Last updated: 22 April 2026
Moment Events Pty Ltd (ABN 56681 924 470) of 88 Langridge Street, Collingwood VIC 3066 (Moment, we, us,our) respects your privacy and is committed to handling your personalinformation responsibly and in accordance with applicable data protection laws.
This Privacy Policy explainswhat personal information we collect, how we use it, who we share it with, andthe choices you have. It applies to everyone who interacts with Moment —including our customers (event organisers and their teams) and attendees ofevents who use the Moment app — wherever they are located in the world.
We are committed to complyingwith the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).Where you are located in the European Union or United Kingdom, we also complywith the General Data Protection Regulation (EU GDPR) and the UK GDPR. Whereyou are located in the United States, we comply with applicable state privacylaws, including the California Consumer Privacy Act (CCPA) as amended by theCalifornia Privacy Rights Act (CPRA).
We process your personalinformation under various lawful bases depending on the type of processinginvolved, as explained in section 4A below. We do not rely solely on yourcontinued use of the platform as the basis for processing your data.
We use the terms Customer andAttendee throughout this Policy to distinguish between two kinds of users:
• Customers are event organisers, and members oftheir teams, who use the Moment platform to build and publish events. Customerssign up via our website or builder, pay for their use of the platform, andaccept our Terms of Service.
• Attendees are people who use the Moment app toview, browse, or interact with events that Customers have published. Attendeesmay use the app with or without creating an account.
Some sections of this Policyapply to Customers, some apply to Attendees, and some apply to both. We’vetried to make this clear throughout.
We collect information youprovide directly to us, including:
• Account information — name, email address,password, and (for Customers) organisation name, ABN, and role.
• Billing information — billing name, billingaddress, country, and tax identifiers. Payment card details are handleddirectly by our payment processor (Stripe) and are not stored by us.
• Customer content — event information uploaded tothe platform by Customers, which may include names, photos, bios, and contactdetails of third parties such as artists, speakers, or vendors. Customers areresponsible for ensuring they have the rights to upload this information.
• Support communications — messages, questions,feedback, and any other communications you send to us.
• Profile and preference data (Attendees) — whereAttendees choose to create an account or customise their experience,information such as favourite artists, saved schedules, notificationpreferences, and similar settings.
• Push notification preferences — your choicesabout which event notifications you wish to receive, and the device tokensrequired to deliver push notifications to your device.
When you use our website orapp, we automatically collect certain information, including:
• Device and usage information — IP address,device type, operating system, browser type, app version, language, time zone,and crash or diagnostic data.
• Usage analytics — how you interact with the app,including screens viewed, features used, search queries, events browsed, andtime spent.
• Location data — this is described in detailbelow due to its sensitivity:
– Approximate location derived from your IP address.
– Precise GPS location, where you grant the apppermission. We use precise location to show your live position on the event mapand to calculate your distance from event venues, facilities, and points ofinterest.
– When you are actively using the map, your location issampled continuously (as frequently as your device’s operating system provideslocation updates).
– When the map is not actively in use, the app may sampleyour location in the background approximately every 60 seconds. Backgroundlocation data is only transmitted to Moment if your location is within the mapbounds of an event that is currently running (defined as an event withscheduled activity on the current day, or up to 4:00am the following morning).If your location is outside these bounds, it is discarded on your device andnot sent to us.
– With your separate consent, we use your location datato track your movement paths within event venues over time. This data is usedto generate aggregated heatmap analytics for event organisers (see sections 4and 5). Your individual movement path is never shared with event organisers orany third party. You may opt out of movement tracking at any time withoutlosing access to the map or other app features.
– You can revoke location permission entirely at any timethrough your device settings or in-app controls, and all location tracking willstop immediately.
• Map tile data — when you use the map feature,your device connects directly to the servers of the mapping provider configuredfor that event (either Mapbox or OpenStreetMap). These providers receive yourIP address, device information, and the geographic area you are viewing.
• Push notification metadata — device tokens,notification delivery status, and interaction data associated with pushnotifications sent via Firebase Cloud Messaging.
• Cookies and similar technologies — on ourwebsite, we use cookies and similar technologies for functionality, analytics,and to improve the user experience. See section 15 (Cookies) for more detail.
We may receive informationabout you from third parties, including:
• authentication providers (e.g. Google, Apple) if yousign in using those services;
• payment processors (Stripe), who confirm successfulpayments and provide limited transaction data;
• analytics and crash-reporting providers (FirebaseAnalytics, Firebase Crashlytics);
• event organisers, who may provide information to us inrelation to their event.
We use personal information to:
• provide, operate, maintain, and improve the Momentplatform and related services;
• create and manage accounts, authenticate users, andsecure the platform against fraud and abuse;
• process payments, issue tax invoices, and managebilling;
• enable Attendees to discover, browse, and interact withevents and event content;
• display your live position on the event map andcalculate distances to event venues and facilities;
• with your consent, track movement within events andgenerate aggregated heatmap analytics for event organisers;
• send push notifications about events you are attendingor have expressed interest in, using Firebase Cloud Messaging;
• personalise content, recommend events, and improveAttendee experiences across events over time;
• communicate with you — including transactional messages(e.g. receipts, account notices), product updates, and (with consent whererequired) marketing communications;
• generate aggregated and de-identified analytics aboutplatform usage, which we may share with Customers in relation to their ownevents;
• comply with our legal obligations, enforce our Terms ofService, and protect our rights, property, and users.
We may also use information forother purposes with your consent, or as otherwise permitted by law.
If you are located in theEuropean Union or United Kingdom, we are required under the GDPR to have alawful basis for each type of processing we carry out. The legal bases we relyon are:
• Contract performance — processing that isnecessary to provide the platform and services to you, including accountcreation and management, payment processing, and delivering event content. Thisapplies to both Customers (under the Terms of Service) and Attendees (under theEnd User Terms).
• Legitimate interests — processing that isnecessary for our legitimate business interests, provided those interests arenot overridden by your rights. This includes: usage analytics and platformimprovement; security monitoring and fraud prevention; aggregated(non-location) analytics shared with Customers; and bug fixing and crashdiagnostics. You have the right to object to processing based on legitimateinterests (see section 10A).
• Consent — processing that we carry out only withyour explicit, freely given consent. This includes: precise GPS locationtracking; background location collection; movement path tracking and heatmapgeneration; and marketing communications. You may withdraw your consent at anytime by adjusting your device settings, changing your in-app preferences, orcontacting us. Withdrawing consent does not affect the lawfulness of processingcarried out before withdrawal.
• Legal obligation — processing that is necessaryto comply with a legal obligation to which we are subject, including taxrecord-keeping, responding to lawful requests from authorities, and complyingwith court orders.
We want to be clear about howdata ownership works on the Moment platform:
• Customer Content is owned by the Customer. Theartist lineups, schedules, maps, bios, images, and event descriptions uploadedby a Customer remain the Customer’s property. We host and display this contenton the Customer’s behalf under a licence granted in our Terms of Service.
• Attendee data is held by Moment. Informationgenerated by Attendees through their use of the Moment app — includingaccounts, preferences, interactions, and analytics — is collected and held byus as the platform operator, and handled in accordance with this Policy.
• We may share aggregated analytics with Customers abouthow Attendees engaged with their event (e.g. number of sessions viewed,most-favourited items, aggregated movement heatmaps), in aggregated orde-identified form. We apply minimum thresholds to aggregated data (includingheatmaps) to prevent the re-identification of individual Attendees,particularly at smaller events.
• Raw location and movement data is not shared. IndividualAttendee location data, movement paths, and GPS coordinates are retained onlyby Moment and are never provided to Customers or other third parties inindividual or identifiable form.
We do not sell your personalinformation. We share information only in the following circumstances:
• Service providers — we use trusted third partiesto help us operate the platform, including cloud hosting, email delivery,analytics, crash reporting, mapping, push notifications, and paymentprocessing. These providers are only permitted to use your information toprovide services to us.
• Customers (event organisers) — we may shareaggregated and de-identified analytics with Customers about their events,including aggregated movement heatmaps showing general Attendee flow patterns.We do not share individual Attendee profiles, location data, movement paths, orpersonally identifying information with Customers except where the Attendee hasexplicitly chosen to share it (for example, by submitting a form or opting into communications from the Customer).
• External sharing by Attendees — the app allowsAttendees to share content externally (for example, sharing a schedule link viamessaging or social media). This sharing is initiated by you and theinformation you share is governed by the terms and privacy practices of theplatform you share it to.
• Legal and safety reasons — we may discloseinformation where required by law, court order, or regulatory authority, orwhere we reasonably believe disclosure is necessary to protect rights,property, safety, or prevent fraud or abuse.
• Business transfers — if we are involved in amerger, acquisition, restructure, or sale of assets, your information may betransferred as part of that transaction. We will notify you of any such changeand its effect on your information.
We rely on the followingthird-party services to operate the platform. Each has its own privacypractices, which we encourage you to review:
• Google Cloud Platform — cloud hosting anddatabase infrastructure (data stored in asia-southeast1 / Singapore);
• Firebase Analytics — usage analytics and eventtracking;
• Firebase Crashlytics — crash and errorreporting;
• Firebase Cloud Messaging — push notificationdelivery;
• Stripe — payment processing for Customers;
• Mapbox — mapping services, where selected as themapping provider for an event by the organiser;
• OpenStreetMap — mapping services (tile dataprovided under the Open Database License), where selected as the mappingprovider for an event by the organiser;
• Google and Apple — app distribution (Google PlayStore, Apple App Store) and, where applicable, authentication services;
• Email delivery providers — for transactional andnotification emails.
The choice of mapping provider(Mapbox or OpenStreetMap) is configured by the event organiser for each event.This means the third-party service that receives your device data when you viewthe event map may differ between events.
Our list of service providersmay change over time as our infrastructure evolves.
Moment is an Australianbusiness. Our primary database infrastructure is hosted on Google CloudPlatform in the asia-southeast1 region (Singapore). Some of our serviceproviders process data in other locations:
• Firebase services (Analytics, Crashlytics, CloudMessaging) may process data in the United States.
• Stripe processes payment data in the United States andother jurisdictions.
• Mapbox is based in the United States and processesmap-related data there.
• OpenStreetMap tile servers are operated by volunteersand hosted in various countries, primarily in Europe.
Where your information istransferred outside Australia, we take reasonable steps to ensure it is handledin a manner consistent with the Australian Privacy Principles.
Where your information istransferred outside the European Economic Area or the United Kingdom, we relyon appropriate safeguards as required by the GDPR, including StandardContractual Clauses (SCCs) and, where applicable, the data processing termsprovided by our service providers (including Google’s Data Processing Terms andStripe’s Data Processing Agreement).
We retain personal informationfor as long as necessary to provide the platform and for the purposes describedin this Policy. Specifically:
• Customer account and billing information isretained for the duration of the account relationship and for at least 7 yearsafter the last transaction, to meet our tax and record-keeping obligations.
• Customer Content associated with a publishedMoment is retained for a minimum of 180 days after the end of the Post-EventTail, as described in our Terms of Service, and may be retained longer as partof our platform catalogue (see the Terms of Service).
• Attendee accounts and profile data are retainedwhile your account is active. If you delete your account, we will delete orde-identify your personal information within a reasonable period, subject toany legal obligation to retain it.
• Raw location and movement path data is retainedfor a maximum of 30 days after the Event end date, after which it ispermanently deleted. Only aggregated and de-identified heatmap data is retainedbeyond this period.
• Push notification tokens are retained while youraccount is active and deleted upon account deletion or when you revokenotification permissions.
• Usage analytics and crash data is retained inaggregated or de-identified form and may be retained indefinitely.
• Support communications are typically retainedfor 2 years.
• Aggregated and de-identified data may beretained indefinitely.
Under Australian privacy law,you have rights in relation to your personal information. These include:
• Access — you can request a copy of the personalinformation we hold about you.
• Correction — you can ask us to correctinformation that is inaccurate, out of date, incomplete, or misleading.
• Deletion — you can ask us to delete your accountand associated personal information, subject to any legal obligation we have toretain it.
• Marketing opt-out — you can unsubscribe frommarketing emails at any time using the link in any marketing email, or bycontacting us.
• Device permissions — you can control location,notification, and similar permissions through your device settings.
• Location and tracking controls — you can disableprecise location, background location, and movement tracking at any timethrough your device settings or in-app preferences. Disabling location will notprevent you from using the app, but some features (such as the live map anddistance calculations) will be unavailable. You can also separately opt out ofmovement path tracking while retaining access to all other location features.
• Complaints — you can lodge a privacy complaintwith us (see Contact below). If you are not satisfied with our response, youcan contact the Office of the Australian Information Commissioner (OAIC) atoaic.gov.au.
To exercise any of theserights, please contact us using the details in section 14.
If you are located in theEuropean Union or United Kingdom, you have additional rights under the GDPR,including:
• Data portability — you can request a copy ofyour personal data in a structured, commonly used, and machine-readable format,and have it transferred to another service where technically feasible.
• Restriction of processing — you can ask us torestrict the processing of your personal data in certain circumstances, forexample while we verify the accuracy of your data.
• Right to object — you can object to processingof your personal data that is based on our legitimate interests. We will stopprocessing unless we can demonstrate compelling legitimate grounds thatoverride your interests.
• Automated decision-making — you have the rightnot to be subject to decisions based solely on automated processing, includingprofiling, that produce legal effects or similarly significantly affect you. Wedo not currently make such decisions.
• Withdraw consent — where we process your databased on consent (including location tracking, movement path tracking, andmarketing communications), you can withdraw your consent at any time. This willnot affect the lawfulness of processing carried out before withdrawal.
• Supervisory authority — you have the right tolodge a complaint with your local data protection supervisory authority.
To exercise any of theserights, please contact us at privacy@momentevents.co.
If you are located in theUnited States, you may have additional rights under applicable state privacylaws (including the California Consumer Privacy Act as amended by the CPRA, andsimilar laws in other states). These may include:
• Right to know — you can request informationabout the categories and specific pieces of personal information we havecollected about you, the purposes for collection, and the categories of thirdparties with whom we share it.
• Right to delete — you can request deletion ofyour personal information, subject to certain exceptions.
• Right to opt out of sale or sharing — we do notsell your personal information, and we do not share your personal informationfor cross-context behavioural advertising.
• Right to non-discrimination — we will notdiscriminate against you for exercising your privacy rights.
To exercise any of theserights, please contact us at privacy@momentevents.co.
We take reasonable steps toprotect personal information from misuse, interference, loss, unauthorisedaccess, modification, and disclosure. This includes technical measures such asencryption of data in transit, access controls, and secure infrastructure, aswell as operational measures such as staff training and access management.
However, no system iscompletely secure. We cannot guarantee absolute security of informationtransmitted over the internet or stored in our systems. You are responsible forkeeping your account credentials confidential.
The Moment app is generallysuitable for users of all ages, but we do not direct the app at children and wedo not knowingly collect personal information from children without appropriateconsent.
The age thresholds that applyto your use of the app depend on your location:
• In Australia and most jurisdictions: users must be atleast 13 years old. Users under 18 must have parental or guardian consent.
• In the European Union and United Kingdom: users must beat least 16 years old, or the applicable digital age of consent in their memberstate (which may be lower, but not below 13), to use the app without parentalconsent. Users below this age must have verifiable parental consent.
• In the United States: we comply with the Children’sOnline Privacy Protection Act (COPPA). We do not knowingly collect personalinformation from children under 13 without verifiable parental consent.
If you believe a child hasprovided us with personal information without appropriate consent, pleasecontact us and we will take reasonable steps to delete it.
Event organisers who publishevents that are directed at or likely to be used by children are responsiblefor ensuring their content and event practices comply with applicable lawsprotecting children’s privacy.
We may update this PrivacyPolicy from time to time. The current version will always be available atmomentevents.co/privacy, with the “Last updated” date at the top. For materialchanges, we will provide reasonable advance notice by email (to Customers andAttendees with accounts) and by in-app or website notice.
Your continued use of theplatform after a Policy update constitutes acceptance of the updated Policy,except where applicable law requires us to obtain your renewed consent formaterial changes to the way we process your data.
For questions, requests, orcomplaints about this Privacy Policy or our handling of your personalinformation, please contact:
Moment Events Pty Ltd
88 Langridge St, Collingwood,Melbourne VIC 3066
Email: privacy@momentevents.co
If you are located in the EU/UKand are not satisfied with our response to a privacy complaint, you have theright to lodge a complaint with your local data protection supervisoryauthority.
If you are located in Australiaand are not satisfied with our response, you can contact the Office of theAustralian Information Commissioner at oaic.gov.au or 1300 363 992.
On our website (momentevents.coand related subdomains), we use cookies and similar technologies. Cookies aresmall text files stored on your device that help us provide and improve ourservices.
We use the following types ofcookies:
• Essential cookies — required for the website tofunction (e.g. session management, security). These cannot be disabled.
• Analytics cookies — help us understand howvisitors use our website (e.g. pages visited, time on site). We use GoogleAnalytics for this purpose.
• Functionality cookies — remember yourpreferences and settings to improve your experience.
We do not currently useadvertising or marketing cookies.
On subdomains that setnon-essential cookies (such as builder.momentevents.co andapp.momentevents.co), we provide a cookie consent mechanism for EU/UK visitors.Where our marketing website (momentevents.co) uses analytics or othernon-essential tracking technologies, we will obtain consent from EU/UK visitorsbefore those technologies are activated.
You can also control cookiesthrough your browser settings. Note that disabling cookies may affect thefunctionality of our website.
The Moment app does not usebrowser cookies, but may use similar local storage technologies forfunctionality purposes (e.g. storing your preferences and authenticationstate).