Privacy
What we keep, and why
Last updated
What we collect
Exactly the fields on the three forms - nothing more. Specifically:
- RSVP: name, email, guest count (1–4). We generate an RSVP code and check-in status for the door.
- Bartender application: name, phone, email, current bar, your story. Instagram and pronouns are optional.
- Dating Game pitch: name, email, age (21+ confirmation), Instagram, role (chooser or suitor), how you identify, who you'd like to be paired with, and your pitch.
The identity, seeking, and pronoun fields are used only to run the matchmaking and to address you correctly. They're never published or shared.
Server logs and bot protection
When you submit a form we briefly record your IP address, a timestamp, and which form you submitted. This goes into a separate table used only to rate-limit submissions per IP per hour and is purged automatically as the window rolls over.
Every form runs through Cloudflare Turnstile (an invisible CAPTCHA replacement that briefly checks your browser environment - see Cloudflare's privacy policy), a hidden honeypot field, and a 2-second time gate.
What we use it for
- Email your RSVP confirmation with a PDF ticket attached.
- Send two reminder emails - one week before the event and one day before. That's all the email we send.
- Match the name on your ticket against the door list to count you in.
- Reply to bartender applications and Dating Game pitches if you're chosen.
We don't send marketing email, build a mailing list, or ping you between event years.
Who else sees it
Only the organizers running the event. Sponsors (Mestiza Negra, Red Bull, Q Mixers, Headlands Brewing, Fathers Brewing) and the venue (Crybaby) do not receive your RSVP list, name, or email. They get an aggregate headcount before the event, nothing more.
We don't sell, rent, or trade your information.
Third-party services on the site
A few embeds load assets from third parties and, in doing so, those services see your IP address and user agent:
- Cloudflare hosts the site, database, and email - everything you submit stays in Cloudflare's infrastructure.
- Cloudflare Email Service sends mail from
hello@events.oaxacaopen.com. - Cloudflare Turnstile loads from
challenges.cloudflare.comon form pages. - Google Fonts serves our typefaces from
fonts.googleapis.comon every page. - Google Maps embed appears in the footer (the venue map). It loads when you scroll there.
No analytics, no Facebook pixel, no Google Ads, no behavior tracking.
Cookies
We set one cookie ourselves: an admin session cookie after a magic-link sign-in to the dashboard. Regular visitors never receive it.
Cloudflare's edge may set its own security cookies (e.g. __cf_bm for bot management, cf_clearance after Turnstile) - these are Cloudflare's, not ours, and they're scoped to bot protection rather than tracking.
How long we keep it
RSVPs, applications, and Dating Game pitches stay in the database through the event year and are deleted before the next year's event. Rate-limit log entries roll over within hours.
Want yours pulled sooner? Email hola@oaxacaopen.com with the email you signed up under and we'll delete the record within 7 days.
Questions, complaints, deletions
Email hola@oaxacaopen.com. Real humans, real responses.