Eleven8 Event Staff Inc. — Privacy Policy

Last updated: May 15, 2026Effective date: May 15, 2026

1. Introduction

Eleven8 Event Staff Inc. ("Eleven8," "we," "our," or "us") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This policy describes the types of information we may collect from you or that you may provide when you:

  • visit our websites, including elev8.la, eleven8.us, and related subdomains;

  • use our mobile employee application (the "Eleven8 App");

  • communicate with us by phone, SMS, email, or in writing;

  • apply for work, complete onboarding, or work an event for us; or

  • request a quote, engage our event staffing services, or attend an event we staff

(collectively, the "Services").

This policy also describes our practices for collecting, using, maintaining, protecting, and disclosing that information.

Please read this policy carefully. By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

This Privacy Policy does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from the Services.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • Clients and prospective clients who request quotes, book staffing, or correspond with us.

  • Workers, candidates, contractors, and employees ("Workers") who apply for jobs, complete onboarding, use the Eleven8 App, or are placed on events.

  • Website visitors who browse our public sites or submit inquiry forms.

  • Event attendees, guests, and venue contacts whose information is shared with us in the course of staffing an event.

  • Business contacts at our vendors, partners, and service providers.

Where we operate as a "service provider," "processor," or "contractor" on behalf of a client (for example, when a client provides us a guest list), we process that information in accordance with our agreement with the client and applicable law.

3. Key Definitions

  • "Personal information" or "personal data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

  • "Sensitive personal information" has the meaning given to it under the California Privacy Rights Act and parallel state laws, and includes (among other things) government identifiers, financial account information, precise geolocation, race or ethnicity, biometric information, health information, and the contents of certain communications.

  • "Processing" means any operation performed on personal information, including collection, use, storage, disclosure, and deletion.

  • "Service provider," "processor," and "contractor" mean a third party that processes personal information on our behalf under a written contract.

  • "Sale" and "share" have the meanings given to them under applicable U.S. state privacy laws.

4. Information We Collect

4.1 Information You Provide Directly

  • Identity and contact data: name, email address, phone number, mailing address, date of birth, and emergency contact.

  • Account and profile data: username, password, profile photo, bio, work preferences, uniform sizes, availability, languages spoken, and physical attributes (e.g., height, build) relevant to event placement.

  • Employment and eligibility data: resume, work history, professional references, certifications (such as bartending licenses, food handler cards, TIPS, OSHA), photo identification, work-authorization documents (I-9 supporting documents), and signed agreements.

  • Tax and payment data: Social Security Number or ITIN, W-9/W-4 information, bank account or payment app details (e.g., Zelle, direct deposit), and 1099/W-2 records. We collect this information to pay you for services rendered and to meet IRS and state tax-reporting obligations.

  • Client and booking data: company name, billing address, event date and time, attendee counts, venue information, dress code, and special instructions.

  • Communications: messages, voicemails, SMS, emails, support requests, interview recordings or transcripts, performance feedback, and survey responses.

  • Media: photos and videos you upload (such as uniform check-in photos, event photos, and profile shots).

4.2 Information Collected Automatically

  • Device and log data: IP address, device identifiers, operating system, browser type, app version, language, time zone, and crash logs.

  • Usage data: pages viewed, features used, shifts viewed or applied to, clock-in and clock-out events, time spent on the platform, and click and tap behavior.

  • Location data: approximate location derived from IP address, and — when you grant permission through the Eleven8 App — precise GPS location used to verify clock-in/clock-out at event venues, surface nearby shifts, and prevent timesheet fraud. You can revoke precise-location access at any time in your device settings; doing so may prevent you from clocking in for shifts.

  • Cookies and similar technologies: session cookies, preference cookies, security cookies, analytics tags, and pixels. See Section 14.

4.3 Information From Third Parties

  • Background check, identity verification, and reference providers (consumer reporting agencies).

  • Payment, payroll, and tax processors (such as Stripe, banks, and payment-app providers).

  • Email and SMS providers (e.g., delivery, open, bounce, and reply data).

  • Authentication providers if you sign in with Google or another OAuth provider.

  • Recruiting platforms, job boards, and referrals.

  • Clients, who may provide attendee, guest, or contact information for an event.

  • Publicly available sources, such as professional directories and social media.

4.4 Sensitive Personal Information

We collect certain categories of "sensitive personal information" only as necessary to provide the Services, pay Workers, comply with law, prevent fraud, and ensure safety:

  • Social Security Number or ITIN, driver's license, state ID, passport, and other government identifiers.

  • Financial account information, including bank account and routing numbers and payment-app identifiers.

  • Precise geolocation (only when you have granted permission and only at or around shift times).

  • Log-in credentials in combination with passwords or access codes.

  • The contents of communications (such as SMS, email, and call recordings) where Eleven8 is not an intended recipient.

We do not use or disclose sensitive personal information for purposes other than those identified in Section 6 and as permitted by Cal. Civ. Code § 1798.121 and parallel state laws. See Section 16 for your right to limit our use of sensitive personal information.

4.5 Information We Do Not Knowingly Collect

We do not knowingly collect:

  • Personal information from anyone under 18 years of age.

  • Biometric identifiers (such as fingerprints, voiceprints, faceprints, or scans of hand or face geometry). If we introduce biometric-based features in the future (for example, facial recognition for clock-in), we will update this policy, obtain separate written consent where required by law (including Illinois BIPA, Texas CUBI, and Washington's biometric law), and publish a retention and destruction schedule.

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, secure, and improve the Services and the Eleven8 App.

  • Match Workers to events, manage scheduling, send shift offers, confirm bookings, and handle callouts.

  • Verify identity, work eligibility (I-9), and qualifications, and run background and reference checks where permitted.

  • Process payroll, reimbursements, tax filings, client invoicing, and benefits administration.

  • Communicate with you about shifts, events, account activity, policy updates, and support requests.

  • Send transactional and operational SMS, voice, and email messages, including shift reminders, callout notifications, payment notifications, and confirmations.

  • Send marketing or recruiting messages where you have opted in or where permitted by law.

  • Monitor attendance, performance, ratings, captain feedback, and policy compliance.

  • Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our terms.

  • Comply with legal obligations, court orders, regulatory requirements, and law-enforcement requests.

  • Conduct analytics, research, training, and business planning.

  • Defend, establish, or exercise legal claims.

We will not use your personal information for materially different, unrelated, or incompatible purposes without providing you notice and, where required, obtaining your consent.

6. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:

  • Performance of a contract — to perform our agreement with you, including paying you, scheduling shifts, and providing Services to clients.

  • Legal obligation — to meet tax, employment, immigration, anti-fraud, and other legal requirements.

  • Legitimate interests — to operate, secure, and improve the Services, prevent fraud, market to existing customers, and defend legal claims, balanced against your rights and interests.

  • Consent — for certain marketing, precise-location, optional cookies, and other activities where consent is required. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

  • Vital interests — in rare cases, to protect someone's life or physical safety.

You have the right to lodge a complaint with your local supervisory authority. Where required, we will appoint an EU or UK representative and identify them here.

7. SMS, Voice, and Phone Communications

By providing your phone number to Eleven8, you consent to receive SMS and voice communications from Eleven8 (the seller) related to recruitment, scheduling, shift confirmations, callouts, payroll, account security, and operational updates. Consent to receive marketing or recruiting messages is not a condition of employment, engagement, or purchase of any Service. Message frequency varies based on your activity. Message and data rates may apply.

  • You may reply STOP to any SMS to opt out of non-essential messages, or HELP for assistance. We may still send you essential operational messages required to perform a shift you have agreed to work.

  • We participate in the carrier registration framework for application-to-person (A2P) messaging (10DLC) where required.

  • Your SMS opt-in data and consent are never shared with third parties or affiliates for marketing purposes.

7.1 Call and Message Recording

Calls and SMS to or from Eleven8 phone numbers may be recorded, transcribed, stored, and reviewed for quality assurance, training, dispute resolution, payroll verification, safety, and AI-assisted reply suggestions. We rely on your consent (where required by two-party consent jurisdictions such as California, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, and Washington) and provide notice at the start of recorded calls where applicable. If you do not consent to recording, please notify us and we will offer alternative means of communication.

8. Background Checks and Consumer Reports

Before placing a Worker on certain assignments, we may obtain a "consumer report" or "investigative consumer report" from a consumer reporting agency, in accordance with the federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) and applicable state and local laws (including California ICRAA/CCRAA, New York Article 23-A, and applicable "ban-the-box" and "fair chance" laws).

Where a background check is required, we will provide you with:

  • a clear and conspicuous, stand-alone written disclosure;

  • a copy of the federal "Summary of Your Rights Under the Fair Credit Reporting Act";

  • any state-required disclosures; and

  • a request for your written authorization before the report is obtained.

If we intend to take any adverse action based in whole or in part on a consumer report, we will follow the FCRA's pre-adverse and adverse action procedures, including providing you a copy of the report and an opportunity to dispute its accuracy.

9. Automated Decision-Making and Artificial Intelligence

We use software, algorithms, and artificial-intelligence tools to operate the Services. Specifically:

  • Shift matching and ranking: algorithms suggest Workers for shifts based on availability, location, certifications, prior performance, ratings, and reliability metrics.

  • AI-assisted communications: large-language-model providers help draft suggested replies to client and Worker messages, summarize threads, and parse uploaded documents (such as resumes and IDs).

  • Fraud and timesheet integrity: automated systems compare clock-in location, time, and device data to detect potentially fraudulent entries.

Human review. Decisions that materially affect a Worker's pay or eligibility — including hiring, discipline, termination, denial of shifts based on flags, and payroll adjustments — are reviewed by a human Eleven8 staff member before they take effect. You may request human review of an automated decision, request meaningful information about the logic involved, and contest a decision by emailing hello@elev8.la.

AI providers. We use Google and OpenAI (via their enterprise / API offerings) and similar providers for AI processing. These providers process data on our behalf under contractual data-protection terms and do not use Eleven8's customer or Worker data to train their general models. We do not use consumer-grade AI products for processing Worker or client data.

Where required by state laws governing automated decision-making technology (including the CCPA's ADMT regulations, the Colorado AI Act, and similar laws), we will provide additional notices, opt-out rights, and impact-assessment information.

10. How We Share Your Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only as described below.

  • With clients and venues: to staff your booked events, we share Worker names, photos, contact information where necessary, certifications, and arrival times. Clients are contractually required to use this information only for the event and to comply with applicable privacy laws.

  • With Workers: to coordinate events, we share relevant client and venue information (such as venue address, on-site contact, and event briefing).

  • With service providers and processors: including hosting (Supabase, Amazon Web Services, Vercel), email (Resend, Google Workspace), SMS and voice (OpenPhone, Twilio), payments and payroll (Stripe, banks, Zelle and other payment-app providers), document storage (Google Drive), background-check providers, analytics, and AI processing providers (such as Google and OpenAI) used to draft replies, parse documents, and generate suggestions. These providers act as our processors and are bound by confidentiality and data-protection obligations.

  • With professional advisors: lawyers, accountants, auditors, insurers, and consultants, subject to confidentiality.

  • For legal reasons: to comply with applicable law, lawful requests, subpoenas, court orders, or to protect the rights, property, or safety of Eleven8, our Workers, clients, or others, including investigating potential violations of our terms.

  • In a business transfer: if Eleven8 is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy or with notice and choice where required.

  • With your consent: for any other purpose disclosed at the time of collection or with your express permission.

10.1 Categories Disclosed in the Last 12 Months

In the 12 months preceding the Last Updated date, we have disclosed the following categories of personal information to the following categories of recipients for business purposes:

Category of personal information Categories of recipients Identifiers and contact data Service providers, clients, venues Employment, work-history, and qualifications Service providers, clients, background-check providers Financial account and tax information Payment, payroll, banking, and tax providers; tax authorities Communications and content Service providers, AI processing providers Internet and device activity Hosting and analytics providers Precise geolocation Hosting providers (limited; tied to clock-in/out) Sensitive personal information Limited to purposes in Section 4.4

We have not sold or shared personal information in the last 12 months. We do not have actual knowledge of selling or sharing the personal information of consumers under 16 years of age.

11. Data Retention

We retain personal information for as long as needed to provide the Services and to comply with our legal, tax, accounting, and reporting obligations.

Data type Typical retention period Tax, payroll, and contractor records (W-2, 1099, W-4, W-9, I-9 supporting docs) At least seven (7) years after the relevant tax year, or longer if required by law I-9 forms Three (3) years after date of hire or one (1) year after termination, whichever is later Active Worker profile and assignment history For the duration of the relationship, plus seven (7) years Applications for unsuccessful candidates Up to two (2) years Background-check reports As required by FCRA and state law (typically up to 5 years), then securely disposed Client booking records and invoices At least seven (7) years for accounting and tax purposes Communications (email, SMS, voice, transcripts) Up to seven (7) years from the date of the communication Precise geolocation tied to clock-in/out Up to two (2) years, then aggregated or deleted Cookies and analytics data Up to twenty-four (24) months; session cookies are deleted when you close the browser Marketing preferences and opt-out records Indefinitely, to honor your choices Security and audit logs Up to two (2) years

When we no longer need your information, we will securely delete, destroy, or anonymize it, unless a longer retention period is required by law, regulation, contract, or legal hold.

12. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • TLS encryption in transit and AES encryption at rest;

  • role-based access controls and least-privilege provisioning;

  • row-level security on our database (Supabase) and tenant isolation;

  • multi-factor authentication for administrative access;

  • secrets management and key rotation;

  • audit logging and monitoring;

  • security training for staff;

  • periodic security reviews and vendor due diligence.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your password, one-time codes, and authentication factors confidential, and for notifying us immediately at hello@elev8.la of any suspected unauthorized access.

12.1 Data Breach Notification

In the event of a security incident affecting your personal information, we will notify you and applicable regulators as required by applicable law, including state breach-notification statutes, the FTC Health Breach Notification Rule (if applicable), and the GDPR.

13. Cookies, Analytics, and Tracking

We use cookies, local storage, software development kits, and similar technologies to keep you signed in, remember preferences, secure the Services, prevent fraud, measure performance, and improve our marketing.

Categories of cookies and similar technologies we use:

  • Strictly necessary — required for the Services to function (e.g., authentication, load balancing).

  • Functional — remember preferences and choices.

  • Analytics — measure usage and improve performance (e.g., Google Analytics, Vercel Analytics).

  • Marketing — measure marketing effectiveness (e.g., Meta Pixel). We do not use these for cross-context behavioral advertising.

Your choices. You can control cookies through your browser settings, our cookie banner where available, and through tools provided by analytics providers. Disabling certain cookies may limit functionality.

Global Privacy Control (GPC). We treat a recognized GPC browser signal as a valid request to opt out of sale and sharing of personal information for the browser sending the signal, where required by applicable law.

Do Not Track. Because there is no industry-standard definition of "Do Not Track," we do not currently respond to DNT browser signals.

14. Your Choices and Rights — General

Subject to applicable law, you may have the right to:

  • access, correct, or update the personal information we hold about you;

  • request deletion of your personal information, subject to legal retention requirements;

  • object to or restrict certain processing of your information;

  • request a portable copy of certain information you have provided;

  • withdraw consent where processing is based on your consent;

  • opt out of marketing communications at any time;

  • appeal a denial of any of the above.

To exercise these rights, contact us using the details in Section 23. We may need to verify your identity before responding, and we will not discriminate against you for exercising your rights.

15. Verifying Requests and Authorized Agents

To protect your information, we verify privacy requests by matching information you provide with information we already hold (such as email, phone number, recent shifts, or last four digits of your SSN for Workers). For sensitive requests, we may ask for additional verification or, in limited cases, a signed declaration under penalty of perjury.

You may designate an authorized agent to submit a request on your behalf by providing the agent with written, signed permission and verifying your own identity directly with us. Businesses registered with the California Secretary of State may submit requests through their authorized agents in accordance with CCPA regulations.

We will respond to verifiable requests within the timeframes required by applicable law (typically 45 days under U.S. state laws, with a possible extension; 30 days under the GDPR and UK GDPR).

16. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the following rights:

  • Right to know the categories and specific pieces of personal information we have collected, the sources, the business or commercial purposes, and the categories of third parties with whom we share it.

  • Right to delete personal information we collected from you, subject to exceptions.

  • Right to correct inaccurate personal information.

  • Right to opt out of sale or sharing of personal information for cross-context behavioral advertising. We do not sell or share personal information as those terms are defined under the CCPA.

  • Right to limit the use and disclosure of sensitive personal information. We use sensitive personal information only as described in Section 4.4 and only for the purposes permitted under Cal. Civ. Code § 1798.121(a) (such as performing the Services, ensuring security, and complying with law). Because we do not use sensitive personal information for any purpose that triggers the right to limit under that section, no "Limit the Use of My Sensitive Personal Information" link is required; nevertheless, you may submit a request at hello@elev8.la and we will respond.

  • Right to non-discrimination for exercising your rights.

  • Right to opt out of certain automated decision-making technology as those rights become effective under California's ADMT regulations.

Categories collected, sources, purposes, and disclosures: See Sections 4 (categories and sources), 5 (purposes), and 10 (disclosures).

How to submit a request. Email hello@elev8.la with "California Privacy Request" in the subject line, or write to us at the address in Section 23. Authorized agents may submit requests with proper documentation.

Metrics. If we are required to publish metrics regarding consumer requests under CCPA regulations, we will do so on our website.

17. Other U.S. State Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Indiana, Tennessee, Minnesota, Maryland, or another U.S. state that has enacted a comprehensive privacy law applicable to Eleven8, you may have rights similar to those described in Section 16, including:

  • the right to confirm whether we process your personal data and to access that data;

  • the right to correct inaccurate personal data;

  • the right to delete personal data;

  • the right to obtain a portable copy of personal data;

  • the right to opt out of targeted advertising, sale, and certain profiling (we do not engage in targeted advertising, sale, or profiling that produces legal or similarly significant effects without human review); and

  • the right to appeal a denial of any of the above.

To submit a request, email hello@elev8.la and identify your state of residence. To appeal a denial, reply to our response within 60 days; we will respond within the timeframe required by your state's law (typically 45–60 days). If your appeal is denied, you may contact your state attorney general.

18. EEA, UK, and Swiss Privacy Rights

In addition to the rights in Section 14, individuals located in the EEA, UK, or Switzerland have the right under the GDPR or UK GDPR to:

  • access personal data and receive a copy;

  • request rectification or erasure;

  • restrict or object to processing, including direct marketing;

  • data portability;

  • not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (subject to permitted exceptions);

  • withdraw consent at any time;

  • lodge a complaint with your local supervisory authority.

International transfers. When we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries that have not received an adequacy decision, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU-U.S. Data Privacy Framework (where applicable), and other lawful transfer mechanisms. Copies are available on request.

19. California Worker, Applicant, and Contractor Privacy Notice

This Section 19 supplements the rest of this Privacy Policy and applies to Workers, applicants, employees, and independent contractors who are California residents (collectively, "California Workers"), in accordance with the CCPA as amended by the CPRA.

19.1 Categories of Personal Information Collected and Purposes

We have collected the following categories of personal information about California Workers in the last 12 months:

  • Identifiers (name, address, email, phone, IP, SSN, ITIN, driver's license).

  • Cal. Civ. Code § 1798.80(e) categories (signature, physical characteristics, employment history, financial information, medical information limited to fitness-for-duty where applicable).

  • Protected classifications under California and federal law (age, race, ethnicity, sex, veteran status — only where you voluntarily provide them for EEO purposes).

  • Commercial information (services purchased or used).

  • Internet and device activity (cookies, app usage, log data).

  • Geolocation (including precise geolocation tied to clock-in/out).

  • Audio, electronic, visual, and similar information (photos, videos, call recordings).

  • Professional and employment-related information (resume, references, performance, discipline, pay, scheduling).

  • Education information.

  • Inferences (such as suitability for certain events, reliability scores).

  • Sensitive personal information as listed in Section 4.4.

Purposes: to recruit, hire, onboard, schedule, pay, manage, train, evaluate, and offboard you; to comply with legal obligations (tax, immigration, anti-discrimination, wage-and-hour, workers' compensation, unemployment insurance); to maintain a safe workplace; to administer benefits; to defend legal claims; and the other purposes listed in Section 5.

Sources and recipients: as described in Sections 4.3 and 10. We do not sell or share California Workers' personal information.

19.2 Rights of California Workers

California Workers have the same rights described in Section 16. To exercise these rights, email hello@elev8.la with "California Worker Privacy Request" in the subject line.

20. Children's Privacy

Our Services are intended for individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 18, and we do not knowingly sell or share the personal information of consumers under 16. If we learn we have collected information from a person under 18, we will delete it promptly. If you believe we have collected information from a minor, please contact us at hello@elev8.la.

21. International Users

Eleven8 is based in the United States, and our Services and infrastructure are operated in the U.S. If you access the Services from outside the U.S., your information will be transferred to, stored, and processed in the U.S., where data-protection laws may differ from those in your jurisdiction. By using the Services, you consent to that transfer, subject to the safeguards described in Section 18 where applicable.

22. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not operated by Eleven8. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party site you visit.

23. Accessibility

We are committed to making this Privacy Policy accessible. If you require this policy in an alternative format or need assistance reviewing it, please contact us at hello@elev8.la and we will work with you to provide an accessible version.

24. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this policy and, where appropriate, notify you by email, in-app notice, banner on our website, or another reasonable means. Material changes will be communicated with at least the notice required by applicable law. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

A prior version of this Privacy Policy is available on request.

25. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us:

Eleven8 Event Staff Inc. Attn: Privacy 10 E Church St, Frederick, MD Email: hello@elev8.la Privacy requests: hello@elev8.la (subject line: "Privacy Request") Phone: (323) 426-6910

If you are a resident of the EEA, UK, or Switzerland and need to reach our representative, please contact us at the address above and we will provide their contact details where one has been appointed.

This Privacy Policy was last updated on May 15, 2026. It is provided for informational purposes and does not constitute legal advice. Eleven8 recommends consulting with privacy counsel for jurisdiction-specific guidance.If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Eleven8 Event Staff Inc.

Attn: Privacy

Los Angeles, California, USA

Email: hello@elev8.la

Phone: (323) 426-6910

Sitemap