Privacy Policy

1. Introduction

Welcome to GetEventTicket. This Privacy Policy explains how Tyga.Cloud Ltd (Company No: 14643275), trading as GetEventTicket ("we," "us," "our," or "GetEventTicket"), collects, uses, discloses, and safeguards your personal information when you visit our website at geteventticket.com (the "Website"), use our multi-tenant software-as-a-service platform (the "Platform"), or interact with any of our related services (collectively, the "Services").

Tyga.Cloud Ltd is registered in England and Wales with its registered office at Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ.

GetEventTicket is a multi-tenant SaaS platform that enables musicians, bands, and music professionals ("Band Owners" or "Tenants") to create and manage their own branded websites, sell music, merchandise, event tickets, fan subscriptions, and crowdfunding campaigns directly to their fans and customers ("Fans" or "Customers").

For the purposes of this Privacy Policy, the following definitions apply:

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, postal address, telephone number, payment information, IP address, device identifiers, and any other information that can be used directly or indirectly to identify an individual.
• "Services" means the GetEventTicket platform, including all features, tools, APIs, and functionalities provided to Band Owners and their Fans, whether accessed via the Website, custom domains, or any other means.
• "Website" means geteventticket.com and all subdomains, as well as any custom domains configured by Band Owners that are hosted on the GetEventTicket platform infrastructure.
• "Band Owner" or "Tenant" means any individual or entity that registers for a GetEventTicket account to create and manage a band website on the Platform.
• "Fan" or "Customer" means any individual who visits a Band Owner's website, purchases products or services, subscribes to a fan subscription, or otherwise interacts with a Band Owner's storefront hosted on the GetEventTicket platform.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use our Services.

2. Applicability

This Privacy Policy applies to all users of the GetEventTicket platform, including Band Owners, their team members, Fans, Customers, and casual visitors to the Website. It is important to understand the different roles that GetEventTicket and Band Owners play with respect to the processing of personal data.

GetEventTicket as Data Controller

GetEventTicket acts as the data controller for personal data that we collect directly from you in connection with your use of our platform. This includes:

• Account registration information provided by Band Owners and their team members
• Billing and subscription data related to GetEventTicket platform subscriptions
• Usage data, analytics, and technical information collected through the platform
• Communications between you and GetEventTicket (e.g., support requests, marketing emails)
• Information collected from visitors to geteventticket.com (the main marketing website)

GetEventTicket as Data Processor

When Band Owners use GetEventTicket to operate their band websites and sell products or services to their Fans, the Band Owner is the data controller for the personal data of their Fans and Customers. In this context, GetEventTicket acts as a data processor, processing Fan data on behalf of and under the instructions of the Band Owner. This includes:

• Fan and Customer names, email addresses, and shipping addresses collected during purchases
• Order history, transaction data, and purchase preferences
• Fan subscription details and membership information
• Crowdfunding pledge information and campaign contributions
• Any other personal data that Fans provide when interacting with a Band Owner's website

Band Owners are responsible for ensuring that they have a lawful basis for collecting and processing the personal data of their Fans, and for providing their Fans with appropriate privacy notices. GetEventTicket provides tools and features to assist Band Owners in meeting their obligations under applicable data protection laws, but each Band Owner is ultimately responsible for their own compliance.

If you are a Fan or Customer and have questions about how a specific Band Owner processes your personal data, we encourage you to contact that Band Owner directly. If you wish to exercise your data protection rights with respect to data that a Band Owner controls, please direct your request to the relevant Band Owner in the first instance.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal data that you voluntarily provide to us when you register for an account, make a purchase, subscribe to a service, contact us, or otherwise interact with our Services. This includes:

Account Registration (Band Owners):

• Full name and display name
• Email address
• Password (stored in encrypted form)
• Band or artist name
• Genre and music style preferences
• Website subdomain or custom domain preferences
• Profile images, band logos, and biographical information

Billing Information (Band Owners):

• Payment card details (processed and stored securely by our payment processor, Stripe; GetEventTicket does not store full card numbers on our servers)
• Billing name and address
• Stripe Connect account information for receiving payouts
• Tax identification numbers where required
• Subscription plan details and usage tier

Band Profile and Content Data:

• Music tracks, albums, and audio files uploaded to the platform
• Event listings, venue information, and ticket configurations
• Merchandise listings, product descriptions, images, and pricing
• Blog posts, news articles, and other written content
• Photo galleries and media files
• Fan subscription tier descriptions and pricing
• Crowdfunding campaign details, goals, and reward tiers
• Social media links and embeds

Fan and Customer Purchase Information:

• Full name and email address
• Shipping address (for physical merchandise and print-on-demand orders)
• Payment information (processed securely by Stripe; GetEventTicket does not store full card numbers)
• Order details, including items purchased, quantities, and transaction amounts
• Event ticket selections and attendee information
• Fan subscription selections and recurring payment preferences
• Crowdfunding pledge amounts and selected reward tiers

Communications:

• Customer support inquiries and correspondence
• Feedback, reviews, and survey responses
• Email marketing preferences and opt-in status

3.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information about your device and your use of the platform. This includes:

Log Data:

• IP address
• Browser type and version
• Operating system
• Referring URL and exit pages
• Date and time of access
• Pages viewed and actions taken on the platform
• Error logs and performance data

Cookies and Similar Technologies:

• Session cookies to maintain your login state and shopping cart contents
• Preference cookies to remember your settings and display preferences
• Analytics cookies to understand how users interact with our platform
• Security cookies to detect and prevent fraudulent activity

For detailed information about the cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy.

Session Data:

• Shopping cart contents (stored in server-side sessions, scoped per tenant)
• Authentication tokens and session identifiers
• Tenant context information (which band website you are currently visiting)

Usage Analytics:

• Feature usage patterns and frequency
• Storage consumption and bandwidth usage
• Platform performance metrics
• Aggregate and anonymised usage statistics provided to Band Owners via their dashboards

4. How We Use Your Information

We use the personal data we collect for the following purposes:

4.1 Providing and Maintaining Our Services

• Creating and managing your GetEventTicket account
• Hosting and serving Band Owner websites and storefronts
• Processing transactions, including music sales, merchandise orders, event ticket purchases, fan subscriptions, and crowdfunding pledges
• Facilitating payment processing through Stripe and Stripe Connect
• Fulfilling merchandise orders, including forwarding print-on-demand orders to third-party fulfilment providers such as Printful
• Managing fan subscriptions and recurring billing
• Delivering digital content and downloads to purchasers
• Providing customer support and responding to enquiries
• Sending transactional emails, including order confirmations, shipping notifications, and account updates

4.2 Improving and Developing Our Platform

• Analysing usage patterns to improve features, user experience, and platform performance
• Conducting internal research and development
• Testing new features and functionality
• Monitoring and enforcing usage limits and subscription tiers
• Generating aggregate, anonymised analytics and reporting

4.3 Communications

• Sending administrative communications about your account, subscription, or the Services
• Providing customer support and technical assistance
• Sending marketing communications about new features, updates, and offers (with your consent, where required)
• Facilitating communications between Band Owners and their Fans where the platform provides such features

4.4 Protecting Rights and Ensuring Safety

• Detecting, preventing, and addressing fraud, abuse, and security incidents
• Enforcing our Terms of Service and other policies
• Protecting the rights, property, and safety of GetEventTicket, our users, and the public
• Monitoring for and removing prohibited content or activity

4.5 Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from public authorities, including law enforcement and government agencies
• Fulfilling tax reporting obligations
• Establishing, exercising, or defending legal claims

5. Information Sharing

We do not sell your personal data to third parties. We may share your personal data in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to perform functions and provide services on our behalf. These service providers have access to your personal data only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Our key service providers include:

• Stripe: Payment processing, subscription billing, and Stripe Connect for Band Owner payouts. Stripe processes payment card information in accordance with PCI DSS standards. See Stripe's Privacy Policy.
• Printful: Print-on-demand merchandise fulfilment. When a Fan purchases a print-on-demand product, we share the necessary order details (including shipping name and address) with Printful to fulfil the order. See Printful's Privacy Policy.
• Cloud Hosting Providers: We use cloud infrastructure services to host the platform, store data, and deliver content. Data is stored on servers located in secure data centres with appropriate physical, technical, and organisational safeguards.
• Email Service Providers: We use third-party email services to send transactional and marketing communications on our behalf.
• Analytics Providers: We may use analytics tools to help us understand how users interact with our Services.

5.2 Band Owners (Tenants)

When you interact with a Band Owner's website on the GetEventTicket platform (e.g., making a purchase, subscribing, or pledging to a campaign), the Band Owner will have access to the personal data you provide in connection with that interaction. This is necessary for the Band Owner to fulfil your order, manage your subscription, or otherwise provide services to you. Band Owners may have their own privacy policies governing their use of your data.

5.3 Affiliates and Related Companies

We may share your personal data with Tyga.Cloud Ltd's affiliated entities for purposes consistent with this Privacy Policy. Any such affiliates will be required to honour this Privacy Policy in their handling of your personal data.

5.4 Government and Legal Requests

We may disclose your personal data if required to do so by law, or if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, or regulatory requirement
• Protect and defend the rights or property of Tyga.Cloud Ltd
• Prevent or investigate possible wrongdoing in connection with the Services
• Protect the personal safety of users of the Services or the public
• Protect against legal liability

5.5 Business Transfers

In the event that Tyga.Cloud Ltd or GetEventTicket is involved in a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data, and any choices you may have regarding your personal data, in accordance with applicable law.

6. Children's Privacy

GetEventTicket is not directed to individuals under the age of 18. We do not knowingly collect personal data from children under the age of 18. If you are under 18, you may not create a GetEventTicket account or use our Services without the consent and supervision of a parent or legal guardian.

Band Owners are responsible for ensuring that their websites and storefronts comply with applicable laws regarding the collection of personal data from minors.

If we become aware that we have collected personal data from a child under the age of 18 without verification of parental consent, we will take steps to delete that information as promptly as possible. If you believe that we may have collected personal data from a child under 18, please contact us at dpo@tyga.cloud.

7. Your Rights and Choices

7.1 Account Management

If you are a Band Owner, you can access, update, and manage much of your personal data through your GetEventTicket dashboard settings. This includes your profile information, band details, billing information, and notification preferences. You can also delete your account by contacting our support team, which will result in the removal of your account data in accordance with our data retention practices and applicable legal obligations.

7.2 Email Communications

You can opt out of receiving marketing and promotional emails from GetEventTicket by clicking the "unsubscribe" link included in each marketing email, or by updating your communication preferences in your account settings. Please note that even if you opt out of marketing communications, we may still send you transactional emails related to your account and Services (e.g., order confirmations, billing notices, security alerts, and important service updates).

7.3 Cookies

You can manage your cookie preferences through your browser settings or through the cookie consent mechanism provided on our Website. Please note that disabling certain cookies may affect the functionality of the Services. For detailed information, please see our Cookie Policy.

7.4 Data Access and Portability

You have the right to request a copy of the personal data we hold about you. Band Owners can export their data, including content, product listings, and order information, through the platform's built-in tools where available. For data export requests that cannot be fulfilled through self-service tools, please contact us at dpo@tyga.cloud.

7.5 Data Deletion

You have the right to request the deletion of your personal data, subject to certain exceptions required by law (e.g., data we must retain for tax, accounting, or legal compliance purposes). To request deletion, please contact us at dpo@tyga.cloud. We will process your request within 30 days, or within the timeframe required by applicable law.

8. Security and Storage

We take the security of your personal data seriously and implement industry-standard technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) / HTTPS protocols.
• Encryption at Rest: Sensitive data stored on our servers, including passwords and payment tokens, is encrypted using strong encryption algorithms. Passwords are hashed using bcrypt.
• Access Controls: We implement role-based access controls to ensure that only authorised personnel have access to personal data, and only to the extent necessary for their job functions.
• Infrastructure Security: Our platform is hosted on secure cloud infrastructure with firewalls, intrusion detection systems, and regular security patching.
• Session Security: Server-side session management with secure, HTTP-only session cookies. Sessions are stored in Redis with appropriate expiration policies.
• Multi-Tenant Isolation: The platform implements tenant-level data isolation to ensure that each Band Owner's data (and their Fans' data) is logically separated from other tenants.
• Payment Security: Payment card data is processed and stored by Stripe in compliance with PCI DSS Level 1 standards. GetEventTicket does not store full payment card numbers on its own servers.
• Regular Reviews: We conduct periodic reviews of our security practices and update our measures as appropriate in response to evolving threats.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority as required by applicable law.

9. International Data Transfers

Tyga.Cloud Ltd is based in the United Kingdom. Our servers and service providers may be located in various countries around the world. When you use our Services, your personal data may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country.

Where we transfer personal data outside the United Kingdom or the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws. These safeguards may include:

• Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses and the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as applicable, when transferring personal data to service providers or other recipients outside the UK/EEA.
• Adequacy Decisions: Where the European Commission or the UK Secretary of State has determined that a country provides an adequate level of data protection, we may rely on such adequacy decisions.
• Supplementary Measures: Where necessary, we implement additional technical and organisational measures to ensure that transferred data is protected to a standard essentially equivalent to that provided within the UK/EEA.

Our third-party service providers, including Stripe and Printful, maintain their own data transfer mechanisms and safeguards. We encourage you to review their respective privacy policies for further information.

For more information about the safeguards we have in place for international data transfers, please contact us at dpo@tyga.cloud.

10. EU and UK GDPR Rights

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and the UK GDPR, as applicable.

10.1 Legal Basis for Processing

We process your personal data on the following legal bases:

• Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party (e.g., providing the GetEventTicket platform services, processing your orders, managing your subscription).
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your rights and freedoms. Our legitimate interests include operating and improving our platform, preventing fraud, and ensuring security.
• Consent: Where we rely on your consent as the legal basis for processing (e.g., for marketing communications or non-essential cookies), you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax reporting, responding to lawful government requests).

10.2 Your GDPR Rights

Subject to applicable law, you have the following rights with respect to your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
• Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data we hold about you.
• Right to Erasure ("Right to Be Forgotten"): You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you object to processing based on legitimate interests.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.
• Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will cease processing your data for that purpose immediately.
• Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. GetEventTicket does not currently engage in solely automated decision-making that has legal or similarly significant effects on individuals.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the relevant supervisory authority is the Information Commissioner's Office (ICO) at ico.org.uk.

10.3 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general data retention practices are as follows:

• Active Accounts: We retain account data for as long as your account remains active and for a reasonable period thereafter to allow for reactivation or to fulfil any outstanding obligations.
• Transaction Records: We retain transaction and order data for a minimum of 6 years from the date of the transaction to comply with tax, accounting, and legal reporting requirements under UK law (including HMRC requirements).
• Marketing Data: We retain marketing consent records and email preferences for as long as you remain subscribed. Upon unsubscribing, we retain a suppression record to ensure we do not contact you again.
• Log Data: Server logs and technical data are typically retained for up to 12 months for security, debugging, and analytical purposes, after which they are deleted or anonymised.
• Deleted Accounts: When a Band Owner deletes their account, we will delete or anonymise their personal data and the personal data of their Fans within 90 days, except where retention is required for legal compliance.

10.4 Automated Decision-Making and Profiling

GetEventTicket does not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. We may use automated systems for fraud detection and prevention purposes, but any such systems are subject to human review and do not make final decisions affecting your legal rights.

To exercise any of your GDPR rights, please contact our Data Protection Officer at dpo@tyga.cloud. We will respond to your request within one month. In certain circumstances, we may extend this period by an additional two months, in which case we will inform you of the extension and the reasons for the delay.

11. California CCPA Disclosures

If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. This section supplements the rest of this Privacy Policy and applies solely to California residents.

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers: Name, email address, IP address, account username, postal address, unique personal identifiers.
• Commercial Information: Records of products or services purchased, obtained, or considered, as well as purchasing or consuming histories and tendencies.
• Financial Information: Payment card details (processed by Stripe), billing address, transaction history.
• Internet or Network Activity: Browsing history on our platform, search history, interactions with our Website and Services, log data.
• Geolocation Data: Approximate location derived from IP address.
• Professional or Employment-Related Information: Band name, artist name, genre, and other professional details provided by Band Owners.
• Inferences: Inferences drawn from the above categories to create a profile about you, such as preferences and usage patterns (used solely for improving platform functionality).

11.2 No Sale of Personal Information

GetEventTicket does not sell and has not sold the personal information of its users in the preceding 12 months. We do not sell personal information as defined by the CCPA. We also do not "share" personal information for cross-context behavioural advertising purposes as defined by the CPRA.

11.3 Your California Privacy Rights

As a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business or commercial purpose for collecting it, the categories of third parties with whom we share it, and, if applicable, the categories of personal information sold or disclosed for a business purpose.
• Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions provided by law.
• Right to Correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale or Sharing: As noted above, we do not sell or share your personal information. However, if we were to do so in the future, you would have the right to opt out.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information, if applicable.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA/CPRA rights.

To exercise any of these rights, please contact us at dpo@tyga.cloud or write to us at the address provided in Section 13. We will verify your identity before processing your request and will respond within 45 days as required by the CCPA.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Effective Date" at the top of this page.

For material changes that significantly affect how we process your personal data, we will provide additional notice, such as:

• Displaying a prominent notice on our Website or within the GetEventTicket dashboard
• Sending an email notification to registered Band Owners
• Requiring acknowledgement of the updated policy upon your next login

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should discontinue your use of the Services and contact us to close your account.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data processing practices, or if you wish to exercise any of your rights described in this policy, please contact us:

Data Protection Officer
Email: dpo@tyga.cloud

Tyga.Cloud Ltd
Company No: 14643275
Ground Floor, Unit 2 Mallard Court
Mallard Way, Crewe Business Park
Crewe, Cheshire, England
CW1 6ZQ

We aim to respond to all enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO), which can be contacted at ico.org.uk or by telephone at 0303 123 1113.