applicable data protection laws, including rights of access, rectification, erasure, restriction, objection, portability, and complaint to a supervisory authority.

The Platform is not intended for children under 18, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18 without appropriate authorization, we may delete it.

The Platform may contain links to or integrations with third-party services. This Privacy Policy does not apply to third-party websites, products, or services, and we are not responsible for their privacy practices.

Information you submit to profiles, reviews, chats, support tickets, event notes, and similar interactive areas may be visible to other users or to Vesper personnel as needed to operate the Platform. Please avoid sharing unnecessary sensitive information through these features.

We may use automated systems to support recommendations, fraud detection, notifications, workflow triggers, profile display features, staffing suggestions, and related marketplace functions. These tools assist platform operations but do not guarantee outcomes.

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Platform, by email, or by other reasonable means. Your continued use of the Platform after the updated Privacy Policy becomes effective means you accept the updated Privacy Policy.

If you have questions about this Privacy Policy or want to make a privacy-related request, contact:

Vesper
Email: support@vesper.la