Entry
Legal

Privacy Policy

How Entry collects, uses, stores, and protects your personal data.

Last updated: 23 February 2026

1. Introduction

This Privacy Policy explains how [Entry Legal Entity Name] ("Entry," "we," "us," or "our"), operating the website and platform at entry.events, collects, uses, shares, and protects personal data when you interact with our website, platform, and services.

Entry is a white-label event ticketing platform that enables event promoters to create branded event pages, sell tickets, manage ambassador and rep programs, and distribute digital wallet passes. This policy applies to all users of our services, including website visitors, event promoters (organisers), ambassadors/reps, and ticket buyers.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Data Controller

For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws, the data controller is:

[Entry Legal Entity Name]

[Business Address]

Email: hello@entry.events

Website: entry.events

Where event promoters use the Entry platform to sell tickets and collect buyer data, the promoter acts as an independent data controller (or joint controller, depending on the circumstances) for the personal data of their ticket buyers. Entry acts as a data processor on behalf of the promoter for ticket buyer data processed through the platform.

3. Personal Data We Collect

We collect different categories of personal data depending on how you interact with Entry. Below is a detailed breakdown of each category.

3.1 Contact Form and Enquiry Data

When you submit our contact form or request a demo, we collect:

  • Full name
  • Email address
  • Company or promoter name
  • Typical event size (selected from a range)
  • Your message content

This data is stored in our database (hosted on Supabase in the EU region) and used to respond to your enquiry, qualify leads, and follow up regarding our services.

3.2 Live Chat Data

When you use our live chat widget on the website, we collect:

  • Name (if provided)
  • Email address (if provided)
  • Chat messages and conversation history
  • Session identifiers (to maintain your conversation across page visits)

Chat conversations are stored in our database and may be processed by our AI assistant (powered by Anthropic) to generate responses. Conversation history is sent to Anthropic's API to provide contextual, relevant answers to your questions about Entry.

3.3 Account and Organisation Data

When you create an account on the Entry platform as an event promoter, we collect:

  • Email address
  • Password (stored in hashed form; we never store plaintext passwords)
  • Organisation name
  • Profile information you choose to provide

3.4 Event and Ticketing Data

When promoters create events on the platform, the following data is generated and stored:

  • Event details (name, description, date, time, location, imagery)
  • Ticket types, pricing, and availability settings
  • Event page content and branding customisations
  • Sales data and analytics

3.5 Payment Data

Entry uses Stripe and Stripe Connect to process all payments. When a ticket purchase is made:

  • Payment card details are collected and processed directly by Stripe. Entry never receives, stores, or has access to full card numbers, CVVs, or other sensitive payment credentials.
  • We store a reference to the Stripe transaction (transaction ID, amount, currency, status) for record-keeping and reconciliation.
  • Promoters connect their own Stripe accounts via Stripe Connect, enabling direct payouts. Entry facilitates this connection but does not access the promoter's bank account details.

Stripe's handling of payment data is governed by Stripe's Privacy Policy. Stripe is PCI DSS Level 1 certified.

3.6 Ambassador and Rep Program Data

When promoters enable the ambassador/rep program for their events, we collect and process data about reps, including:

  • Rep name and email address
  • Unique tracking codes and referral links associated with each rep
  • Sales metrics: number of tickets sold, revenue generated, and conversion data attributed to each rep
  • Gamification data: XP points, levels, and leaderboard rankings

This data is used to track rep performance, calculate commissions, power the gamified leaderboard, and provide analytics to the event promoter.

3.7 Ticket Buyer Data

When someone purchases a ticket through an Entry-powered event page, we collect:

  • Full name
  • Email address
  • Ticket purchase details (event, ticket type, quantity, price)
  • Order reference and confirmation data
  • Wallet pass data (if the buyer adds their ticket to Apple Wallet or Google Wallet)

Ticket buyer data is processed on behalf of the event promoter. The promoter determines how buyer data may be further used (e.g., for event communications). Buyers should review the promoter's own privacy policy for details on how their data is handled beyond what Entry processes for ticketing purposes.

3.8 Analytics and Automatically Collected Data

When you visit our website or use the platform, we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on each page
  • Referring URL
  • Geographic location (derived from IP address, country/region level)

This data helps us understand how our website is used, improve performance, identify technical issues, and make informed product decisions.

3.9 Cookies and Similar Technologies

Entry uses cookies and similar browser storage mechanisms for the following purposes:

Cookie / StoragePurposeDuration
Authentication tokensKeep you signed in to your Entry accountSession / 30 days
Chat session IDMaintain your live chat conversation across pages24 hours
Cookie consent preferencesRemember your cookie consent choices12 months
Analytics identifiersUnderstand site usage and improve user experience26 months

You can manage your cookie preferences through your browser settings. Note that disabling essential cookies (such as authentication tokens) will prevent you from using the platform.

4. Legal Bases for Processing

Under the GDPR (Article 6) and UK GDPR, we process personal data on the following legal bases:

Performance of a Contract (Article 6(1)(b))

Processing necessary to provide the Entry platform and services to you, including: account creation and management, event creation and ticketing, payment processing via Stripe Connect, generating and delivering digital wallet passes, and operating the ambassador/rep program.

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests, where those interests are not overridden by your rights. This includes: improving and optimising our platform and website, preventing fraud and ensuring platform security, analysing usage patterns to enhance the user experience, responding to enquiries submitted via the contact form or live chat, and direct marketing to existing customers about similar services (with an easy opt-out).

Consent (Article 6(1)(a))

Where we rely on your consent, you have the right to withdraw it at any time. We rely on consent for: placing non-essential cookies and analytics trackers, sending marketing communications to prospective customers who are not existing clients, and processing chat conversations through our AI assistant.

Legal Obligation (Article 6(1)(c))

Processing required to comply with our legal obligations, including: maintaining financial records and transaction data for tax purposes, responding to lawful requests from regulatory authorities, and complying with anti-money laundering and fraud prevention requirements.

5. How We Use Your Data

We use the personal data we collect to:

  • Provide, maintain, and improve the Entry platform and all its features, including event page creation, ticket sales, wallet pass generation, and the rep/ambassador program
  • Process ticket purchases and facilitate payments between buyers and promoters via Stripe Connect
  • Send transactional emails (e.g., ticket confirmations, account notifications, password resets) via our email delivery provider, Resend
  • Respond to your enquiries, demo requests, and support messages
  • Power our AI-assisted live chat to provide real-time answers about Entry's features and services
  • Generate analytics and reports for event promoters about ticket sales, rep performance, and event page traffic
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Comply with legal obligations, including tax and financial reporting requirements
  • Send marketing communications about Entry (only with your consent or where permitted under applicable law, and always with an unsubscribe option)

6. Third-Party Services and Data Sharing

We share personal data with the following categories of third-party service providers, strictly for the purposes described. We do not sell your personal data to any third party.

Supabase (Database and Authentication)

Data region: EU (Frankfurt)

Supabase hosts our database and authentication infrastructure. All lead data, user accounts, conversation histories, chat messages, event data, and ticket records are stored in Supabase. Data is stored in the EU region.

Anthropic (AI Chat Assistant)

Data region: United States

When you interact with our live chat, your conversation history (including any name or email you provide and your messages) is sent to Anthropic's API to generate AI responses. Anthropic processes this data as a sub-processor and is contractually bound not to use your data for training their models when accessed via their API.

Stripe (Payment Processing)

Data region: United States (with global infrastructure)

Stripe processes all payment transactions. When a ticket is purchased, payment card details are sent directly to Stripe and never pass through Entry's servers. Stripe Connect handles payouts to event promoters. Stripe is an independent data controller for the payment data it processes.

Resend (Email Delivery)

Data region: United States

We use Resend to send transactional emails, including ticket confirmations, account verification emails, and password reset links. Resend receives the recipient's email address and the email content in order to deliver these messages.

Vercel (Hosting and Infrastructure)

Data region: United States (with global edge network)

Vercel hosts our website and platform. As part of standard web hosting, Vercel processes server logs that include IP addresses, request URLs, and basic request metadata. Vercel operates a global edge network, meaning requests may be processed at the nearest edge location to the user.

Apple and Google (Wallet Passes)

Data region: Varies (global infrastructure)

When a ticket buyer adds their ticket to Apple Wallet or Google Wallet, pass data (event name, ticket holder name, ticket details, and a unique pass identifier) is transmitted to Apple or Google, respectively. These companies process this data according to their own privacy policies.

We may also share data with professional advisers (legal, accounting) and with law enforcement or regulatory authorities when required by law.

7. International Data Transfers

Some of the third-party service providers we use are based outside the European Economic Area (EEA) and the United Kingdom, primarily in the United States. This means your personal data may be transferred to, and processed in, countries that may not provide the same level of data protection as your home country.

Where personal data is transferred outside the EEA or UK, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) with service providers that process personal data outside the EEA/UK, including Anthropic, Vercel, Stripe, and Resend.
  • Adequacy Decisions: Where available, we rely on adequacy decisions issued by the European Commission or the UK Secretary of State recognising that a third country provides an adequate level of data protection. The EU-US Data Privacy Framework may apply to certain US-based processors that have self-certified.
  • EU-Region Database: Our primary database (Supabase) stores data in the EU (Frankfurt region), ensuring that the core dataset remains within the EEA.

You may request a copy of the safeguards we have in place by contacting us at hello@entry.events.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our specific retention periods are:

Data CategoryRetention Period
Account and organisation dataDuration of active account + 12 months after account deletion
Chat and conversation data24 months from last interaction
Contact form / lead enquiry data24 months from submission, or until the enquiry relationship concludes
Payment and transaction records7 years (legal requirement for financial records and tax compliance)
Event and ticketing dataDuration of promoter account + 12 months, or 7 years for transaction-related records
Ambassador/rep program dataDuration of association with the promoter + 12 months
Analytics data26 months
Authentication cookiesSession or up to 30 days
Chat session cookies24 hours
Cookie consent preferences12 months
Analytics cookies26 months

When data reaches the end of its retention period, it is securely deleted or anonymised so that it can no longer be associated with you.

9. Your Rights

Depending on your location and the applicable data protection laws, you may have the following rights in relation to your personal data.

9.1 Rights Under the EU GDPR and UK GDPR

If you are located in the European Economic Area or the United Kingdom, you have the right to:

  • Access the personal data we hold about you, and receive a copy of it
  • Rectification of inaccurate or incomplete personal data
  • Erasure ("right to be forgotten") of your personal data in certain circumstances
  • Restriction of processing of your personal data in certain circumstances
  • Data portability — receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
  • Object to processing based on legitimate interests or for direct marketing purposes
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal
  • Not be subject to automated decision-making, including profiling, that produces legal or similarly significant effects on you. Entry does not currently make automated decisions with legal or significant effects based on your personal data.

You also have the right to lodge a complaint with your local supervisory authority (e.g., the Information Commissioner's Office in the UK, or the relevant Data Protection Authority in your EU member state).

9.2 Rights Under the CCPA / CPRA (California)

If you are a California resident, you have the right to:

  • Right to Know: Request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g., where we are legally required to retain data).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: Entry does not sell your personal information as defined by the CCPA/CPRA. We do not share your personal information for cross-context behavioural advertising.
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising any of your CCPA/CPRA rights.

To exercise these rights, or to designate an authorised agent to act on your behalf, please contact us at hello@entry.events. We will verify your identity before fulfilling your request.

9.3 Rights Under the Australian Privacy Act 1988

If you are located in Australia, you have the right under the Australian Privacy Principles (APPs) to:

  • Access the personal information we hold about you
  • Correction of personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

9.4 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

Email: hello@entry.events

Subject line: "Data Subject Rights Request"

We will respond to all legitimate requests within 30 days (or within the timeframe required by applicable law). In some cases, we may need to verify your identity before processing your request. If your request is particularly complex or you have made multiple requests, we may extend the response period by an additional 60 days, in which case we will notify you.

10. Children's Privacy

Entry's services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@entry.events and we will take steps to delete such information promptly.

If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that data from our servers.

11. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Our website is served exclusively over HTTPS.
  • Encryption at rest: Our database provider (Supabase) encrypts stored data at rest using AES-256 encryption.
  • Secure authentication: Passwords are hashed using industry-standard algorithms. We support secure session management with token-based authentication.
  • Access controls: Access to personal data is restricted to personnel who need it to perform their duties. We use role-based access controls and follow the principle of least privilege.
  • Third-party security: Our key service providers (Stripe, Supabase, Vercel) maintain their own robust security programmes and compliance certifications (e.g., Stripe is PCI DSS Level 1 certified; Supabase maintains SOC 2 Type II compliance).
  • Regular security reviews: We conduct periodic reviews of our security practices, access permissions, and data processing activities.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining and improving our security practices.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational or legal reasons. When we make changes:

  • We will update the "Last updated" date at the top of this page.
  • For material changes that significantly affect how we process your personal data, we will notify registered users via email and/or display a prominent notice on our platform.
  • We encourage you to review this policy periodically to stay informed about how we protect your data.

Continued use of our services after a change to this Privacy Policy constitutes your acknowledgement of the updated policy. Where required by law, we will seek your renewed consent for material changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

[Entry Legal Entity Name]

[Business Address]

Email: hello@entry.events

Website: entry.events

We aim to resolve all complaints and queries directly. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.