JokeStack LogoJokeStack

Privacy Policy

Last updated: January 3, 2026

1. Introduction

This Privacy Policy explains how JokeStack ("we", "us", or "our") collects, uses, and protects your personal information when you use our service at jokestack.com and jokestack.pl. By using our service, you confirm that you are at least 18 years old (or the age of majority in your jurisdiction). Our service is intended for adults only.

2. Data Controller & Contact

The data controller for personal data processed under this Privacy Policy is: Piotr Andrzejewski (creator and operator of the JokeStack platform) Contact: team@jokestack.com We have not appointed a Data Protection Officer (DPO).

3. Information We Collect

3.1 Information you provide

  • Account information: email address; authentication identifiers (via Supabase).
  • OAuth login (e.g., Google): if you sign up via a provider, we may receive basic profile data made available by that provider via Supabase (typically email, avatar/photo, and other provider fields depending on your settings).
  • Optional public profile: display name, avatar, bio, country, city.
  • Comedy material: jokes, notes, setlists, tags, statuses, and related metadata you create in the app.
  • Events: event details you create (title, description, time/place, images) and optional organizer contact fields you choose to publish/provide (organizer name, website, Instagram/Facebook links, organizer email, organizer phone).
  • Comedy Buddy profile (optional): display name, short description, comedy experience, country, city, languages, availability, preferred contact method, Facebook/Instagram links, contact email, contact phone, topics to avoid.
  • Sign-ups / RSVPs (where enabled): information required by an Organizer for participation (may include email, phone number, comedy experience, optional links to video/social media).
  • Feedback: content you submit in feedback forms (can be anonymous).
  • Ticketing (where enabled): buyer email and optional buyer name provided at checkout; purchase details (tickets, quantities, event references).

3.2 Automatically collected information

  • Usage data: how you interact with the app (pages/features used, basic activity events).
  • Device & technical data: browser type, operating system, approximate device identifiers, and IP address.
  • Security/anti-abuse data: IP address may be processed for rate limiting and abuse prevention.
  • Error and performance logs: we use Sentry to collect application error reports (may include IP address, device/browser data, and contextual logs depending on configuration).
  • Cookies/local storage: authentication/session cookies (Supabase) and preference storage (e.g., language, theme).

4. How We Use Your Information

We use your information to:

  • Provide and maintain the JokeStack service
  • Create and manage your account and authentication
  • Store and sync your comedy material across devices
  • Enable the Comedy Buddy feature and display your chosen profile data to other users
  • Display and manage event information (including public event pages)
  • Enable sign-ups/RSVPs where an Organizer requires additional participant data
  • Collect and display feedback for events
  • Enable ticket sales and deliver tickets (where enabled) and handle transactional communication
  • Process payments and manage subscriptions (via payment providers)
  • Send important service updates and transactional notifications
  • Provide customer support
  • Prevent fraud, abuse, and security incidents (including rate limiting)
  • Debug, monitor performance, and improve the service (including via Sentry)
  • Comply with legal obligations (e.g., accounting, dispute handling, responding to lawful requests)

5. Legal Bases (GDPR / EEA users)

Where GDPR applies, we process personal data on the following legal bases (depending on the context):

  • Performance of a contract: providing the app, your account, features you use (including ticket delivery and RSVP flows).
  • Consent: where you choose to provide optional information (e.g., Comedy Buddy profile details), and for marketing communications where required.
  • Legitimate interests: service security, abuse prevention, rate limiting, error monitoring, and improving reliability (e.g., logs, Sentry).
  • Legal obligation: compliance duties such as accounting/tax, responding to lawful requests, handling disputes/chargebacks where required.

You can withdraw consent at any time where consent is the legal basis (withdrawal does not affect lawfulness before withdrawal).

6. Ticketing, Orders & Event Organizers (Important)

When ticket sales are enabled for an event, we process purchase-related data to provide checkout, ticket generation, and transactional communication. Organizer access: The Organizer of an event receives buyer data entered during checkout (buyer email and optional buyer name) and access to ticket/order lists for that event. The Organizer uses this data to run the event (e.g., entry validation, attendee communication outside the Platform if needed).

Organizer as independent controller

  • Event Organizers are independent data controllers for buyer data they receive from the Platform.
  • Organizers may not use buyer data for marketing without a separate legal basis/consent obtained by the Organizer.
  • We do not control how an Organizer processes data outside the Platform. If you have concerns about an Organizer’s use, contact the Organizer directly.

7. Sign-ups / RSVPs for Events

Some events (e.g., open mic/open stage) may allow sign-ups or require additional participant information. In such cases:

  • The Organizer may define what information is required from participants (e.g., email, phone, comedy experience, optional links).
  • We process this information to deliver the sign-up feature and to make it accessible to the Organizer for event operations.
  • The Organizer is an independent controller for participant data they receive and must comply with applicable law when using it.

8. Feedback Collection

Our feedback system may allow anonymous submissions. We do not pre-moderate feedback before display.

  • Feedback may contain inaccurate or inappropriate content; we do not guarantee its correctness.
  • Because feedback can be anonymous and link-based, we may not be able to identify or block the author in all cases.
  • We may remove feedback content if we become aware it violates law or our policies, or if required to do so.

9. Data Sharing and Disclosure

We do not sell your personal information. We may share data only as needed to operate the service, comply with law, or with your consent.

  • Service providers/processors: Supabase (database/auth, EU region), Render (hosting/deployment), Resend (email delivery), Stripe (payment processing), Sentry (error monitoring).
  • Event Organizers: where you buy tickets or sign up for an event, the Organizer receives the data needed to run the event (as described above).
  • Legal requirements: where required by law, court order, or to protect rights and safety.
  • Business transfers: in case of merger/acquisition/sale (with appropriate safeguards).

Your comedy material (jokes, notes, setlists) is private by default and is not shared with third parties without your action or explicit permission, except where necessary to provide the service (e.g., hosting providers).

10. Cookies and Tracking

We use cookies and similar technologies primarily for essential functionality:

  • Essential/authentication cookies (Supabase) for login sessions and security
  • Preference storage (e.g., language/theme)

We do not currently run advertising trackers. You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

11. Data Storage & Security

We apply reasonable security measures to protect your data:

  • Data is stored with Supabase (EU region) and access is restricted
  • TLS/SSL encryption in transit
  • Passwords are hashed and never stored in plain text
  • Role-based access controls and audit logs for sensitive actions (e.g., ticketing)

However, you acknowledge that:

  • No internet-based service is 100% secure
  • Third-party providers may experience downtime, data loss, or security incidents
  • We cannot guarantee uninterrupted availability or indefinite preservation of data
  • You are responsible for securing your own devices and account access

12. Data Retention

We generally keep data for as long as the Platform operates and as needed to provide the service. We may introduce deletion of older data in the future.

  • Account and content data: kept while your account exists and/or while the Platform operates; you can request deletion by deleting your account.
  • Ticketing data (orders/tickets): kept at least 12 months after the event date (and potentially longer while the Platform operates), to support event operations and dispute handling.
  • Security/audit logs (including IP for rate limiting): kept at least 12 months (and potentially longer while the Platform operates), depending on security and operational needs.
  • Backups: may retain data for a limited period even after deletion due to technical constraints.

13. Your Rights

Depending on your jurisdiction (including GDPR/EEA), you may have rights such as:

  • Access: request a copy of your personal data
  • Correction: update or correct your information
  • Deletion: delete your account and request deletion of personal data (subject to legal/operational retention needs)
  • Portability/export: request an export of certain data
  • Objection/restriction: object to or restrict certain processing
  • Marketing opt-out: unsubscribe from marketing communications (if we send them)

To exercise your rights, contact us at team@jokestack.com

14. Marketing Emails

We currently do not run active marketing campaigns. If marketing emails are introduced, we will provide an easy unsubscribe mechanism in each marketing message.

Transactional emails (e.g., account/security notices, ticket delivery, purchase confirmations) may still be sent when necessary to provide the service.

15. International Data Transfers

We store core application data in the EU (Supabase EU region). Some service providers may process data in other jurisdictions depending on their infrastructure. Where required, we aim to rely on appropriate safeguards (e.g., standard contractual clauses).

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in the app. The "Last updated" date indicates when it was last revised.

17. Contact Us

If you have questions or requests regarding this Privacy Policy or your data, contact us at:

team@jokestack.com

By using JokeStack, you acknowledge that you have read and understood this Privacy Policy.