GameDay Tickets Privacy Policy

2.1 Information You Provide Directly

Event Organizers: When you create an Organizer account, we collect your name, email address, organization name, payment account onboarding information, and event details you provide, including event names, dates, locations, descriptions, pricing, and ticket configurations.

Ticket Purchasers: When you purchase tickets, we collect your name, email address, and billing zip code. Payment card information is collected and processed directly by our payment processor. We never receive, process, or store your full credit card number, CVV, or other sensitive card data.

In-Person Customers: When you make a purchase at an event gate using Tap to Pay on iPhone, a staff member may collect your phone number or email address for the sole purpose of sending you a digital receipt.

Staff Members: When an Organizer creates staff credentials, we collect the staff member's name and login information.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information, including:

• Device information: IP address, browser type, operating system, and device identifiers
• Usage data: Pages visited, features used, timestamps, and referring URLs
• Location data: General geographic location derived from IP address (we do not collect precise GPS location from Purchasers; the iOS app may request location permission for Tap to Pay on iPhone functionality as required by the Stripe Terminal SDK)

2.3 Information from Third Parties

We may receive information from payment and infrastructure providers related to transaction processing and service operations, including transaction status, billing zip codes, and payment method types. We do not receive full card numbers.

4.1 Transactional SMS - In-Person Gate Receipts

SMS is used only for in-person sales made with our native iOS point-of-sale app (Tap to Pay on iPhone). After a staff member completes your purchase, the app shows a "Send receipt" screen offering Text, Email, or Skip. Choosing a text receipt is optional - you can choose Email or Skip and your purchase still completes; nothing is pre-checked or pre-filled. If you choose Text and enter your own mobile number, you agree to receive a single transactional SMS receipt for that purchase, containing your order total and a link to view your tickets. We send transactional messages only - no marketing or promotional content. Message frequency is one message per purchase. Message and data rates may apply. Reply STOP to opt out at any time. Reply HELP for assistance.

4.2 Online Purchases (Email Only)

When you purchase tickets online through an event page on gamedaytickets.io, we confirm your order and deliver your tickets by email. We do not collect a mobile number or send SMS for online purchases.

4.3 No Sharing or Sale of Mobile Information

We do not share or sell mobile phone numbers or SMS opt-in consent to third parties or affiliates for marketing purposes.

Mobile numbers and consent records are used solely to deliver the transactional messages described above and to comply with carrier and regulatory requirements (including A2P 10DLC compliance through our messaging provider, Twilio Inc.). No mobile information is shared, rented, sold, or otherwise disclosed for marketing or promotional purposes.

4.4 Transactional Email

If you purchase tickets online or provide your email at the point of sale, you will receive transactional emails including order confirmations, digital tickets, and receipts. These are necessary for the fulfillment of your purchase and are not marketing communications.

4.5 Marketing Communications

We do not send unsolicited marketing emails or SMS messages to Purchasers. Organizers may receive occasional product update emails, from which they may unsubscribe at any time.

5.1 With Payment Providers

We share transaction data with payment providers for payment processing, including payment amounts, currency, and billing information.

5.2 With Event Organizers

When you purchase tickets, we share your name and email address with the Organizer of the event for the purpose of ticket fulfillment, event communication, and gate management. Organizers' use of your data is governed by their own privacy policies.

5.3 With Service Providers

We share information with third-party service providers who assist in operating the Service. As of the Last Updated date, our key service providers are:

• Stripe, Inc. - payment processing, Stripe Connect payouts, and Tap to Pay on iPhone in-person payments
• Apple Inc. - when you tap a contactless card, iPhone, Apple Watch, or other NFC-enabled device to make an in-person purchase, Apple processes limited encrypted payment data on your device to enable the contactless transaction via Tap to Pay on iPhone. Apple does not retain the customer's primary account number (PAN). Apple's handling of this data is governed by the Apple Privacy Policy and the Tap to Pay on iPhone Privacy Notice surfaced at the point of sale.
• Supabase, Inc. - database hosting, authentication, and file storage
• Vercel Inc. - web and API hosting, edge delivery, and privacy-respecting first-party analytics
• Resend Inc. - transactional email delivery (order confirmations, tickets, receipts)
• Twilio Inc. - transactional SMS delivery (digital receipts at in-person payments)
• Functional Software, Inc. (Sentry) - application error monitoring

These providers are contractually obligated to use your information only for the purposes of providing their services to us. We update this list when our provider relationships change.

5.4 For Legal Reasons

We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.6 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We have not sold personal information in the preceding twelve (12) months.

5.7 Platform Operator Access (Internal)

GameDay Tickets is operated by a small team. Authorized personnel may access individual records - including order, ticket, and account information - only as reasonably necessary to operate, support, secure, audit, and improve the Service. Examples include responding to a support request, investigating a suspected fraudulent transaction, debugging a payment failure, or auditing a chargeback dispute.

When personnel access individual records that contain personal information, that access is logged in an internal audit trail (timestamp, actor, action, and the record accessed). We use this log to monitor our own access and to respond to verifiable requests from you about how your data has been used.

We do not use this access to build cross-organization marketing lists, profile individual purchasers, train machine learning models on your personal information, or share individual records with anyone outside the service providers identified in Section 5.3.

8.1 All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete personal information
• Delete your personal information, subject to legal retention requirements
• Opt out of non-essential communications

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including:

• The right to know what personal information is collected, used, shared, or sold
• The right to delete personal information held by us and by our service providers
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights
• The right to correct inaccurate personal information

To exercise your rights, contact us at info@gamedaytickets.io. We will verify your identity before processing your request and respond within 45 days.

8.3 Nevada Residents

Nevada residents may submit a request to opt out of the sale of their personal information. We do not currently sell personal information. To submit a request, contact us at info@gamedaytickets.io.

8.4 Residents of the European Economic Area, United Kingdom, and Switzerland

The Service is intended for users located in the United States. The Service is not offered to, or intended for use by, individuals located in the European Economic Area, the United Kingdom, or Switzerland. If you are a resident of these regions, please do not use the Service or provide any personal information through the Service. If we become aware that we have collected personal information from a resident of these regions without a lawful basis, we will delete that information promptly.