Privacy Policy

1. Introduction

Maxify Global Limited ("Maxify Tickets," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our event management and check-in platform, including our website at maxifytickets.com, mobile applications, and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including event organizers ("Organizers"), event attendees ("Attendees"), and visitors to our website. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

We process personal data in compliance with applicable data protection laws, including but not limited to: the General Data Protection Regulation (GDPR) in the European Union; the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in California, USA; the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada; the Protection of Personal Information Act (POPIA) in South Africa; the Nigeria Data Protection Regulation (NDPR); and other applicable regional privacy laws.

2. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, phone number, and any other identifier.
• "Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or erasure.
• "Data Controller" means the entity that determines the purposes and means of processing Personal Data. Maxify Tickets acts as a Data Controller for Organizer account data and as a Data Processor for Attendee data processed on behalf of Organizers.
• "Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.
• "Data Subject" means the individual whose Personal Data is being processed.
• "Sensitive Personal Data" (also known as "Special Category Data") means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or sexual orientation.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you provide when you:

• Create an account (name, email address, password, organization name)
• Set up your organization profile (company name, address, logo, branding preferences)
• Create events (event details, dates, locations, descriptions, banner images)
• Add guest information (names, email addresses)
• Process payments (billing address, payment method details processed via Stripe)
• Contact our support team (communication content, attachments)
• Respond to surveys or provide feedback

3.2 Information Collected Automatically

When you use our Services, we automatically collect:

• Device Information: Device type, operating system, unique device identifiers, browser type and version
• Log Data: IP address, access times, pages viewed, referring URL, actions taken within the Services
• Location Data: Approximate location derived from IP address (we do not collect precise GPS location)
• Usage Data: Features used, events created, check-ins performed, time spent on pages
• Mobile App Data: App version, crash reports, performance data

3.3 Information from Third Parties

We may receive information from:

• Payment Processors: Transaction status and limited payment information from Stripe
• Analytics Providers: Aggregated usage statistics and trends
• Organizers: Guest lists uploaded by event Organizers containing Attendee information

3.4 Sensitive Personal Data

We do not intentionally collect Sensitive Personal Data. If Organizers include such data in guest lists or event information, they are solely responsible for ensuring they have appropriate legal bases and consents for such processing.

4. Legal Basis for Processing (GDPR)

Under the GDPR and similar laws, we process your Personal Data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our contract with you, including providing the Services, managing your account, and processing transactions.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, ensuring security, and conducting analytics, provided these interests are not overridden by your rights.
• Legal Obligations: Processing necessary to comply with legal requirements, including tax, accounting, and regulatory obligations.
• Consent: Where required by law, we obtain your explicit consent for certain processing activities, such as marketing communications. You may withdraw consent at any time.
• Vital Interests: In rare circumstances, processing may be necessary to protect someone's life.

5. How We Use Your Information

We use the information we collect to:

5.1 Provide and Maintain Services

• Create and manage your account
• Process event creation and guest management
• Generate and deliver QR codes for event check-in
• Send transactional emails (invitations, confirmations, reminders)
• Process subscription payments and billing
• Provide customer support

5.2 Improve and Develop Services

• Analyze usage patterns to enhance user experience
• Develop new features and functionality
• Conduct research and analytics
• Test and troubleshoot new products

5.3 Communications

• Send service-related notices and updates
• Respond to inquiries and support requests
• Send marketing communications (with consent where required)
• Notify you of changes to our Services or policies

5.4 Security and Compliance

• Detect, prevent, and address fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect the rights, property, and safety of our users

6. Disclosure of Your Information

We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes. We may share your information in the following circumstances:

6.1 Service Providers

We engage trusted third-party companies to perform services on our behalf, including hosting providers, payment processors (Stripe), email delivery services, analytics providers, and customer support tools. These providers are contractually bound to use your data only for the purposes we specify and in accordance with this Privacy Policy.

6.2 Event Organizers

If you are an Attendee, your information (as provided by the Organizer) is accessible to the Organizer who created the event. The Organizer controls how they use your data in accordance with their own privacy practices.

6.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your Personal Data.

6.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

7. International Data Transfers

Your Personal Data may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.

When we transfer Personal Data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide appropriate safeguards for data transfers
• Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate protection
• Supplementary Measures: Additional technical and organizational measures where necessary

For transfers from Canada, we comply with PIPEDA's requirements for cross-border data transfers. For transfers involving African jurisdictions, we comply with applicable local requirements including POPIA's provisions regarding trans-border information flows.

8. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Retention Periods:

• Active Accounts: Data is retained while your account remains active
• Closed Accounts: Account data is retained for 30 days after closure, then permanently deleted
• Event Data: Event and guest data is retained for 12 months after the event date, unless you delete it earlier
• Financial Records: Transaction records are retained for 7 years to comply with tax and accounting regulations
• Legal Claims: Data may be retained longer if necessary for the establishment, exercise, or defense of legal claims

Upon expiration of the retention period, Personal Data is securely deleted or anonymized so that it can no longer be associated with you.

9. Data Security

We implement appropriate technical and organizational measures designed to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.
• Access Controls: Strict access controls and authentication mechanisms limit access to Personal Data to authorized personnel only.
• Infrastructure Security: Our Services are hosted on enterprise-grade cloud infrastructure with physical security, firewalls, and intrusion detection systems.
• Regular Audits: We conduct regular security assessments and vulnerability testing.
• Employee Training: All employees receive data protection and security awareness training.
• Incident Response: We maintain incident response procedures to address any security breaches promptly.

While we strive to protect your Personal Data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to enhance our security measures.

Data Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR).

10. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your Personal Data:

• Right to Access: Request a copy of the Personal Data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your Personal Data in certain circumstances.
• Right to Restrict Processing: Request limitation of processing of your Personal Data.
• Right to Data Portability: Receive your Personal Data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at privacy@maxifytickets.com. We will respond to your request within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before processing your request.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of Personal Information: Identifiers (name, email, IP address); Commercial information (transaction history, subscription details); Internet activity (browsing history, interactions with our Services); Geolocation data (approximate location from IP address); Professional information (organization name, job title).

11.2 Your CCPA/CPRA Rights

• Right to Know: You can request disclosure of the categories and specific pieces of Personal Information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: You can request deletion of your Personal Information, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate Personal Information.
• Right to Opt-Out of Sale/Sharing: We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We do not use or disclose Sensitive Personal Information for purposes other than those permitted by the CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

11.3 Exercising Your Rights

To submit a request, contact us at privacy@maxifytickets.com or call us at the number provided below. You may designate an authorized agent to make a request on your behalf. We will verify your identity before processing requests.

11.4 Financial Incentives

We do not offer financial incentives or price differences in exchange for the retention or sale of your Personal Information.

11.5 Shine the Light

Under California Civil Code Section 1798.83 ("Shine the Light"), California residents may request information about disclosure of Personal Information to third parties for direct marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent local laws:

12.1 Data Controller Information

Maxify Global Limited is the Data Controller for Personal Data collected from Organizers. For Attendee data uploaded by Organizers, the Organizer is the Data Controller and Maxify Tickets acts as a Data Processor.

12.2 Your GDPR Rights

In addition to the rights listed in Section 10, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at: https://edpb.europa.eu

12.3 Data Protection Officer

For privacy-related inquiries, you may contact our Data Protection team at dpo@maxifytickets.com.

12.4 UK GDPR

For users in the United Kingdom, we process Personal Data in accordance with the UK GDPR and Data Protection Act 2018. You may lodge complaints with the Information Commissioner's Office (ICO) at ico.org.uk.

13. Canadian Privacy Rights (PIPEDA)

If you are a Canadian resident, your Personal Information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws (such as Alberta's PIPA, British Columbia's PIPA, and Quebec's Law 25).

13.1 Your PIPEDA Rights

• Access: You can request access to your Personal Information held by us.
• Correction: You can challenge the accuracy and completeness of your Personal Information.
• Withdrawal of Consent: You can withdraw consent to certain processing, subject to legal or contractual restrictions.
• Complaint: You can file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

13.2 Quebec Law 25

If you are a Quebec resident, you have additional rights under Quebec's Law 25 (Act respecting the protection of personal information in the private sector), including the right to data portability and the right to be informed of automated decision-making. We will provide information about any automated decisions that may significantly affect you.

14. African Privacy Rights

14.1 South Africa (POPIA)

If you are located in South Africa, your Personal Information is protected under the Protection of Personal Information Act (POPIA). As a Data Subject, you have rights including:

• The right to be notified that Personal Information is being collected
• The right to access your Personal Information
• The right to request correction or deletion
• The right to object to processing
• The right to lodge a complaint with the Information Regulator at inforegulator.org.za

14.2 Nigeria (NDPR)

If you are located in Nigeria, your data is protected under the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023. You have rights including access, rectification, erasure, and the right to lodge complaints with the Nigeria Data Protection Commission (NDPC).

14.3 Kenya (DPA)

If you are located in Kenya, the Data Protection Act 2019 protects your Personal Data. You have rights to access, correction, deletion, and to lodge complaints with the Office of the Data Protection Commissioner.

14.4 Other African Jurisdictions

We comply with applicable data protection laws in other African jurisdictions where we operate, including Ghana's Data Protection Act, Egypt's Personal Data Protection Law, and the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) where applicable.

15. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information when you use our Services.

15.1 Types of Cookies We Use

• Essential Cookies: Required for the operation of our Services. They enable core functionality such as security, authentication, and session management. You cannot opt out of these cookies.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.
• Analytics Cookies: Help us understand how visitors interact with our Services by collecting information anonymously. We use this data to improve our Services.
• Performance Cookies: Collect information about how you use our Services to help us improve performance and user experience.

15.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of our Services may not function properly without cookies.

15.3 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals because there is no industry standard for compliance. We will update this policy if a standard is established.

15.4 Third-Party Analytics

We may use third-party analytics services (such as Google Analytics) that use cookies to help us analyze how users use our Services. The information generated is transmitted to and stored by the analytics provider.

16. Children's Privacy

Our Services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect Personal Data from children.

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately at privacy@maxifytickets.com. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to delete that information.

COPPA Compliance: For users in the United States, we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect information from children under 13.

17. Third-Party Services and Links

Our Services may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

Key Third-Party Services We Use:

• Stripe: Payment processing (stripe.com/privacy)
• Cloud Infrastructure: Data hosting and storage
• Email Services: Transactional email delivery

We encourage you to review the privacy policies of any third-party services before providing your information.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will notify you via email or prominent notice on our Services prior to the change becoming effective
• Where required by law, we will obtain your consent to material changes

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Time: We will respond to all privacy-related inquiries within 30 days, or sooner as required by applicable law.

For California Residents: You may also contact us toll-free to exercise your CCPA/CPRA rights.

For EEA/UK Residents: You may contact our Data Protection Officer directly for GDPR-related inquiries.

© 2026 Maxify Global Limited. All rights reserved.