Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 1, 2026

Applies to: Buyers, Organizers, Visitors

This Privacy Policy explains how LipaTix (“we”, “us”, “our”) collects, uses, shares, and protects your personal data when you use our website and services. By accessing or using LipaTix, you agree to the practices described here.

Quick summary (human version): We collect the minimum data needed to sell and validate tickets, run payments, prevent fraud, and support users. We don’t sell your personal data. We share only what’s necessary with organizers (for your event), payment providers (to process the payment), and service providers (to run the platform).

1. Introduction

This policy covers how personal data is handled when you: browse the site, create an account, list events as an organizer, purchase tickets, receive emails/SMS, or contact support.

We aim to follow applicable Kenyan data protection requirements and good security practice. If you use LipaTix from outside Kenya, local laws may also apply.

Definitions: “Personal data” means information that can identify you directly (like your name) or indirectly (like a device ID + activity). “Processing” means collecting, storing, using, sharing, or deleting it.

2. Information We Collect

2.1 Information you provide directly

We collect information you submit when registering, checking out, contacting support, or interacting with organizers.

Category	Examples	Why we collect it
Identity & Profile	Full name, username, account type (buyer/organizer)	Create your account, display tickets correctly, prevent impersonation
Contact	Email, phone number	Ticket delivery, event updates, security alerts, support
Purchase & Ticket	Order details, ticket type, quantities, QR/unique ticket codes	Generate tickets, validate entry, handle disputes and refunds when applicable
Communications	Support messages, complaints, feedback, organizer-buyer messages (where supported)	Resolve issues, improve service quality, prevent abuse
Organizer Data	Business name, payout info (where applicable), event details	Publish events, manage payouts, comply with verification requirements

Accuracy: You are responsible for providing correct details. Wrong email/phone can mean missed tickets and missed updates.

2.2 Information collected automatically

When you use the website, some data is collected automatically to keep the platform fast and safe.

Device & technical: IP address, browser type/version, device type, operating system, referrer URL
Usage: pages viewed, clicks, session duration, navigation paths
Approximate location: based on IP (not precise GPS)
Security logs: login attempts, suspicious behavior flags, error logs
Cookies/local storage: session identifiers and preference settings

Why this matters: it helps us detect fraud, stop bots, troubleshoot issues, and improve the checkout experience. Without some of this, the site becomes easier to attack and harder to maintain.

3. How We Use Your Information

We use your data for specific purposes tied to running the ticketing service.

Account & access: create accounts, authenticate logins, prevent unauthorized access
Ticketing: process orders, generate tickets/QR codes, deliver tickets, validate entry
Payments: confirm transactions, record payment references, issue receipts
Support: respond to requests, resolve disputes, investigate issues
Platform security: detect fraud, abuse, unusual logins, and attempted attacks
Service improvement: performance monitoring, bug fixes, UX improvements
Legal compliance: accounting/tax records, responding to lawful requests
Marketing (optional): only where allowed or where you can opt out

We do not sell your personal data. If anyone tells you otherwise, they’re either lying or confusing us with shady apps.

3.1 Legal basis (plain-language)

We typically process data because it’s necessary to deliver the service (tickets, payments, entry validation), meet legal obligations, and keep the platform secure.

4. Payments & Financial Data

4.1 Payment processing

Payments are handled via third-party payment providers. These providers process payment details securely. LipaTix stores only the information needed to confirm and support a transaction.

4.2 What we keep (and what we don’t)

We keep: transaction reference, status, amount, timestamp, method type (e.g., M-Pesa/Card)
We do NOT keep: full card numbers, CVV, M-Pesa PIN, passwords

4.3 Fraud prevention

We may use transaction data and basic device signals to detect suspicious activity (e.g., repeated failed payments, unusual location changes, rapid checkout attempts).

5. Email & Communication

5.1 Service messages you will receive

Some communication is essential and cannot be opted out of if you want tickets to actually reach you.

Type	Examples	Opt out?
Transactional	Ticket delivery, receipts, event updates you purchased	No (required)
Security	Password reset, suspicious login alerts	No (required)
Legal / policy	Important policy changes, system notices	No (required)
Marketing	Promotions, newsletters, event recommendations	Yes

5.2 Marketing preferences

Where marketing messages are used, we include an unsubscribe option. You can also request removal by contacting support. Opting out of marketing does not stop ticket emails and essential service messages.

6. Cookies & Tracking

6.1 What cookies are

Cookies are small files that help websites remember session information and preferences.

6.2 What we use cookies for

Essential: session login, cart/checkout continuity, CSRF/security protection
Performance: page speed and error detection
Security: bot detection and abuse prevention
Analytics (optional): understanding what pages are used most so we can improve them

6.3 Managing cookies

You can disable cookies via your browser settings. If you do, parts of the site (like login and checkout) may stop working properly. That’s not a threat, it’s just how websites function.

7. Data Sharing

We share data only when needed to deliver the service or comply with legal requirements.

Who we share with	What may be shared	Why
Event organizers	Buyer name, ticket type, ticket codes/QR validation info, contact details where necessary	Entry validation, attendee management, event updates
Payment providers	Payment details (processed by them), references returned to us	Process and confirm transactions
Email/SMS providers	Email/phone and message content required for delivery	Send tickets, updates, alerts
Service providers	Limited technical data needed to host/maintain the platform	Hosting, monitoring, maintenance, backups
Legal authorities	Only what is required by lawful request	Compliance with law and lawful investigations

Data minimization: We share the minimum necessary data for the task. Third parties must protect it and use it only for the purpose we specify.

8. Data Storage & Security

8.1 Security measures

Encryption in transit: HTTPS (SSL/TLS) where supported
Access control: restricted access to systems and databases
Monitoring: logging, alerts, and abuse detection
Updates: security patches and maintenance
Backups: backups for recovery and continuity

8.2 Your role in security

You’re responsible for keeping your login credentials private. Don’t share passwords, don’t reuse weak passwords, and don’t forward tickets publicly unless you enjoy chaos.

8.3 Data breach handling

If we discover a security incident that may impact your personal data, we will take steps to contain it, investigate, and notify affected users where appropriate.

9. Data Retention

We keep data only as long as needed for operations, legal obligations, and dispute resolution.

Data type	Typical retention	Reason
Account data	While active + limited period after inactivity	Support, security, account recovery, compliance
Transaction records	Up to 7 years	Legal, accounting, tax obligations
Ticket & entry validation data	Usually 2 years after event	Disputes, fraud prevention, audit trails
Logs	Typically up to 12 months	Security investigations, debugging

After retention ends, data is deleted, anonymized, or securely archived where legally required.

10. Your Rights

You may have rights over your personal data, including:

Access: request a copy of your data
Correction: fix inaccurate data
Deletion: request deletion (subject to legal/transaction obligations)
Restriction: limit processing in some cases
Objection: object to certain processing such as marketing
Withdrawal of consent: where processing is based on consent

10.1 How to request

Contact us using the details in Section 15. To protect users, we may request identity verification before fulfilling certain requests (especially access/deletion).

Important: If you request deletion of data tied to paid transactions, we may retain minimal records required by law, accounting, or fraud prevention.

11. Third-Party Links

Our platform may link to third-party sites (venue pages, sponsor pages, social media, maps). We do not control those sites. Check their privacy policies before providing personal data.

12. Children’s Privacy

LipaTix is not intended for individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us and we will take steps to delete it where appropriate.

For age-restricted events, organizers/venues are responsible for verifying age at entry. LipaTix does not perform ID checks at signup.

13. Policy Changes

We may update this policy to reflect changes in platform features, security practices, or legal requirements. When we update it, we revise the “Last Updated” date at the top.

Minor wording changes may be made without special notice.
Material changes may be highlighted on the website and/or emailed to registered users.

14. Governing Law

This policy is governed by the laws of Kenya. Any disputes related to privacy/data handling will be handled under Kenyan jurisdiction, subject to applicable legal processes.

15. Contact Information

If you have privacy questions or want to exercise your rights, contact us:

Method	Details	Typical response
Email	info@lipatix.com	Within 48 hours
Phone / WhatsApp	+254 140 137 325	Within 24 hours (WhatsApp), business hours (calls)
Phone / WhatsApp	+254 700 800 275	Within 24 hours (WhatsApp), business hours (calls)
Postal	Data Protection Officer, LipaTix, P.O. Box 6-60100, Embu, Kenya	7–10 business days

15.1 Complaints

If you believe your privacy concern was not resolved, you may lodge a complaint with the Office of the Data Protection Commissioner in Kenya.