Privacy Policy

1. Who We Are

Pactd is a grassroots live music ticketing and discovery platform. Our mobile app and website connect fans with independent artists, venues, and promoters to help make live music happen.

For the purposes of UK GDPR and the EU General Data Protection Regulation, Pactd is the data controller for the personal data collected through our services.

If you have any questions about this policy or how we handle your data, please contact us at privacy@pactd.app.

2. Data We Collect

Account information

When you register for a Pactd account, we collect:

• Your name and email address
• A password (stored in encrypted form — we never see your plaintext password)
• Your profile photo if you choose to add one
• Whether you are registering as a fan or an event organiser

Event and ticket data

When you buy, sell, or manage tickets through Pactd, we collect:

• Details of events you have purchased tickets for
• Details of events you have created as an organiser
• QR codes associated with your tickets
• Ticket scanning activity (time and outcome of each scan)

Payment information

When you purchase a ticket, payment is handled by our third-party payment processor. We do not store full card numbers or sensitive payment details on our servers. We retain transaction records including the amount paid, currency, and transaction ID for accounting and dispute-resolution purposes.

Location data

With your permission, we use your device's location to show you nearby events. You can revoke location access at any time in your device settings. If you decline, you can still search for events by city or postcode manually.

Device and usage data

We automatically collect certain technical information when you use our app or website, including:

• Device type, operating system, and app version
• IP address and general location (country/city level, derived from IP)
• Pages or screens viewed and features used
• Crash reports and error logs to help us diagnose problems
• Referral source (how you found Pactd)

Preferences and activity

To personalise your experience, we record:

• Venues and artists you follow or favourite
• Event categories and genres you engage with
• Notification preferences

Communications

If you contact us for support, we retain those communications to help us resolve your issue and improve our service.

3. How We Use Your Data

We use the data we collect to:

• Create and manage your account
• Process ticket purchases and payouts to organisers
• Display nearby and relevant events based on your location and preferences
• Send event reminders (24 hours and 2 hours before a gig you have a ticket for)
• Notify you about changes to events you are attending or following
• Enable organisers to scan and validate tickets at the door
• Detect and prevent fraud and abuse
• Improve the app, fix bugs, and develop new features
• Comply with our legal obligations

We do not use your data to serve you third-party advertising. We do not sell your personal data to any third party.

4. Legal Basis for Processing

We rely on the following legal bases to process your personal data:

• Contract — processing necessary to provide the Pactd service you signed up for, including account management, ticketing, and notifications.
• Legitimate interests — improving our service, preventing fraud, and keeping our platform secure, where these interests are not overridden by your rights.
• Consent — for location access and any optional marketing communications. You can withdraw consent at any time.
• Legal obligation — retaining financial records and complying with applicable law.

5. Who We Share Data With

We do not sell your personal data. We share data only where necessary to operate our service:

Event organisers

When you purchase a ticket, the event organiser receives your name and the number of tickets you hold — the minimum needed to manage attendance. Organisers do not receive your email address, payment details, or any other account data unless you choose to share them directly.

Payment processors

We use third-party payment processors to handle transactions securely. These processors handle your payment card data under their own privacy policies and are certified to industry security standards (PCI-DSS).

Service providers

We use trusted third-party services to help run Pactd, including cloud hosting, push notification delivery, analytics, and crash reporting. These providers act as data processors and are contractually required to protect your data and use it only as we instruct.

Legal requirements

We may disclose your data if required to do so by law, court order, or to protect the rights, property, or safety of Pactd, our users, or others.

Business transfers

In the event of a merger, acquisition, or sale of our business, your data may be transferred to the new owner. We will notify you before your data becomes subject to a different privacy policy.

6. Data Retention

We keep your personal data for as long as your account is active, and for a reasonable period afterwards in case you wish to reactivate. When you delete your account, we delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or financial compliance (for example, we retain transaction records for six years in line with standard accounting requirements).

Anonymised or aggregated data that cannot identify you may be retained indefinitely for statistical and analytical purposes.

7. Your Rights

Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data ("right to be forgotten"), subject to our legal obligations.
• Restriction — ask us to pause processing of your data in certain circumstances.
• Portability — receive your data in a structured, commonly used, machine-readable format.
• Object — object to processing based on legitimate interests, including profiling.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@pactd.app. We will respond within one month. You also have the right to lodge a complaint with a supervisory authority — the Information Commissioner's Office (ICO) in the UK, or the Data Protection Commission in Ireland.

8. Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted password storage, and access controls that limit who within our team can access personal data.

No system is completely secure. If you suspect your account has been compromised, please contact us immediately at privacy@pactd.app.

9. Children

Pactd is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app or by email before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

Continued use of Pactd after the effective date of any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

• Email: privacy@pactd.app

We aim to respond to all privacy-related enquiries within 5 working days.