Skip to main content
Equaticket

Your data stays yours.

Equaticket is infrastructure — we process ticket sales and deliver transactional emails on your behalf. We don't monetize your attendee data, share it with advertisers, or use it to promote other organizers' events to your buyers.

Your attendees belong to you

When a buyer purchases a ticket through Equaticket, their name and email become part of your audience — not a platform-wide audience. We do not:

  • Cross-sell your attendees' data to other organizers
  • Use your attendees' purchase history to build advertising profiles
  • Market other events to your buyers without your involvement

You can export your full attendee list as a CSV at any time, with no restrictions. You can also connect your Mailchimp or Kit account to sync buyers to your own email list automatically. When you leave Equaticket, your data leaves with you.

Buyer data — what we process and why

When a buyer purchases a ticket, we collect the information needed to deliver that ticket and operate the platform:

  • Name and email address — to deliver the ticket confirmation email and populate your audience dashboard
  • Payment details — processed by Stripe directly; Equaticket never sees or stores raw card data
  • Order and ticket records — retained for the validity of the purchase, refunds, and organizer reporting

We do not build advertising profiles on buyers. We do not share buyer data with third parties for marketing purposes.

Money flows directly to you

Equaticket uses Stripe Connect Standard. When a buyer checks out, payment goes directly to your connected Stripe account — Equaticket is not an intermediary in the money flow. We never hold organizer funds.

Your Stripe account is yours. Equaticket's access is limited to initiating charges on your behalf during checkout. You can disconnect at any time from your Stripe dashboard.

Security practices

  • API keys — stored as SHA-256 hashes; the raw key is shown once at creation and never stored in recoverable form
  • Webhook signing secrets — stored encrypted at rest using AES-256-GCM
  • Scope-limited API access — API keys are scoped to specific permissions (events:read, orders:read, etc.) and cannot exceed the permissions granted at creation
  • Database — hosted on Supabase (PostgreSQL) with row-level security policies on all tables; each organizer's data is isolated at the row level
  • Hosting — Vercel (edge network, serverless functions) and Cloudflare (DNS, DDoS protection)
  • Payment data — handled entirely by Stripe; Equaticket is PCI compliant by delegation (Stripe absorbs the PCI scope)

GDPR and data erasure

If one of your buyers requests deletion of their personal data under GDPR or a similar regulation, you can process the request directly from your audience dashboard. Erasure anonymizes the buyer's record across all their orders and tickets — permanently and immediately.

You are the data controller for your attendees. Equaticket does not accept data erasure requests directly from buyers.

For step-by-step instructions, see the GDPR Data Erasure guide.

Incident communication

If there is a platform incident affecting service, we publish updates at equaticket.com/status. Organizers on paid plans receive email notifications for incidents that affect their account.

We built Equaticket as infrastructure, not as an audience platform. The business model is a flat subscription — we have no incentive to monetize your data because your data isn't our product. If you have questions about a specific data handling scenario, contact us.

Start free — no card required →