Privacy Policy

This policy applies to all personal information processed by Eventixx in connection with your use of our website, mobile application, and ticketing services. It applies to Buyers, Organisers, and visitors to our platform.

We act as the Responsible Party under POPIA with respect to personal information collected directly through the Eventixx platform. Where we process information on behalf of Organisers (for example, attendee data), we act as an Operator.

We collect personal information in the following categories:

Information you provide directly

• Account data: Name, email address, password (hashed), and account role (Buyer or Organiser).
• Purchase data: Billing name, email address, ticket selections, and order history.
• Event listing data (Organisers): Event title, description, venue, images, ticket types, and banking details for payouts.
• Communications: Messages or enquiries sent to our support team.

Information collected automatically

• Usage data: Pages visited, search queries, clicks, and time spent on the platform.
• Device data: IP address, browser type, operating system, and device identifiers.
• Cookies and tracking technologies: See Section 7 for details.

Information from third parties

• Google Sign-In: If you register via Google, we receive your name and email address from Google.
• Payment processors: We receive confirmation of payment status from Yoco but do not receive your full card details.

We process your personal information for the following lawful purposes under POPIA:

• To provide the service: Creating accounts, processing ticket purchases, generating QR codes, and delivering confirmations.
• To process payments: Passing necessary transaction data to Yoco and reconciling payments.
• To operate Organiser payouts: Storing banking details securely to remit event proceeds.
• To communicate with you: Sending booking confirmations, event reminders, support responses, and important service updates.
• To improve the platform: Analysing usage patterns to fix bugs, optimise performance, and build better features.
• To ensure security: Detecting fraud, abuse, and unauthorised access to accounts.
• To comply with the law: Retaining records as required by tax, financial, or other regulatory obligations.
• Marketing (with your consent): Sending promotional emails about events or Eventixx features, only where you have opted in.

We will not use your personal information for purposes incompatible with those listed above without your express consent.

We do not sell your personal information. We may share it in limited circumstances:

• With Organisers: When you purchase a ticket, we share your name and email with the event Organiser so they can manage attendee lists and send event communications.
• With payment processors: We share transaction data with Yoco to process payments securely.
• With service providers: We use trusted third parties (hosting, email delivery, analytics) who process data on our behalf under binding data processing agreements.
• For legal compliance: We may disclose information to authorities if required by law, court order, or to protect the rights and safety of our users or the public.
• Business transfers: If Eventixx is acquired or merges with another company, your data may be transferred as part of that transaction, subject to equivalent privacy protections.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Hashed password storage — we never store plaintext passwords.
• Firebase security rules restricting access to data by authenticated user identity.
• Regular security reviews and access controls for staff.

No system is completely secure. If you suspect your account has been compromised, contact us immediately at privacy@eventixx.co.za.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Regulator and affected individuals as required by POPIA.

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained for the life of your account plus 3 years after closure, in case of disputes or legal claims.
• Order and ticket records: Retained for 5 years to comply with South African tax and financial record-keeping requirements.
• Usage and analytics data: Anonymised or deleted within 24 months.
• Marketing consent records: Retained until you withdraw consent.

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

We use cookies and similar technologies to operate the platform and understand how it is used.

Types of cookies we use

• Essential cookies: Required for authentication (Firebase session tokens) and core platform functionality. Cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with the platform (e.g., pages visited, session duration). Data is aggregated and anonymised where possible.
• Preference cookies: Remember your settings such as language and display preferences.

You can control cookies through your browser settings. Blocking essential cookies will prevent you from logging in or completing purchases.

We do not use advertising or third-party tracking cookies that follow you across other websites.

Under the Protection of Personal Information Act 4 of 2013, you have the following rights with respect to your personal information:

• Right of access: You may request a copy of the personal information we hold about you.
• Right to correction: You may request that we correct inaccurate or incomplete information.
• Right to deletion: You may request that we delete your personal information, subject to legal retention obligations.
• Right to object: You may object to the processing of your information for direct marketing purposes at any time.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to complain to the Information Regulator of South Africa if you believe we have violated your rights under POPIA.

To exercise any of these rights, email us at privacy@eventixx.co.za. We will respond within 30 days. We may need to verify your identity before processing your request.

The Eventixx platform is not directed at children under the age of 18. We do not knowingly collect personal information from minors without verifiable parental or guardian consent.

If you believe a child has created an account or provided information without appropriate consent, please contact us at privacy@eventixx.co.za and we will take appropriate action, including deletion of the information.

Some of our service providers are based outside South Africa. Where we transfer personal information across borders, we ensure that the recipient country or organisation provides adequate protection for your information, as required by POPIA Section 72.

Our primary infrastructure is hosted on Google Firebase (Google LLC, USA), which is subject to the EU–US Data Privacy Framework and complies with international data protection standards.

The Eventixx platform integrates with the following third-party services, each with their own privacy policies:

• Google Firebase: Authentication, database, and hosting (Google Privacy Policy applies).
• Yoco: Payment processing (Yoco Privacy Policy applies). We do not receive or store your card details.
• Google Sign-In: Optional OAuth login (Google Privacy Policy applies).

We encourage you to review the privacy policies of these third parties. Eventixx is not responsible for the privacy practices of external services.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on the platform at least 14 days before the change takes effect.

The date at the top of this page indicates when the policy was last updated. Continued use of the platform after the effective date constitutes your acknowledgement of the updated policy.

For any questions, concerns, or requests relating to this Privacy Policy or your personal information, please contact our Information Officer:

We take all privacy concerns seriously and will respond within 30 days of receiving your request. If you are not satisfied with our response, you have the right to escalate your complaint to the Information Regulator (see Section 8).