Legal / Privacy Policy

Privacy Policy

Effective Date: December 20, 2025

Ovation PMS, Inc. ("Company," "we," "us," or "our") operates the Ovation platform, a software-as-a-service solution for event production and equipment rental management. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website at ovationpms.com and our services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our practices, please do not use our Services.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, company name, job title, and password when you create an account.
  • Billing Information: Payment card details, billing address, and tax identification numbers processed through our payment processor (Stripe).
  • Business Data: Information about your equipment, inventory, crew members, clients, venues, jobs, invoices, and other operational data you input into the platform.
  • Communications: Messages, feedback, and correspondence you send to us.
  • Support Requests: Information provided when you contact customer support.

1.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns.
  • Device Information: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Log Data: Access times, error logs, referring URLs, and clickstream data.
  • Cookies and Similar Technologies: We use cookies, pixels, and local storage to maintain sessions, remember preferences, and analyze usage.

1.3 Information from Third Parties

We may receive information from:

  • Integration Partners: Data from services you connect to Ovation (e.g., QuickBooks, Stripe, Google Workspace).
  • Authentication Providers: If you use single sign-on (SSO), we receive basic profile information from your identity provider.
  • Business Partners: Referral information from partners who recommend our Services.

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Providing and Improving Services

  • Operating, maintaining, and improving our platform
  • Processing transactions and sending related information
  • Providing customer support and responding to inquiries
  • Developing new features and services
  • Powering AI-assisted features to help automate your workflows

2.2 Communications

  • Sending service-related notices (e.g., account verification, security alerts, billing)
  • Sending marketing communications (with your consent where required)
  • Responding to your comments, questions, and requests

2.3 Security and Compliance

  • Detecting, preventing, and addressing fraud, abuse, and security issues
  • Complying with legal obligations
  • Enforcing our Terms of Service
  • Maintaining audit logs for accountability and compliance

2.4 Analytics and Research

  • Analyzing usage patterns to improve user experience
  • Conducting research and analysis on platform performance
  • Generating aggregated, anonymized insights about industry trends

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Cloud hosting (Google Cloud Platform, Vercel, Supabase)
  • Payment processing (Stripe)
  • Email delivery (Resend)
  • Analytics and monitoring services
  • AI services (Anthropic) for platform features

These providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Privacy Policy.

3.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

3.3 Legal Requirements

We may disclose information if required to do so by law or in response to valid legal requests, including:

  • Subpoenas, court orders, or legal process
  • Requests from law enforcement or government agencies
  • Protecting rights, property, or safety of the Company, our users, or others

3.4 With Your Consent

We may share information with third parties when you give us explicit consent to do so.

3.5 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

4. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations (e.g., tax and accounting requirements)
  • Resolve disputes and enforce agreements
  • Maintain backups for disaster recovery purposes

When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes.

Business data (equipment records, client information, invoices, etc.) that you input into the platform is retained according to your subscription agreement. You may export your data at any time.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee security training and background checks
  • Incident response procedures
  • Regular backups with geographic redundancy

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access and receive a copy of your personal information. You can export your data directly from the platform or request a copy by contacting us.

6.2 Correction

You can update or correct your account information at any time through your account settings. If you need assistance, contact us.

6.3 Deletion

You may request deletion of your personal information. We will delete your information unless we have a legal obligation or legitimate business need to retain it.

6.4 Objection and Restriction

You may object to or request restriction of certain processing activities, including direct marketing communications.

6.5 Marketing Communications

You may opt out of marketing communications by clicking the unsubscribe link in any email or by adjusting your account preferences. Note that you will continue to receive transactional communications related to your account.

6.6 Cookie Preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect functionality.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent where appropriate

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: We do not sell personal information. If this changes, you will have the right to opt out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@ovationpms.com or use the privacy controls in your account settings.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Obtain confirmation of processing and access to your data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data in certain circumstances.
  • Right to Restriction: Restrict processing in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Our legal bases for processing include: contract performance (to provide Services), legitimate interests (security, improvement, analytics), legal compliance, and consent (marketing).

You may lodge a complaint with your local data protection authority if you believe we have violated your rights.

10. Children's Privacy

Our Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe we have collected information from a child, please contact us.

11. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.

12. AI-Powered Features

Our platform includes AI-powered features (the "AI Assistant") that help automate tasks and provide assistance. When you use these features:

  • Your queries and relevant context may be processed by our AI service provider (Anthropic).
  • We do not use your data to train AI models.
  • AI interactions are logged for quality assurance and troubleshooting.
  • You can disable AI features in your account settings if you prefer not to use them.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Posting a notice on our website
  • Sending an email to account holders
  • Displaying an in-app notification

Your continued use of our Services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Ovation PMS, Inc.

Email: privacy@ovationpms.com

Website: https://ovationpms.com

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@ovationpms.com.

We will respond to your request within 30 days, or sooner as required by applicable law.