Back to home Privacy

Privacy

What we keep, and why

Last updated

What we collect

Exactly the fields on the three forms - nothing more. Specifically:

  • RSVP: name, email, guest count (1–4). We generate an RSVP code and check-in status for the door.
  • Bartender application: name, phone, email, current bar, your story. Instagram and pronouns are optional.
  • Dating Game pitch: name, email, age (21+ confirmation), Instagram, role (chooser or suitor), how you identify, who you'd like to be paired with, and your pitch.

The identity, seeking, and pronoun fields are used only to run the matchmaking and to address you correctly. They're never published or shared.

Server logs and bot protection

When you submit a form we briefly record your IP address, a timestamp, and which form you submitted. This goes into a separate table used only to rate-limit submissions per IP per hour and is purged automatically as the window rolls over.

Every form runs through Cloudflare Turnstile (an invisible CAPTCHA replacement that briefly checks your browser environment - see Cloudflare's privacy policy), a hidden honeypot field, and a 2-second time gate.

What we use it for

  • Email your RSVP confirmation with a PDF ticket attached.
  • Send two reminder emails - one week before the event and one day before. That's all the email we send.
  • Match the name on your ticket against the door list to count you in.
  • Reply to bartender applications and Dating Game pitches if you're chosen.

We don't send marketing email, build a mailing list, or ping you between event years.

Who else sees it

Only the organizers running the event. Sponsors (Mestiza Negra, Red Bull, Q Mixers, Headlands Brewing, Fathers Brewing) and the venue (Crybaby) do not receive your RSVP list, name, or email. They get an aggregate headcount before the event, nothing more.

We don't sell, rent, or trade your information.

Third-party services on the site

A few embeds load assets from third parties and, in doing so, those services see your IP address and user agent:

  • Cloudflare hosts the site, database, and email - everything you submit stays in Cloudflare's infrastructure.
  • Cloudflare Email Service sends mail from hello@events.oaxacaopen.com.
  • Cloudflare Turnstile loads from challenges.cloudflare.com on form pages.
  • Google Fonts serves our typefaces from fonts.googleapis.com on every page.
  • Google Maps embed appears in the footer (the venue map). It loads when you scroll there.

No analytics, no Facebook pixel, no Google Ads, no behavior tracking.

Cookies

We set one cookie ourselves: an admin session cookie after a magic-link sign-in to the dashboard. Regular visitors never receive it.

Cloudflare's edge may set its own security cookies (e.g. __cf_bm for bot management, cf_clearance after Turnstile) - these are Cloudflare's, not ours, and they're scoped to bot protection rather than tracking.

How long we keep it

RSVPs, applications, and Dating Game pitches stay in the database through the event year and are deleted before the next year's event. Rate-limit log entries roll over within hours.

Want yours pulled sooner? Email hola@oaxacaopen.com with the email you signed up under and we'll delete the record within 7 days.

Questions, complaints, deletions

Email hola@oaxacaopen.com. Real humans, real responses.

RSVP Free