Privacy Policy

Effective 26 April 2026

This Privacy Policy explains what personal data Entry Limited (“we”) collects, why we collect it, how we use it, and the choices you have. Entry is the events platform powering ticket sales, the rep ambassador programme, and the Entry mobile apps for iOS and Android.

1. Data we collect

We collect data you give us directly and data generated by your use of the Service.

You give us

• Account info — email address, password (hashed), display name, optional profile photo.
• Profile info (rep app) — first/last name, optional phone number, gender, bio, Instagram and TikTok handles.
• Purchase info — name, email, phone, billing address, and payment details. Payment card details are handled directly by Stripe; we never see or store full card numbers.
• User-generated content — stories, quest submissions (including photos and screenshots you upload), reports of other users.

We collect automatically

• Device info — device type, OS version, app version, language, timezone.
• Push tokens — APNs, FCM, or web-push endpoints if you enable notifications, used solely to send you the notifications you opted in to.
• Usage data — pages and screens viewed, taps, errors, crash reports. Used to debug, improve the app, and detect abuse.
• Approximate location — derived from your IP address to choose the right currency and to show events near you. We do not access precise device GPS.

2. How we use your data

• To provide the Service — process ticket purchases, validate scans, run the rep programme.
• To send you transactional messages (order confirmations, ticket emails, password resets).
• To send marketing emails from the relevant Promoter, only if you opted in. You can unsubscribe at any time from the link in every email.
• To send push notifications you have enabled in the app.
• To prevent fraud and abuse, including detecting fake accounts and unauthorised resale.
• To comply with legal obligations (tax, accounting, lawful requests from authorities).

3. Who we share data with

We share your data only as needed to operate the Service and only with the following categories of recipients:

• Promoters — when you buy a ticket, the Promoter running the event receives your name, email, and ticket type so they can manage attendance and communicate with you. When you join a Promoter's rep team, they see your profile and your performance metrics within their team.
• Service providers — Stripe (payments), Supabase (database and storage), Vercel (hosting), Resend (email), Mux (video), Sentry (error monitoring), Klaviyo (marketing email if opted in), Apple and Google (push notifications and Wallet passes). These providers are bound by contract to handle your data only for the purposes we specify.
• Authorities — when required by law, court order, or to protect the safety of users.

We do not sell your personal data.

4. User-generated content and moderation

Stories, quest submissions, and other user-posted content are visible within the app to other users in your audience scope (your Promoter's team, your followers, or the public quest feed). Every surface includes a report button. Reports are reviewed by Entry and the relevant Promoter. Confirmed violations result in content removal. We aim to act on reports within 24 hours.

You can delete your own stories and quest submissions from the app. Once deleted, they are removed from public view; copies may persist in our backups for up to 30 days.

5. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal data. You can exercise these rights:

• From within the app — Settings → Account.
• By emailing privacy@entry.events.

You can withdraw consent for marketing emails at any time using the unsubscribe link or your account settings.

6. Account deletion

You can delete your account from within the app (Settings → Delete account). Account deletion immediately revokes your access, scrubs your personal identifiers (name, email, profile photo, phone, bio, social handles), and removes your push subscriptions. Records required for tax, accounting, or fraud prevention are retained per legal obligation; ledger entries tied to your purchases are preserved for the relevant Promoter.

7. Data retention

• Account profile — until you delete your account.
• Order and ticket records — 7 years (legal accounting requirement).
• Push tokens — until you disable notifications or delete your account.
• Backups — up to 30 days from deletion.
• Crash and error reports — 90 days.

8. International transfers

Entry's primary infrastructure is hosted in the European Union (Supabase EU-West). Some service providers (Stripe, Vercel, Sentry, Apple, Google) may process data in other regions. Where required, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

9. Children

Entry is not directed at children under 16 (or the age of digital consent in your country). If you believe a child has provided us with personal data, contact us and we will delete it.

10. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest, hashed passwords, and access controls. No system is perfectly secure; if we discover a breach we will notify affected users and the relevant authorities per applicable law.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or by email at least 14 days before they take effect.

12. Contact

Privacy questions or requests: privacy@entry.events.