// PRIVACY & COOKIE POLICY

Privacy & cookie policy

Last updated: June 10, 2026

DARKMOON respects your privacy. This page explains what data we collect, why we collect it, the cookies we use, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

1. Data we collect

  • Ticket purchases: name, email, phone, billing address, VAT number (if applicable). Stored to issue tickets, send receipts, and meet legal/accounting obligations.
  • Payment data: handled directly by Stripe; we never see or store your card details. See Stripe’s privacy policy at stripe.com/privacy.
  • Technical data: IP address, browser, device type, and pages visited, used for security and to improve the experience.

2. Cookies and local storage

We use the minimum necessary cookies and browser storage to operate the site. You can accept or reject optional cookies via the consent banner. Your choice is stored locally on your device.

  • Strictly necessary: session, CSRF protection, your consent choice, and the entry-gate dismissal flag (so we don’t show it again for 24 hours).
  • Functional: language preference, ambient audio toggle, signal/visit counter for the on-site experience.
  • Analytics & marketing: only loaded if you select “Accept” in the consent banner. We do not currently use any third-party analytics or advertising trackers.

3. How we use your data

  • To process ticket orders and deliver the tickets you purchased.
  • To respond to your inquiries and provide customer support.
  • To meet legal, tax, and accounting obligations (Switzerland: 10-year retention for invoices).
  • To prevent fraud and secure the platform.

4. Sharing with third parties

We share data only with processors necessary to deliver the service:

  • Stripe (payment processing) — Ireland / United States, GDPR-compliant.
  • Email delivery providers used to send tickets and receipts.
  • Hosting and infrastructure providers operating in the EU/EEA or under approved transfer mechanisms.

We never sell or rent your personal data.

5. Your rights

Under GDPR / FADP you have the right to:

  • Access your personal data and request a copy.
  • Correct inaccurate or incomplete data.
  • Request deletion (subject to legal retention requirements).
  • Object to or restrict processing.
  • Request data portability.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with a supervisory authority (e.g. the Swiss FDPIC or your local EU DPA).

6. Retention

Order and invoice records are kept for as long as required by Swiss tax law (currently 10 years). Operational logs are kept for up to 12 months. Marketing data, where applicable, is kept until you withdraw consent.

7. Contact

Questions, requests, or complaints regarding this policy can be sent to privacy@darkmoon.test.

This page is a starting template and should be reviewed by qualified legal counsel before relying on it for compliance.

Return to orbit →