Ticketbaba Documentation

Privacy Policy

How we collect, use, and protect your information with the Nova neural fabric powering Ticketbaba.

Last updated · June 25, 2026
PRV-01

Introduction & Scope

This Privacy Policy explains how Ticketbaba, Inc., a California corporation ("Ticketbaba," "we," "us," or "our"), collects, uses, shares, and protects personal information when you use our event ticketing platform and related services (the "Service"). Ticketbaba, Inc. is the data controller for the personal information described in this policy, except where an event organizer acts as an independent controller for their own attendee relationships.

You can reach us at Ticketbaba, Inc., 8033 West Sunset Boulevard, #3900, Los Angeles, CA 90046, USA.

This policy applies to three audiences who interact with the Service:

  • Attendees who browse events, create accounts, and purchase tickets;
  • Organizers (promoters) who create events and sell tickets using their own connected payment accounts;
  • Visitors who browse our website or marketing pages without an account.
PRV-02

Definitions

To make this policy easier to follow, we use the following terms:

Personal Data / Personal Information
Any information that identifies, relates to, or could reasonably be linked to an identifiable individual, such as a name, email address, phone number, or device identifier.
Processing
Any operation performed on personal data, including collecting, storing, using, sharing, or deleting it.
Controller
The party that determines the purposes and means of processing personal data. Ticketbaba is the controller for the platform; organizers are independent controllers for their own attendee relationships.
Processor / Service Provider
A party that processes personal data on behalf of, and under the instructions of, a controller (for example, our payment, messaging, and hosting vendors).
Organizer
A promoter who creates and manages events and sells tickets through the Service as a separate tenant.
Attendee
An individual who purchases or holds a ticket to an event offered through the Service.
PRV-03

Information We Collect

We collect the following categories of information, depending on how you use the Service:

Account information

  • Your name, email address, password (stored in hashed form), and role (attendee, organizer, or admin).

Phone number

  • If you use passwordless login, we collect your mobile phone number to send and verify one-time SMS codes (OTP).

Orders & tickets

  • Details of the events you browse, the tickets you purchase, order history, ticket categories, quantities, and the QR codes issued to you.

Payment metadata

  • Limited payment details such as the last four digits and brand of your card and Stripe transaction or customer identifiers. Full card numbers are handled by Stripe and never touch Ticketbaba servers.

Wallet pass data

  • When you add a ticket to Apple Wallet or Google Wallet, the pass data needed to generate and update the pass.

QR / check-in scan data

  • When your ticket is scanned at an event, we record the check-in time and the scanning device, and related check-in status.

Device & usage information

  • Your IP address, browser type, device characteristics, pages viewed, and interactions, collected through cookies and analytics tools.

Support communications

  • The contents of messages you send us, including submissions through our in-app contact form.
PRV-04

How We Collect It

Directly from you

  • When you create an account, log in, buy tickets, add tickets to a wallet, or contact us.

Automatically

Through cookies and similar technologies as you use the Service, including analytics and anti-fraud tools.

From third parties

  • From organizers, when their systems or events relate to your tickets;
  • From Stripe, which returns payment metadata and confirmation of completed transactions;
  • From Google reCAPTCHA, which provides risk signals to help us detect fraud and abuse.
PRV-05

How We Use Your Information & Legal Bases

We use personal information for the following purposes:

  • To create and manage your account and authenticate you (including via SMS one-time codes);
  • To process ticket purchases and deliver tickets, confirmations, and updates;
  • To provide wallet passes and event check-in functionality;
  • To provide customer support and respond to your requests;
  • To operate, secure, and improve the Service, and to detect and prevent fraud and abuse;
  • To comply with legal, tax, and financial record-keeping obligations.

Legal bases (GDPR / UK GDPR)

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases under Article 6:

Performance of a contract
To create your account, process ticket purchases, deliver tickets, and provide the Service you request.
Legitimate interests
To secure and improve the Service, prevent fraud, and understand how the Service is used, balanced against your rights.
Consent
For certain cookies and analytics, and for SMS verification messages, where consent is required. You may withdraw consent at any time.
Legal obligation
To meet tax, accounting, and other legal record-keeping and compliance requirements.
PRV-06

Cookies & Similar Technologies

We use cookies and similar technologies to keep you logged in, remember preferences such as light/dark mode, measure and improve product usage, and protect our forms against fraud and abuse.

These include essential cookies, preference cookies, PostHog analytics cookies, and Google reCAPTCHA cookies.

For a full description of the cookies we use and how to control them, please see our Cookie Policy.

PRV-07

SMS / Phone Verification

If you choose passwordless login, we send one-time verification codes by SMS to the mobile number you provide, using our messaging provider Twilio.

By providing your phone number and requesting a code, you consent to receiving verification text messages from us. Message and data rates may apply, and message frequency varies. These messages are transactional and tied to authentication, not marketing.

To stop using SMS login, switch to email and password authentication in your account, or contact us through our contact form for help. Standard carrier charges from your mobile provider are your responsibility.

PRV-08

How We Share Information

We share personal information only as described below. We do not sell your personal information.

  • Organizers: when you buy a ticket, the relevant organizer receives your name and email address to manage your attendee relationship. Organizers act as independent data controllers for that information.
  • Stripe / Stripe Connect: to process payments. Ticket revenue flows to the organizer's own connected Stripe account, and Ticketbaba collects a per-ticket platform fee.
  • Service providers and subprocessors: vendors who help us operate the Service (messaging, analytics, error monitoring, anti-fraud, wallet delivery, hosting, and transactional email).
  • Legal & safety: when required by law, legal process, or to protect the rights, property, or safety of Ticketbaba, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
  • We do not sell your personal information to third parties.
PRV-09

Service Providers / Subprocessors

We rely on the following categories of service providers to deliver the Service. Each processes personal data only as needed for its function and under appropriate agreements:

Stripe
Payment processing and Stripe Connect payouts. Stripe acts as an independent controller and/or processor of payment data under its own terms and privacy policy.
Twilio
Delivery of SMS one-time codes for passwordless login and verification.
PostHog
Product analytics to understand and improve how the Service is used.
Sentry
Error monitoring and diagnostics to detect and fix technical issues.
Google reCAPTCHA
Anti-fraud and bot protection on our forms, governed by Google's policies.
Apple Wallet / Google Wallet
Delivery and updating of digital ticket passes, subject to Apple's and Google's terms.
Cloud hosting & email
US-based cloud infrastructure that hosts the Service and a transactional email provider that delivers confirmations and notifications.
PRV-10

International Data Transfers

We are based in the United States and process personal information on US-based cloud infrastructure. If you access the Service from outside the United States, your information will be transferred to and processed in the United States and other countries where our service providers operate.

Where we transfer personal data from the European Economic Area, the United Kingdom, or other regions with cross-border transfer restrictions, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) to protect that data.

PRV-11

Data Retention

We retain personal information for as long as it is needed to provide the Service, maintain your account, and fulfill the purposes described in this policy.

Retention periods depend on the type of data and the reason we hold it. For example, order and payment records are kept longer to meet tax, accounting, and other legal record-keeping obligations.

When you ask us to delete your data, we will do so unless we are required or permitted to retain certain records by law (for example, financial records). You can make a deletion request through our contact form.

PRV-12

Data Security

We implement appropriate technical and organizational measures to protect personal information, including encryption of data in transit using TLS, encryption of sensitive data at rest, and access controls that limit who can view your information.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We maintain processes to detect, investigate, and respond to security incidents, and we will notify affected users and regulators of a personal data breach where required by applicable law.

PRV-13

Your Privacy Rights (General)

Subject to applicable law, you may have the following rights over your personal information:

  • Access: request a copy of the personal information we hold about you;
  • Correction: ask us to correct inaccurate or incomplete information;
  • Deletion: request that we delete your personal information;
  • Portability: receive certain information in a portable, machine-readable format;
  • Objection: object to certain processing based on our legitimate interests;
  • Restriction: ask us to restrict processing in certain circumstances.

To exercise any of these rights, please contact us through our contact form. We may need to verify your identity before acting on a request.

PRV-14

GDPR & UK GDPR Rights (EEA/UK)

If you are located in the European Economic Area or the United Kingdom, the GDPR or UK GDPR applies to our processing of your personal data. The data controller is Ticketbaba, Inc., 8033 West Sunset Boulevard, #3900, Los Angeles, CA 90046, USA.

We process your data on the legal bases described in the section on how we use your information (performance of a contract, legitimate interests, consent, and legal obligation).

As a data subject, you have the rights to access, rectification, erasure, restriction of processing, data portability, and to object to processing. Where we rely on consent, you have the right to withdraw it at any time without affecting processing already carried out.

You may exercise these rights through our contact form. You also have the right to lodge a complaint with your local data protection supervisory authority.

PRV-15

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights regarding your personal information.

In the past twelve months we may have collected the following categories of personal information: identifiers (such as name, email, and phone number); commercial information (tickets and orders); internet or network activity (device and usage data); and geolocation inferred from IP address.

Subject to verification, you have the right to:

  • Know and access the personal information we have collected about you;
  • Delete personal information we have collected, subject to legal exceptions;
  • Correct inaccurate personal information;
  • Opt out of the sale or sharing of personal information.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We will not discriminate or retaliate against you for exercising your rights.

You may submit a request yourself or through an authorized agent via our contact form. California's "Shine the Light" law also lets California residents request information about disclosures to third parties for their direct marketing purposes; we do not make such disclosures.

PRV-16

UAE PDPL

If you are located in the United Arab Emirates, or your event takes place there, the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) may apply to the processing of your personal data.

Under the PDPL, you may have the rights to:

  • Access your personal data and obtain information about how it is processed;
  • Request correction of inaccurate personal data;
  • Request erasure of your personal data;
  • Request restriction of processing;
  • Object to certain processing of your personal data;
  • Request portability of your personal data.

To exercise any of these rights, contact us through our contact form.

PRV-17

Children's Privacy

The Service is not directed to children. We do not knowingly collect personal information from children under 16 (or under 13 in the United States).

If you believe a child has provided us with personal information, please contact us through our contact form, and we will take steps to delete that information.

PRV-18

Third-Party Links & Organizer Pages

The Service may contain links to organizer event pages and other third-party websites. These pages and sites operate under their own privacy policies, and we are not responsible for their practices.

When you buy a ticket, the relevant organizer becomes an independent data controller for their relationship with you as an attendee. We encourage you to review an organizer's privacy practices for information about how they handle your data.

PRV-19

Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.

We use limited automated checks to detect and prevent fraud, abuse, and bots, including Google reCAPTCHA, which scores form interactions. These checks support, but do not replace, human review where a meaningful decision is involved.

PRV-20

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The effective date below indicates when this policy was last updated.

If we make material changes, we will provide notice through the Service or by other appropriate means before the changes take effect. Your continued use of the Service after an update means you accept the revised policy.

PRV-21

How to Contact Us

To exercise your privacy rights or ask any questions about this Privacy Policy, please reach us through our contact form.

You may also write to us by postal mail at Ticketbaba, Inc., 8033 West Sunset Boulevard, #3900, Los Angeles, CA 90046, USA.

Ready to ship

Host your next event

Create your free account today and start selling tickets in minutes — no credit card required.

No credit card Organizer keeps revenue Cancel anytime