Last updated: May 2026
Shakeout Society ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website or use our services. Shakeout Society is the data controller for the personal data described below. All personal data is stored in the European Union (Frankfurt region) on infrastructure operated by Supabase.
Information you provide: name, email address, phone number, date of birth, country of residence, dietary requirements, emergency contact name and phone, and the items you select when you place an order. Payment card details are submitted directly to Stripe and never reach our servers.
Information collected automatically: IP address, browser type, operating system, referring URL, pages visited and access times through strictly necessary and (only with your consent) analytics cookies.
We use personal information to: (a) process and fulfil orders for the activities, dinners and add-ons you buy from us; (b) send booking confirmations, refunds, pre-event briefings and post-event follow-ups; (c) respond to enquiries and provide customer support; (d) share aggregate or limited operational data with restaurants and sponsors as described in section 4; (e) send marketing communications, but only where you have given separate, explicit consent (the marketing checkbox is unticked by default); (f) prevent fraud, comply with legal obligations and protect our legitimate interests. The lawful basis is contract performance for (a)–(c), legitimate interests (event delivery) for (d) and (f), and consent for (e) and analytics cookies.
We share information only with the recipients needed to deliver our services, and only the minimum necessary:
Restaurants hosting our welcome and celebration dinners receive the number of seats booked per dinner (so they can prepare tables and food). Where you have submitted dietary requirements, we share aggregate dietary counts (for example, "3 vegan, 1 gluten-free") so the kitchen can plan accordingly — never with your name attached. We do not share your contact details with restaurants.
Sponsors of activations (for example, a recovery zone or pop-up) receive a weekly digest containing the number of participants per activation and the first names only of those participants, so the sponsor can plan staffing and meaningful on-site interaction. We do not share your surname, email, phone number, date of birth, country, dietary requirements or emergency contact with sponsors.
Service providers we rely on: Stripe (payment processing), Resend (transactional and newsletter email delivery), Supabase (EU-hosted database and authentication), and a captcha provider (bot protection on public forms). Each acts as our processor under a written data-processing agreement.
We do not sell your personal information to any party.
We do not book, resell or share data with hotels on your behalf. Hotels are mentioned on our event pages as editorial recommendations only — you book your room yourself, directly with the hotel, under that hotel's own privacy policy.
Order data is retained for 7 years after the event date to satisfy Swedish bookkeeping requirements (Bokföringslagen). Marketing-list data is retained until you unsubscribe. Newsletter double opt-in records are kept for the lifetime of your subscription plus 12 months as proof of consent. Contact and notify-me messages are retained for up to 24 months and then deleted.
Under the GDPR you have the right to access, correct or delete your personal data, to receive a portable copy, to withdraw consent at any time (which does not affect lawful processing before withdrawal), to object to processing based on legitimate interests, and to lodge a complaint with your national supervisory authority — in Sweden, Integritetsskyddsmyndigheten (IMY). To exercise any of these rights, email hello@shakeoutsociety.com; we respond within 30 days.
We set strictly necessary cookies that are required for the website to function (no consent required). Analytics and marketing cookies are only set after you grant consent via our cookie banner — the default state is "rejected". You can change your preferences at any time by clicking "Cookie preferences" in the footer or by clearing site data in your browser.
We implement industry-standard security measures to protect your data, including TLS in transit, encryption at rest, row-level security on the database, signed Stripe webhooks, and a strict separation between the public site and administrator tooling (the latter protected by Supabase Auth). Payment information is processed by Stripe and is never stored on our servers.
We may update this Privacy Policy from time to time. Material changes will be communicated by email to anyone with an active order or marketing subscription. The "Last updated" date at the top of this page always reflects the current version.
Questions about this policy? Email us at hello@shakeoutsociety.com.