1. Introduction

This Privacy Policy explains how Ticket Brew (Pty) Ltd ("Ticket Brew", "we", "us", or "our") collects, uses, stores, shares, and otherwise processes personal information when you use our website, checkout pages, organiser tools, ticketing services, support channels, and related services (collectively, the "Platform").

This Policy applies to event organisers, ticket buyers, attendees, website visitors, support contacts, and other persons whose personal information we process through the Platform.

We process personal information in accordance with the Protection of Personal Information Act, 2013 ("POPIA") and other applicable South African law. Our Information Officer is registered with the Information Regulator of South Africa.

2. Who we are

Registered / legal name: Ticket Brew (Pty) Ltd
Registration number: 2026/288099/07
Email: [email protected]
Telephone: +27 69 056 2548

3. Your rights under POPIA

As a data subject, you have the following rights under POPIA, which you may exercise by contacting our Information Officer using the details in section 17:

to be notified when your personal information is being collected (s.18);
to request access to personal information we hold about you (s.23);
to request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained (s.24);
to object, on reasonable grounds, to the processing of your personal information (s.11(3));
to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal (s.11(1)(a));
to object to processing for direct marketing purposes (s.69); and
to submit a complaint to the Information Regulator of South Africa if you believe we have processed your personal information unlawfully.

We will respond to rights requests within a reasonable time and, where required by law, within the timeframes prescribed by POPIA. We may need to verify your identity before acting on a request.

4. Personal information we collect

We may collect the following categories of personal information:

full name, email address, phone number, and WhatsApp number where used for ticket delivery or support;
account login details and profile information;
organiser profile information, organisation details, and banking or payout details submitted by organisers;
event listing content, venue details, ticket configuration, and related organiser submissions;
order history, ticket purchases, check-in data, refund data, dispute data, and chargeback information;
payment references, transaction identifiers, and transaction metadata received from our payment service provider, Paystack;
customer support messages and other communications;
IP address, browser type, device type, operating system, session logs, timestamps, and similar technical data; and
cookie and similar technology data as described in section 11.

We do not store full payment card numbers. Payment card details are processed by Paystack and are subject to Paystack's privacy policy and PCI-DSS security obligations.

5. How we use personal information and our lawful bases

We process personal information only where we have a lawful basis under POPIA s.11. The table below sets out our main processing purposes and the lawful basis we rely on for each:

Account creation and management — contractual necessity and legitimate interest in operating the Platform.
Ticket order processing and payment — contractual necessity; we cannot complete your purchase without this.
Ticket delivery by email, WhatsApp, or other supported channels — contractual necessity.
Event check-in and attendance management — contractual necessity and legitimate interest of the organiser.
Organiser verification and payout processing — contractual necessity and compliance with legal obligations (including FICA where applicable).
Fraud prevention, security, and chargeback management — legitimate interest in protecting the Platform, buyers, and organisers, and compliance with legal obligations.
Customer support and communications — contractual necessity and legitimate interest.
Legal, tax, accounting, and regulatory compliance — compliance with legal obligations.
Direct marketing — consent, or legitimate interest in marketing to existing users in accordance with POPIA s.69, subject to your opt-out rights.
Platform maintenance, improvement, monitoring, and analytics — legitimate interest in operating and improving the Platform.

6. When you buy a ticket

When you buy a ticket through the Platform, we process your order and ticket information to complete the transaction, deliver your ticket, support check-in, communicate about event changes, and manage refunds or disputes.

We may share relevant attendee and order information with the organiser of the event so they can administer the event, validate entry, contact attendees regarding event matters, and meet their own legal obligations.

Payment processing is handled by Paystack. By completing a purchase, your payment information is submitted directly to Paystack and is governed by Paystack's privacy policy and terms. We receive only transaction references and status notifications, not your full card details.

7. When you are an organiser

If you use the Platform as an organiser, we may process your personal and business information to create and manage organiser accounts, publish and manage events, verify payout details and identity information where required, and manage settlements, reserves, refunds, disputes, and fraud reviews.

Banking and payout details you provide are processed solely for the purpose of facilitating event payouts and are protected using appropriate security measures. We may be required to verify your identity or banking details for fraud prevention or legal compliance purposes.

8. Sharing of personal information

We may share personal information with:

event organisers, where relevant to an event, ticket purchase, check-in, attendance list, refund, or event communication;
Paystack, our payment service provider, for payment processing, settlements, refunds, fraud prevention, reconciliation, and compliance;
messaging and communications providers, including email service providers and WhatsApp Business solution providers;
cloud hosting, infrastructure, analytics, authentication, customer support, and security providers;
professional advisers such as lawyers, accountants, auditors, insurers, and compliance advisers;
regulators, law enforcement, courts, and other authorities where required or permitted by law; and
a purchaser, investor, or successor entity in connection with a merger, acquisition, restructure, financing, or sale of all or part of our business.

We do not sell personal information as a standalone product or service.

9. International transfers

Some of our service providers, including Paystack and certain infrastructure, messaging, and analytics providers, may process personal information outside South Africa. Where we transfer personal information across borders, we will take reasonably appropriate steps to ensure that the information receives an adequate level of protection consistent with POPIA s.72 and that the transfer is lawful.

10. Retention

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected. As a general guide:

order, ticket, and payment records are retained for a minimum of five years to meet our tax and accounting obligations;
fraud, chargeback, and dispute records are retained for as long as necessary to resolve the matter and as required by our payment providers;
account information is retained while your account is active and for a reasonable period thereafter; and
technical and log data is retained for security and operational purposes for a period determined by our systems and providers.

Retention periods may be extended where required by applicable law, legal proceedings, regulatory investigation, or a legitimate business need.

11. Cookies and similar technologies

We use cookies and similar technologies to keep users signed in, remember preferences, maintain security, detect abuse, operate checkout and platform functionality, and understand site usage and performance.

We may use the following categories of cookies:

Strictly necessary cookies: required for account login, session management, cart and checkout functionality, fraud prevention, and security. These cannot be disabled without affecting the core functionality of the Platform.
Functional cookies: used to remember settings and preferences.
Analytics cookies: used where enabled to understand website traffic, feature usage, and performance trends. These may be set by first-party or third-party analytics providers.
Third-party service cookies: certain third-party services we use, including Paystack's checkout components, may set their own cookies governed by those parties' cookie policies.

You can usually control cookies through your browser settings, including blocking or deleting cookies. Blocking strictly necessary cookies may prevent you from using core features of the Platform such as checkout and login.

12. Direct marketing

We may send marketing communications where permitted by POPIA. Where we rely on legitimate interest to send marketing to existing users, you have the right to opt out at any time using the unsubscribe link in any marketing communication or by contacting us. We will action opt-out requests promptly.

Transactional and service-related communications — such as order confirmations, ticket delivery, event updates, refund notices, and security alerts — are not marketing and may still be sent where necessary for the operation of your account, order, ticket, event, payout, or security.

13. Security

We take reasonably appropriate technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, and destruction. Measures include access controls, encrypted transmission, and regular security reviews. No system is completely secure and we cannot guarantee absolute security.

In the event of a security compromise involving your personal information, we will notify the Information Regulator and, where required by POPIA s.22, notify affected data subjects without unreasonable delay, providing details of the compromise and the steps taken or planned in response.

14. Children

The Platform is not directed at children for independent use unless permitted by applicable law and supervised where required. We do not knowingly collect personal information from children without appropriate consent. Event organisers are responsible for ensuring that their own event practices comply with applicable laws concerning minors.

15. Third-party links and services

The Platform may contain links to third-party websites or services, including Paystack's hosted payment pages. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies before providing any personal information.

16. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the Platform with a revised "Last updated" date. Where changes are material, we will take reasonable steps to bring them to your attention.

17. Contact and complaints

To exercise your rights, submit a privacy request, or raise a privacy complaint with us, contact our Information Officer:

Information Officer: Jaden Stock
Email: [email protected]
Telephone: +27 69 056 2548

If you are not satisfied with our response, or if you believe your personal information has been processed unlawfully, you have the right to lodge a complaint with the Information Regulator of South Africa:

Website: https://www.justice.gov.za/inforeg/
Complaints email: [email protected]
General enquiries: [email protected]