Privacy Policy
Effective Date: June 1, 2026 · Last Updated: June 1, 2026
This Privacy Policy explains how Two Wheel Events ("TWE," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our website at www.twowheelevents.com and our event discovery and membership services (the "Services"). By using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.
Two Wheel Events is operated from Las Vegas, Nevada, United States, and the Services are hosted and operated in the United States.
1. Information We Collect
We collect the following categories of information when you create an account, purchase a membership, RSVP to events, apply to become a partner venue, or otherwise use the Services:
- Account and authentication data: Your email address and either a hashed password or a Google account identity, depending on whether you register with email/password or Google sign-in. Authentication and session management are handled by Supabase Auth. We do not receive or store your Google password.
- Profile information: Information you choose to add to your profile, such as a short bio; motorcycle details (make, model, year, and type); the year you joined riding; and social handles you provide (Instagram, YouTube, and X). This information is optional and supplied by you.
- Profile photo: If you upload an avatar (JPG, PNG, or WebP, up to 5MB), it is stored in our Supabase Storage and served from a publicly accessible URL. See "Information That May Be Public" below.
- Membership data: Your membership plan, status, start/renewal/expiration dates, and physical-card fulfillment status, along with identifiers returned by Stripe (such as a Stripe customer ID and, for subscriptions, a Stripe subscription ID).
- Payment data (handled by Stripe): Payments are processed directly by Stripe. We do not collect or store your full card number, CVV, or similar card data. We store only payment metadata returned by Stripe, such as customer ID, subscription ID, invoice ID, payment intent ID, charge ID, amount, currency, status, and paid/refunded timestamps.
- Event participation data: Your RSVPs and attendance records (event, status, guest count, attendance confirmation), guest pass credit balances, and guest invitation records (who invited whom).
- Saved venues: The venues you save to your account.
- User-generated content: Content you submit, such as event gallery photos and captions you upload. Posts (articles) are authored by admins and partners.
- Partner / venue application data: If you apply to become a partner venue, we collect your business name, business address, contact name, contact email, a free-text description, and your signed-in user ID.
- Membership verification events: When a partner venue verifies your membership proof, we record the verification result (valid or invalid), the venue, and a timestamp.
- Technical and automatic data: Your IP address (read from request headers and used for rate limiting and abuse prevention) and server logs. We also use error-monitoring data via Sentry, configured to send errors only, with personally identifiable information disabled and performance tracing turned off.
A note on liability waivers: When you create an account, you accept our Liability Waiver & Release one time. We record the date and time of your acceptance on your profile so we know you have agreed; we do not collect a separate electronic-records opt-in or associated IP/user-agent data for this acknowledgment. Event confirmation and reminder emails may also present assumption-of-risk and photography/likeness notices to attendees; see Section 3 and our Terms of Service.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account and authenticate your sign-ins.
- Process membership purchases, subscriptions, and add-on purchases through Stripe, and manage renewals, cancellations, and refunds.
- Enable event discovery, RSVPs, guest passes, member benefits, and partner-venue verification.
- Send transactional emails, such as membership activation confirmations, RSVP confirmations, event reminders, and partner-application receipts.
- Operate, maintain, secure, and improve the Services, and diagnose technical issues.
- Prevent fraud and abuse, enforce rate limits, and protect the integrity and security of the Services.
- Comply with legal obligations and enforce our Terms of Service.
We do not use your personal information for behavioral advertising, and we do not use third-party web analytics products such as Google Analytics.
3. Photography and Likeness at Events
Events may be photographed or recorded. Where applicable, our RSVP confirmation and reminder emails include a notice that, by registering for or attending an event, you acknowledge the inherent risks of motorcycle-related activities and that photographs or recordings may be captured at the event and used by Two Wheel Events. Please review our Terms of Service for more detail on event participation.
4. Cookies and Local Storage
We use cookies and similar browser storage strictly to operate the Services. This includes session cookies used for authentication and maintaining your signed-in state, managed by Supabase Auth. These are essential cookies and cannot be disabled while using authenticated features. We do not use third-party advertising cookies or tracking cookies, and we do not use third-party analytics cookies. Our error-monitoring provider, Sentry, is configured with personally identifiable information disabled and performance tracing turned off.
5. Third-Party Service Providers (Subprocessors)
We rely on the following third-party service providers to operate the Services. Each provider processes data only as needed to provide its service and is governed by its own privacy policy:
- Stripe -- Payment processing for membership subscriptions and one-time / add-on purchases; hosts Stripe Checkout and stores card data on its own systems; sends payment webhooks to us.
- Supabase -- Our primary data host: PostgreSQL database, authentication and session management, file storage (profile photos and event gallery images), and serverless functions.
- Resend -- Delivery of transactional email (membership activation, RSVP confirmations and reminders, and partner-application receipts).
- Vercel -- Application hosting and deployment, including server and edge request logs.
- Google -- Optional Google sign-in via Supabase Auth. If you choose Google sign-in, Google provides us basic account identity such as your email address.
- Sentry -- Error and exception monitoring (errors only, with personally identifiable information disabled and tracing off).
- CARTO & OpenStreetMap -- Map tile imagery (CARTO basemaps using OpenStreetMap data) loaded in your browser to display maps. Loading these tiles exposes your IP address to the tile provider.
- Leaflet via Cloudflare CDN -- Map marker icon assets loaded in your browser from a public content delivery network.
- Unsplash -- A source of decorative imagery that may be loaded in your browser.
6. How We Share and Disclose Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only in the following circumstances:
- With the service providers listed in Section 5, as needed to operate the Services.
- With partner venues, only the membership-verification result when you present your membership proof for verification.
- As required to comply with applicable law, legal process, or a valid governmental request, and to protect our rights, users, or the public.
- In connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this policy or provide notice as required by law.
- With your consent or at your direction.
7. Information That May Be Public
Some information is, by design, visible to others:
- Profile photos are served from a publicly accessible storage URL. Anyone with the URL may be able to view your uploaded avatar.
- Founders Roll: Lifetime members are listed on a public Founders Roll page. To protect privacy, the email address shown there is partially redacted (only the first characters of the local part are visible).
- Content you submit, such as event gallery photos and captions, may be displayed publicly within the Services.
Please avoid including sensitive personal information in fields, photos, or content that may be displayed publicly.
8. Data Retention
We retain your account and related data for as long as your account is active and as needed to provide the Services. Payment and transaction records are retained by Stripe in accordance with its policies and applicable financial and tax recordkeeping requirements. If you request account deletion, we will remove your profile data from our active database, subject to retention required by law, fraud prevention, dispute resolution, or enforcement of our agreements. Some information may persist for a limited time in backups and logs.
9. Security
We take reasonable measures to protect your personal information, including TLS encryption for data in transit, Row-Level Security (RLS) policies to isolate user data at the database level, and secure handling of authentication tokens. Payment card data is handled directly by Stripe and never stored on our servers. No method of electronic transmission or storage is completely secure, however, and we cannot guarantee absolute security.
10. Children’s Privacy
The Services are intended for adults and are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13, consistent with the Children’s Online Privacy Protection Act (COPPA). The Services are also not directed to minors under 18. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided us personal information, please contact us at privacy@twowheelevents.com.
11. Your Privacy Rights
Regardless of where you live, you may exercise the following rights with respect to the personal information we hold about you:
- Access the personal information we hold about you.
- Request correction of inaccurate information in your profile.
- Request deletion of your account and associated personal information.
- Opt out of non-transactional email communications.
To exercise these rights, contact us at privacy@twowheelevents.com. We will verify your request, typically by confirming control of your account email, and respond within the time required by applicable law (generally within 30 to 45 days). We will not discriminate against you for exercising your privacy rights.
12. Nevada Privacy Rights
Under Nevada law (NRS 603A, as amended by Senate Bill 220), Nevada residents have the right to direct certain operators of websites not to make any sale of covered information they have collected or will collect about the consumer. As described above, we do not sell your covered information. If you are a Nevada resident and would like to submit a verified request to opt out of any future sale, you may contact us at privacy@twowheelevents.com with the subject line "Nevada Opt-Out."
13. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), provides you with the following rights, subject to certain exceptions:
- The right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
- The right to request deletion of personal information we have collected from you.
- The right to request correction of inaccurate personal information.
- The right to opt out of the "sale" or "sharing" of personal information.
- The right to limit the use of sensitive personal information.
- The right not to receive discriminatory treatment for exercising your CCPA rights.
We do not sell or share personal information as those terms are defined under the CCPA, and we do not use or disclose sensitive personal information for purposes that would trigger the right to limit. The categories of personal information we collect, the purposes for collecting it, and the third parties with whom we share it are described in Sections 1, 2, 5, and 6 of this policy. To exercise your California rights, contact us at privacy@twowheelevents.com. You may also designate an authorized agent to make a request on your behalf; we may ask you to verify your identity before fulfilling a request.
14. United States Processing
We are based in the United States, and our service providers process and store data in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your jurisdiction.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page and revise the "Last Updated" date above. Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy. We encourage you to review this page periodically.
16. Contact Us
If you have questions about this Privacy Policy or how we handle your personal information, contact us at privacy@twowheelevents.com. This Privacy Policy is governed by the laws of the State of Nevada, United States, without regard to its conflict-of-laws principles.