Skip to main content
Equaticket

Legal

Privacy Policy

How we collect, use, and protect your personal information.

Effective Date:April 22, 2026

Contents (18 sections)
  1. 1.Introduction
  2. 2.Data Roles: Controllers and Processors
  3. 3.Sources of Personal Information
  4. 4.Information We Collect
  5. 5.How We Use Information
  6. 6.Legal Basis for Processing (GDPR)
  7. 7.Payment Data and Stripe Connect
  8. 8.How We Share Information
  9. 9.Data Retention
  10. 10.Data Security
  11. 11.Your Rights and Choices
  12. 12.Children's Privacy
  13. 13.Cookies and Similar Technologies
  14. 14.International Data Transfers
  15. 15.Embeddable Widget and Third-Party Websites
  16. 16.Contact Information
  17. 17.Changes to This Policy
  18. 18.Do Not Track Signals

1. Introduction

This Privacy Policy ("Policy") explains how Equaticket ("ATXDC LLC," "Equaticket," "we," "us," or "our") collects, uses, stores, shares, and protects personal information when you access or use the Equaticket platform, including our website at www.equaticket.com, hosted event pages, embeddable ticket widgets, checkout pages, and all related services (collectively, the "Service").

This Policy applies to all users of the Service, including event organizers ("Organizers"), ticket purchasers and event attendees ("Buyers"), and visitors to our website ("Visitors"). Where this Policy refers to "Buyers," it includes individuals who attend events and whose check-in or attendance data is recorded through the Service. Different sections apply depending on your relationship with Equaticket, as described below.

This Policy should be read together with our Terms of Service and, where applicable, any data processing agreement or other contractual terms entered into with Organizers. Where consent is required by applicable law for specific processing activities, we will request it separately.

Some processing described in this Policy is carried out on behalf of Organizers (who act as data controllers for their events), and some is carried out for Equaticket's own purposes. Section 2 explains this distinction in detail.

2. Data Roles: Controllers and Processors

Understanding who is responsible for your personal data depends on how you interact with the Service and the context of processing. The same individual's data may be processed in both capacities depending on the purpose.

When Equaticket acts as a Data Processor: Organizers generally determine the purposes of collection and the event-specific data collected through their events, while Equaticket provides and administers the technical platform used to process that data. In this context, the Organizer is the data controller and Equaticket acts as a data processor on the Organizer's behalf. This applies to processing such as order fulfillment, ticket delivery, check-in, and event-related transactional communications. Organizers are responsible for ensuring they have a lawful basis for collecting and processing Buyer data, for providing legally required notices, for obtaining any required consents, and for complying with applicable privacy laws.

When Equaticket acts as an Independent Data Controller: Equaticket also processes data as an independent controller for its own legitimate business purposes, including platform account administration and authentication, subscription billing and payment processing, security, fraud prevention, and abuse detection, legal compliance and dispute resolution, service analytics and platform improvement, and enforcing our Terms of Service. For example, a Buyer's data may be processed on behalf of the Organizer for order fulfillment and check-in, and separately by Equaticket for security logging, fraud prevention, legal compliance, and platform integrity.

For Buyers: Your primary data relationship for event-related personal information is with the Organizer from whom you purchased tickets. The Organizer's name and contact information is included on your ticket confirmation email and order receipt. If you have questions about how an Organizer uses your event-related data, you should contact the Organizer directly. For questions about how Equaticket processes your data in its capacity as a controller (such as for platform security or legal compliance), you may contact us using the information in Section 16. If we receive a data rights request from a Buyer that relates to event-specific data controlled by an Organizer, we may direct you to the relevant Organizer or coordinate with the Organizer as required by applicable law.

Organizers are responsible for ensuring that the event content, policies, and data collection forms they create comply with applicable law. Equaticket does not control Organizer privacy practices outside the Service; however, Organizers remain responsible for providing their own privacy notices and obtaining any required consents from Buyers.

3. Sources of Personal Information

We collect personal information from the following sources:

  • Directly from Organizers when they create accounts, configure events, manage teams, and communicate with us.
  • Directly from Buyers when they purchase tickets and submit checkout forms.
  • Automatically through your use of the Service, including device, usage, and network data collected during page visits and through CAPTCHA verification.
  • From authentication providers (such as Google) if you choose to sign in via OAuth.
  • From payment infrastructure providers (such as Stripe) in connection with transaction processing.
  • From Organizers in connection with team member invitations.

4. Information We Collect

4.1 Information Organizers Provide

When an Organizer creates an account and uses the Service, we collect:

  • Account information: Name, email address, organization name, billing contact information, and role within the organization.
  • Authentication data: Information needed to verify your identity, including data from magic-link email authentication and Google OAuth. When an Organizer signs in via Google OAuth, we receive the Organizer's name, email address, and Google account identifier, and may receive a profile picture depending on the OAuth scopes authorized. We do not store passwords — authentication is handled through passwordless mechanisms.
  • Event information: Event titles, descriptions, dates, times, venues, ticket types, pricing, and any other content Organizers upload or link to event pages.
  • Custom checkout fields: Organizers may configure custom fields on their checkout forms. Equaticket does not control or review the content of these fields. Organizers are responsible for ensuring that custom checkout fields they configure comply with applicable law and are appropriate for the event. Equaticket may, but is not obligated to, review or restrict use of custom fields where necessary to protect the Service, users, or legal compliance.
  • Organizer-defined policies: Refund policies, liability waivers, event rules, and other policy content that Organizers create and attach to events.
  • Billing and subscription data: Subscription tier selection, billing term, plan changes, payment history, and account lifecycle events (upgrades, downgrades, pauses). Payment method details (credit card numbers, bank account information) are collected and processed directly by Stripe and are not stored on Equaticket's servers. See Section 7 for details on Stripe Connect.
  • Team member information: Names, email addresses, and assigned roles (owner, admin, event_manager, check_in_only) for team members invited to an Organization. When an Organizer invites a team member by email, we process the invitee's email address to deliver the invitation. This occurs before the invitee creates an account; the invitation expires after seven (7) days if not accepted.
  • BYO Email configuration (paid tiers): Domain configuration information and technical credentials necessary to enable custom transactional email delivery, including verification of Domain Name System (DNS) records required to authenticate custom sending domains (SPF, DKIM, DMARC). Integration credentials provided as part of BYO Email setup are stored in encrypted form.
  • Support communications: Messages, feedback, and correspondence you send to us.

4.2 Information Buyers Provide

When a Buyer purchases a ticket through the Service, we collect:

  • Order information: Name, email address, and responses to any Organizer-configured custom checkout fields. Custom fields are defined by the Organizer and may vary by event. Buyers should review the Organizer's own privacy disclosures regarding custom field data use.
  • Consent records: Records of which legal documents (platform Terms of Service, Privacy Policy, and any Organizer-defined policies) the Buyer accepted at checkout, including timestamps and document version identifiers.

Buyers do not create persistent accounts on Equaticket. A temporary session is created to manage checkout state; this session does not create a persistent Equaticket account and is deleted from active systems after transaction completion or expiration, generally within twenty-four (24) hours (see Section 9 for full retention details). Buyer payment information (credit card numbers) is collected and processed directly by Stripe on the Organizer's connected Stripe account. Equaticket does not collect, transmit, store, or have access to Buyer payment card data.

4.3 Information Collected Automatically

When you access or use the Service, we automatically collect:

  • Device and browser information: Browser type and version, operating system, and device type.
  • Usage data: Pages visited, features used, actions taken (such as event creation, ticket purchase, and check-in scans), timestamps, and session duration.
  • Network information: IP address, approximate geographic location derived from IP address, and referring URL.
  • Consent metadata: IP address and user agent string recorded at the time of legal document acceptance (for both Organizer and Buyer consent records), as required for audit and compliance purposes.
  • CAPTCHA data: Equaticket uses Cloudflare Turnstile for bot protection. Turnstile may collect device and interaction data to verify human users. See Cloudflare's privacy policy for details on Turnstile data processing.

4.4 Information from Third-Party Services

We may receive information from the following third-party services in connection with your use of the Service:

  • Supabase (database and authentication): Supabase serves as the primary data store for all platform data and provides authentication services. We receive authentication tokens and profile data from magic-link or Google OAuth sign-in.
  • Stripe (payments): Transaction confirmation data, payment status, refund status, dispute notifications, and Stripe account connection status. Equaticket does not receive full payment card numbers from Stripe.
  • Upstash (caching and background processing): Upstash provides Redis caching and asynchronous job processing. Data that passes through Upstash includes session state and background job payloads, the latter of which may contain order data, Buyer email addresses, and outbound webhook delivery queues.
  • Sentry (error monitoring): Error and performance data used to diagnose and fix platform issues, with efforts to minimize unnecessary personal data in error reports.
  • Vercel (hosting and analytics): Web analytics data including page views, performance metrics, and geographic distribution.

4.5 Information We Do Not Intentionally Collect

As part of its standard workflows, Equaticket does not intentionally request or collect:

  • Full credit or debit card numbers, CVVs, or bank account numbers (these are processed exclusively by Stripe).
  • Government-issued identification numbers.
  • Biometric data.
  • Health or medical information.
  • Information from children under applicable age thresholds under relevant children's privacy laws (see Section 12).

However, Organizers may configure custom checkout fields, and Buyers should not submit sensitive personal information through those fields unless it is necessary for the event and the Organizer has provided appropriate notice and obtained any required consent.

5. How We Use Information

5.1 To Provide and Operate the Service

  • Processing ticket purchases, delivering electronic tickets via email, and managing order records.
  • Hosting and displaying event pages and embeddable widgets.
  • Facilitating check-in at events, including QR code generation and validation. QR codes are generated on-the-fly and are not stored.
  • Providing check-in analytics and export capabilities to Organizers for events they manage (available on paid tiers).
  • Managing Organizer accounts, team members, and organization settings.
  • Processing subscription billing through Stripe.
  • Sending transactional and operational emails (see Section 5.2).
  • Enabling data export. Data export is processed client-side in the Organizer's browser; exported files are not transmitted through Equaticket's servers.
  • Enforcing subscription tier limits (monthly ticket caps, email caps).
  • Recording acceptance of platform and Organizer legal terms at checkout and during Organizer onboarding.
  • Transmitting event and order data to Organizer-designated webhook endpoints, when enabled by the Organizer (Pro tier; see Section 8.6).
  • Responding to support inquiries and customer service requests.

5.2 Transactional and Operational Email

Equaticket sends only transactional, system-triggered emails. We do not send marketing, promotional, or Organizer-composed emails through the platform.

Guaranteed Transactional Emails (these emails are prioritized even when an Organizer's email cap is reached):

  • Ticket delivery (on purchase completion)
  • Order confirmation (on payment confirmation)
  • Refund confirmation (when Organizer processes a refund)
  • Event cancellation notice (when Organizer cancels an event)

Cap-Subject Transactional Emails (may be limited when an Organizer's email cap is reached):

  • Ticket resend (on Buyer request)
  • Event reminder (before event start, Organizer-toggleable)

Platform Operational Emails (sent to Organizers by Equaticket):

  • Subscription and billing notifications (renewal, payment failure, dunning, pause lifecycle, pre-renewal notice)
  • Tier limit warnings (approaching monthly ticket cap)
  • Terms of Service and Privacy Policy update notifications
  • Account lifecycle notifications during subscription pause
  • Stripe account verification reminders and Stripe disconnect alerts
  • Account deletion request confirmation, cancellation confirmation, and deletion completion notice
  • Inactivity warning notice (Free-tier accounts approaching the 12-month inactivity threshold)

Organizers on paid tiers who configure BYO Email (custom sending domain) change only the sender identity on transactional emails — BYO Email does not unlock additional email types or enable marketing emails. Even when an Organizer uses a custom sender identity, Equaticket continues to process email delivery metadata (such as delivery status and bounce information).

5.3 For Security and Fraud Prevention

  • Detecting and preventing fraud, abuse, and unauthorized access.
  • Monitoring for elevated chargeback or dispute rates.
  • Enforcing rate limits and abuse-prevention measures.
  • Logging consent metadata with IP addresses and user agent strings for audit purposes.
  • Verifying Organizer email addresses (required for Free-tier Organizers before first event publish).

5.4 For Legal and Compliance Purposes

  • Complying with applicable laws, regulations, and legal processes.
  • Responding to lawful requests from government authorities.
  • Establishing, exercising, or defending legal claims.
  • Maintaining consent records for audit and dispute resolution.

5.5 For Service Improvement

  • Analyzing usage patterns to improve platform features and performance.
  • Monitoring platform health, uptime, and error rates.
  • Understanding aggregate trends in event creation, ticket sales, and feature adoption.

We use analytics and performance monitoring tools to understand how the Service is used and to improve platform performance. We do not use advertising-related analytics or tools for cross-site behavioral tracking.

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.

6. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation applies, our legal basis for processing personal information depends on the type of data and the context of processing.

The following table describes the legal bases for processing where Equaticket acts as an independent data controller. Where Equaticket processes personal data on behalf of an Organizer as a data processor, the Organizer is responsible for identifying the applicable legal basis for that processing.

Processing ActivityLegal Basis
Organizer account management, authentication, and team administrationPerformance of a contract (Article 6(1)(b))
Organizer subscription billing and payment processingPerformance of a contract (Article 6(1)(b))
Recording acceptance of platform legal terms at checkout and onboardingLegitimate interests in compliance, accountability, recordkeeping, and dispute resolution (Article 6(1)(f)); and, where applicable, compliance with legal obligations (Article 6(1)(c))
Processing temporary checkout sessionsLegitimate interests in providing the Service and preventing fraud (Article 6(1)(f))
Application hosting and request processingLegitimate interests in operating and securing the Service (Article 6(1)(f))
Security, fraud prevention, and abuse detectionLegitimate interests (Article 6(1)(f))
Analytics and performance monitoringLegitimate interests (Article 6(1)(f))
Error monitoring and diagnosticsLegitimate interests in service stability (Article 6(1)(f))
CAPTCHA and bot detectionLegitimate interests in platform security (Article 6(1)(f))
Legal compliance, dispute resolution, tax recordsLegal obligation (Article 6(1)(c))
Sending platform operational emails to OrganizersLegitimate interests (Article 6(1)(f))

Where we rely on legitimate interests, we assess whether our interests are overridden by the rights and freedoms of data subjects, taking into account the nature of the data, the reasonable expectations of individuals, and the safeguards in place.

7. Payment Data and Stripe Connect

Equaticket uses Stripe Connect (Standard) as its payment infrastructure.

How it works: Each Organizer connects their own Stripe account to Equaticket. When a Buyer purchases a ticket, they are redirected from the Equaticket checkout page to a Stripe-hosted payment page to complete payment. All ticket sale funds flow directly from the Buyer to the Organizer's Stripe account.

What Equaticket does not do: Equaticket does not collect, process, store, or have access to Buyer payment card details. Equaticket does not hold, custody, or touch Buyer funds at any point. Equaticket is not a payment processor, money transmitter, or escrow agent.

What Equaticket does receive from Stripe:

  • Transaction confirmation (payment succeeded or failed)
  • Payment and refund status updates (via Stripe webhooks)
  • Dispute and chargeback notifications
  • Organizer Stripe account connection status

Stripe's processing fees are charged by Stripe directly to the Organizer. Equaticket adds no surcharge or markup. For information about how Stripe collects and uses your data, please refer to Stripe's Privacy Policy.

Equaticket's subscription billing: Organizer subscription payments are processed by Stripe. While Equaticket manages subscription state (tier, billing term, pause status), the actual payment processing and storage of payment methods is handled by Stripe.

8. How We Share Information

8.1 We Do Not Sell Your Data

Equaticket does not sell personal information. We do not share personal information for cross-context behavioral advertising. We share personal information only as described in this Section 8.

8.2 With Organizers

When a Buyer purchases a ticket, the Organizer receives the Buyer's name, email address, ticket details, order information, responses to custom checkout fields, and records relating to acceptance of Organizer-defined policies and other checkout-related acknowledgments made available through the Service. Organizers may also access check-in data (scan status, timestamps, analytics) for their events. The Organizer is the data controller for this data and is responsible for their own use of it.

8.3 With Service Providers and Infrastructure Vendors

We use third-party vendors and infrastructure providers to host, operate, secure, authenticate, analyze, and support the Service. Depending on the processing context, these vendors may act as our processors, service providers, or sub-processors. Each is authorized to process data only as necessary to provide its specific function, subject to contractual and technical safeguards where applicable.

Our current service providers include:

  • Supabase — database hosting, authentication, and real-time features
  • Stripe — payment processing and subscription billing
  • Resend — transactional email delivery
  • Vercel — application hosting, serverless compute, and web analytics
  • Upstash — caching and background job processing
  • Cloudflare — CAPTCHA (Turnstile) and DNS
  • Sentry — error monitoring and performance tracking

A detailed list of our service providers and sub-processors — including the specific categories of data each processes, data storage locations, and applicable international transfer mechanisms — is maintained at [equaticket.com/subprocessors].

8.4 Publicly Visible Information

Organizer-authored event content — including event details, ticket types, pricing, and Organizer-defined policies — is publicly displayed on hosted event pages and embeddable widgets. This is content the Organizer has chosen to publish. Organizer account details beyond what appears on event pages are not publicly visible.

8.5 For Legal Reasons

We may disclose personal information if we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request.
  • Enforce our Terms of Service or other agreements.
  • Protect the rights, property, or safety of Equaticket, our users, or the public.
  • Detect, prevent, or address fraud, security, or technical issues.

8.6 With Organizer-Designated Endpoints (Outbound Webhooks)

Organizers on the Pro tier may configure webhook endpoints to receive event, order, and Buyer data (including check-in and attendance records). When enabled, Equaticket transmits order and Buyer information — including names, email addresses, ticket details, order status, and any data submitted through the checkout form (including responses to Organizer-configured custom fields) — to the URLs specified by the Organizer. Organizers are responsible for determining what checkout data is transmitted through webhooks they enable. In doing so, Equaticket is acting as a processor transmitting data at the Organizer's direction. Equaticket is not responsible for the independent privacy or security practices of third-party systems designated by the Organizer after data is transmitted to those systems at the Organizer's direction. Organizers are responsible for ensuring their webhook receivers comply with applicable data protection laws.

8.7 In Connection with a Business Transfer

If Equaticket is involved in a merger, acquisition, reorganization, or sale of all or substantially all of its assets, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

9. Data Retention

9.1 General Principles

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, enforce our agreements, and maintain business records.

9.2 Specific Retention Periods

Data CategoryRetention PeriodNotes
Active account dataDuration of account relationshipPersists through subscription changes, pauses, and downgrades to Free tier
Financial records (orders, payments, refunds)7 years from event date or account closure, whichever is laterFor tax compliance, dispute resolution, and legal obligations. Buyer PII within these records is anonymized upon Organizer account deletion.
Check-in and attendance records3 years from event dateScan timestamps, check-in status, and attendance data
Consent records (Organizer and Buyer)Long-term; retained for compliance, legal, and audit purposesAppend-only; not modified under normal platform operation
Security and authentication logs12 monthsAccess logs and security event data
Support communications3 years after most recent communicationMay be longer if related to an ongoing dispute or legal matter
Temporary checkout sessionsDeleted within 24 hours of completion or abandonmentMay persist in encrypted backups subject to backup rotation period
Encrypted backup archivesUp to 90 days following deletion from active systemsInaccessible to production services; permanently overwritten through normal rotation
Anonymized/aggregated dataIndefinitelyData that can no longer identify an individual

Self-service account deletion: Organizers may initiate permanent account deletion from their dashboard (Settings → Account → Delete Organization). This begins a 30-day grace period during which the account is suspended but data is not yet deleted. Organizers may cancel the deletion request within this window. After the grace period, the Organization account, event listings, team member records, and configuration data are permanently deleted from active systems. Data retained for legal or compliance purposes (financial records, consent records) is anonymized as described in this table. See Section 5.6 of the Organizer Terms of Service for full details.

Inactive Free-tier accounts: Free-tier accounts that remain inactive for twelve (12) consecutive months may be terminated by Equaticket with thirty (30) days' prior notice sent to the account's registered email address. Following termination of an inactive account, personal data is deleted or anonymized subject to the retention obligations in this table. Paid-tier accounts are not subject to inactivity-based termination while an active subscription is maintained.

Note on backup archives: Data deleted from active production systems may continue to exist in encrypted backup archives for up to ninety (90) days, during which time it is inaccessible to production services and will be permanently overwritten through normal backup rotation.

10. Data Security

Equaticket implements commercially reasonable technical and organizational security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Passwordless authentication: Authentication via magic links and OAuth, with no passwords stored on the platform.
  • Database-level access control: Row-Level Security (RLS) enforced on all tables, ensuring users can only access data they are authorized to view. Multi-tenant architecture with organization-scoped data access.
  • Encryption: Data encrypted in transit via TLS/HTTPS. Database encryption at rest provided by infrastructure providers. Certain sensitive configuration data is encrypted at rest.
  • Least-privilege access: Access to production systems and data is limited to what is necessary for platform operation.
  • Webhook security: Signature verification on inbound payment webhooks to prevent tampering.
  • Data integrity protections: Consent records and audit-relevant data are designed to preserve integrity and prevent unauthorized modification.
  • Transactional controls: Safeguards to ensure data consistency and prevent duplicate processing in concurrent ticket purchase and check-in operations.
  • Monitoring and incident response: Error monitoring and performance analytics for detecting anomalies and security issues.

No method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach affecting personal information, we will notify affected parties and relevant authorities as required by applicable law.

11. Your Rights and Choices

11.1 General

We are committed to respecting your privacy rights under applicable law. To exercise any of the rights described below, contact us at privacy@equaticket.com. We may require you to verify your identity or authority before acting on a request, including by confirming control of the relevant email address or requesting additional information reasonably necessary to process the request.

For Buyers: If your request relates to event registration, ticketing, attendee details, custom checkout fields, or event-related communications, the Organizer is usually the primary controller and should be your first point of contact. The Organizer's name and contact information is included on your ticket confirmation email and order receipt. If we receive such a request, we may direct you to the relevant Organizer or coordinate with the Organizer as required by applicable law. If your request relates to processing for Equaticket's own purposes — such as security, legal compliance, or platform integrity — you may contact us directly.

11.2 Rights Under GDPR (EEA, UK, and Swiss Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit how we use your personal data.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format. Organizers can export event data, attendee lists, order history, and account data in CSV format through the Service at any time, including during a subscription pause. For portability requests beyond what the export functionality provides, contact us at privacy@equaticket.com.
  • Right to object: Object to processing of your personal data where we rely on legitimate interests as the legal basis. Where you object, we will cease that processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.
  • Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with your local data protection supervisory authority.

We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law. This period may be extended by up to sixty (60) additional days where necessary, taking into account the complexity and number of requests.

11.3 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your information.
  • Right to delete: Request deletion of personal information we have collected, subject to exceptions permitted by law.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: Equaticket does not sell personal information and does not share personal information for cross-context behavioral advertising.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

CCPA categories of personal information collected:

CCPA CategoryExamplesCollected?
IdentifiersName, email address, IP address, third-party authentication identifiers (such as a Google account ID)Yes
Commercial informationTransaction records, ticket purchases, subscription historyYes
Internet/electronic activityUsage data, feature interactions, page views within the ServiceYes
Geolocation dataApproximate location derived from IP addressYes
Professional/employment informationOrganization name, roleYes (Organizers)
InferencesWe do not create consumer profiles from collected dataNo
Sensitive personal informationNot intentionally requested in standard platform workflows; may be submitted through Organizer-configured custom fields at the Organizer's discretion. Equaticket does not control what Organizers request through custom fields.Limited / Organizer-dependent

11.4 Rights Under Texas TDPSA (Texas Residents)

If you are a Texas resident, the Texas Data Privacy and Security Act provides you with the following rights:

  • Right of access: Confirm whether we are processing your personal data and access that data.
  • Right to correction: Correct inaccuracies in your personal data.
  • Right to deletion: Delete personal data you have provided or that we have obtained about you.
  • Right to data portability: Obtain a copy of your personal data in a portable, readily usable format.
  • Right to opt out: Opt out of the processing of your personal data for purposes of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

Equaticket does not sell personal data, engage in targeted advertising, or engage in profiling of this nature. To exercise any of these rights, contact us at privacy@equaticket.com.

California residents may also submit complaints to the California Privacy Protection Agency at cppa.ca.gov.

11.5 Rights Under Other Jurisdictions

Several other U.S. states have enacted comprehensive privacy laws, including the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA). Residents of these states generally have rights similar to those described in Sections 11.3 and 11.4, including rights of access, correction, deletion, data portability, and the right to opt out of certain processing activities. To exercise rights under any applicable state privacy law, contact us at privacy@equaticket.com.

We are committed to complying with applicable data protection laws in all jurisdictions where we operate. If you believe you have privacy rights under the laws of your jurisdiction that are not addressed above, please contact us at privacy@equaticket.com and we will work with you to address your request.

12. Children's Privacy

Equaticket is a general-purpose business service for event organizers and is not designed for or marketed to children. We do not knowingly collect personal information from children under the age of 13 (or the applicable age of digital consent in your jurisdiction).

Organizers who create events that may be attended by minors are responsible for assessing whether their events involve children's data and for obtaining any consents required by applicable law, including the Children's Online Privacy Protection Act (COPPA) and equivalent laws in other jurisdictions. Such consents must be obtained independently and not through the Equaticket platform.

If we learn that personal information has been collected in violation of applicable children's privacy laws, we may suspend the relevant event or account and take appropriate steps to delete or restrict the data as required. If you believe we have inadvertently collected information from a child, please contact us at privacy@equaticket.com.

13. Cookies and Similar Technologies

13.1 Technologies We Use

Equaticket uses cookies and similar technologies for the following purposes:

  • Essential technologies: Required for the Service to function, including authentication session management, security tokens, and consent state. These cannot be disabled without impairing core functionality.
  • Analytics: We use analytics and performance monitoring services to collect usage data such as page views, performance metrics, and general usage patterns. These tools help us understand service usage and improve platform performance. We do not use advertising-related analytics or tools for cross-site behavioral tracking.
  • Security: Cloudflare Turnstile is used for CAPTCHA verification and bot detection, and may set cookies or use similar technologies as part of this process.

13.2 Technologies We Do Not Use

Equaticket does not use advertising or retargeting cookies, third-party tracking cookies for cross-site behavioral advertising, social media tracking pixels, or fingerprinting or persistent tracking mechanisms beyond session-based technologies.

13.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. We use only essential, security, and analytics technologies as described above.

We will request consent before placing non-essential cookies on devices of users where required by applicable law, including visitors from the European Economic Area and United Kingdom.

14. International Data Transfers

Equaticket is operated from the United States. If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States and potentially other countries where our service providers operate.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries that have not received an adequacy decision, we rely on applicable lawful transfer mechanisms, which may include Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, where our service providers are certified participants. Information about the specific transfer mechanisms applicable to each service provider is available on our sub-processor page.

15. Embeddable Widget and Third-Party Websites

Organizers may embed the Equaticket ticket widget on their own websites. When you interact with an embedded widget:

  • The widget displays ticket information and directs you to a hosted Equaticket checkout page.
  • Payment processing does not occur within the embedded widget.
  • When the widget loads on an Organizer's website, Equaticket's servers receive standard web request data, including your IP address and browser information, as part of serving the widget content. This processing is subject to this Policy.
  • Equaticket is not responsible for the privacy practices, cookies, tracking, or security of the Organizer's website where the widget is embedded.
  • The Organizer's website may have its own privacy policy and tracking technologies that are separate from and not governed by this Policy.

When you leave an Organizer's site and are redirected to an Equaticket-hosted checkout page, this Policy applies to your interactions on the Equaticket-hosted page.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Equaticket

ATXDC LLC

1401 Lavaca St #899, Austin, Texas 78701

  • General support: support@equaticket.com
  • Privacy and data protection requests: privacy@equaticket.com
  • Legal notices: legal@equaticket.com

For data protection inquiries specifically related to GDPR, you may contact our data protection contact at privacy@equaticket.com.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Effective Date" at the top of this Policy.
  • For Organizers: We will notify Organizers via email and/or through in-product notification. Material changes will require Organizers to review and affirmatively re-accept updated platform documents through the Service before publishing new events or continuing certain activities.
  • For Buyers (future purchases): Updated policies will be presented to Buyers at checkout for future ticket purchases. Future purchases will be governed by the then-current version of this Policy.
  • For Buyers (previously collected data): For material changes that affect how we process personal information we have already collected from Buyers, we will provide notice by email to the address provided at purchase, where technically feasible, or through prominent notice on our website.

The current version of this Policy is always available at [equaticket.com/privacy].

Where required by applicable law, we will obtain consent or provide additional notice before material changes to data processing take effect.

18. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no industry-standard interpretation of DNT signals, Equaticket does not currently alter its data collection practices in response to DNT signals. As described in Section 13, we do not use advertising or cross-site tracking technologies.