Effective Date: January 2026
Contact: support@venuestack.io
1. Introduction
1.1. This Privacy Policy explains how VenueStack (“VenueStack,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when individuals use our websites, business dashboards, customer-facing event pages, ticketing and checkout flows, table reservation flows, ticket download pages, and related services (collectively, the “Services”).
1.2. This Privacy Policy applies to personal information processed through the Services, including information relating to venue operators and staff (“Business Users”) and guests purchasing tickets or making reservations (“Guests”).
1.3. If you do not agree with this Privacy Policy, do not use the Services.
2. Roles and Responsibilities
2.1. VenueStack may process personal information in different roles depending on how the Services are used.
2.2. VenueStack as Controller. When you visit venuestack.io, create a VenueStack account, request support, or otherwise interact directly with VenueStack for our own business purposes, VenueStack typically acts as a “controller” (or equivalent under applicable law).
2.3. VenueStack as Processor or Service Provider. When a venue uses VenueStack to collect Guest information for ticketing, reservations, guest lists, and related operations, the venue typically acts as the “controller” and VenueStack processes that information on the venue’s behalf as a “processor” or “service provider” (or equivalent).
2.4. Venue Policies. Venues may provide their own privacy notices to Guests. Those notices may govern how the venue uses Guest information. This Privacy Policy describes VenueStack’s practices and our processing of data through the Services.
3. Definitions
3.1. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual.
3.2. “Sensitive Information” may include information such as government identifiers, precise geolocation, health information, biometric data, or information about children, as defined under applicable laws.
3.3. “De-identified Information” means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual, and that is maintained in a form that is not reasonably linkable.
4. Information We Collect
4.1. Information You Provide as a Business User.
4.1.1. Account details, such as name, email address, password (stored in hashed form), phone number, and role.
4.1.2. Business details, such as venue name, address, timezone, branding assets, and operational settings.
4.1.3. Event and operational content, such as event details, ticket types, pricing, promotional codes, add-ons, artist/performer information, floor plans, table layouts, minimum spend rules, deposits, and availability settings.
4.1.4. Support and communications, such as messages you send to support and any information you choose to provide in those communications.
4.2. Information Collected About Guests on Behalf of Venues.
4.2.1. Guest identity and contact details, such as name, email address, phone number, and party size.
4.2.2. Order and reservation details, such as tickets purchased, tables reserved, add-ons, promotional codes used, amounts paid, and timestamps.
4.2.3. Guest notes and requests, such as optional special requests entered during checkout or booking, to the extent enabled by a venue.
4.2.4. Entry and check-in data, such as ticket validation status and check-in timestamps, as part of venue operations.
4.3. Information Collected Automatically.
4.3.1. Device and network data, such as IP address, device identifiers, browser type, operating system, and language settings.
4.3.2. Usage data, such as pages visited, clicks, referring pages, session duration, and interactions within the Services.
4.3.3. Log and security data, such as login attempts, authentication events, error logs, and audit trails for administrative actions.
4.4. Information From Third Parties.
4.4.1. Payment-related information from payment processors, such as transaction status, partial payment identifiers, dispute indicators, refunds, chargebacks, and payout confirmations.
4.4.2. Authentication data from single sign-on providers, such as Google, if you choose to use those login methods.
4.4.3. Message delivery information from email or SMS providers, such as delivery status and bounce information.
5. How We Use Personal Information
5.1. We use Personal Information to operate, maintain, and provide the Services.
5.2. We use Personal Information to create and manage accounts, authenticate users, and provide customer support.
5.3. We use Personal Information to facilitate ticket sales, table reservations, order confirmations, refunds, and related transactional activities.
5.4. We use Personal Information to generate and validate tickets and entry credentials, including QR codes and check-in workflows.
5.5. We use Personal Information to enable venue operations, including guest list management, seating management, table availability, and operational reporting.
5.6. We use Personal Information to communicate with users about the Services, including transactional messages such as receipts, confirmations, updates, and security notices.
5.7. We use Personal Information to secure the Services, including preventing fraud, abuse, and unauthorized access, and monitoring for suspicious activity.
5.8. We use Personal Information to improve and develop the Services, including debugging, analytics, performance optimization, and feature improvements.
5.9. We use Personal Information to comply with legal obligations and enforce our agreements and policies.
6. Legal Bases for Processing
6.1. Where required by applicable law, VenueStack relies on one or more legal bases to process Personal Information.
6.2. Contract. We process information as necessary to provide the Services you request and to perform our agreements.
6.3. Legitimate Interests. We process information to secure and improve the Services, prevent fraud, and operate our business, except where such interests are overridden by individual rights.
6.4. Consent. We process information based on consent where required, including for certain optional communications or features.
6.5. Legal Obligation. We process information to comply with applicable laws, regulations, and lawful requests.
6.6. Venue-Directed Processing. Where we process Guest information on behalf of venues, the venue determines the legal basis as controller, and we process that information according to the venue’s instructions and applicable agreements.
7. How We Disclose Personal Information
7.1. We disclose Personal Information only as described in this Privacy Policy or as otherwise permitted by law.
7.2. Venues and Their Authorized Staff. We disclose Guest information to the venue and authorized staff members who need access to fulfill bookings, manage entry, provide guest support, and operate events.
7.3. Service Providers. We disclose Personal Information to vendors who help us provide the Services, such as hosting providers, database providers, analytics providers, customer support tools, email and SMS delivery providers, and payment processors.
7.4. Payment Processors. We disclose information necessary to process payments through third-party processors, which may include providers such as Stripe, Adyen, or PayPal, depending on what a venue or VenueStack enables.
7.5. Legal and Safety. We may disclose information to comply with law, respond to lawful requests, protect rights and safety, investigate fraud, and enforce our terms.
7.6. Business Transfers. We may disclose information in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and security protections.
7.7. Aggregated or De-identified Information. We may disclose aggregated or de-identified information that cannot reasonably identify you.
8. Cookies and Similar Technologies
8.1. We use cookies and similar technologies to provide essential functionality, keep users signed in, maintain preferences, and secure sessions.
8.2. We may use cookies and similar technologies for performance monitoring, analytics, and reliability improvements.
8.3. You can control cookies through browser settings. If you block certain cookies, some features may not work properly, including login and checkout flows.
9. Communications Preferences
9.1. Transactional messages. We may send transactional communications that are necessary to provide the Services, such as purchase confirmations, ticket delivery, booking updates, receipts, password resets, and security alerts.
9.2. Marketing messages. Where permitted, we may send marketing communications about VenueStack. You may opt out by using the unsubscribe method provided in the message or by contacting support@venuestack.io
.
9.3. Venue communications. Venues may send Guest communications using the Services. Those communications are controlled by the venue as the data controller.
10. Payment Information
10.1. Payment transactions are processed by third-party payment processors.
10.2. VenueStack does not store full payment card numbers or full CVV details on VenueStack servers when using hosted or tokenized checkout methods provided by payment processors.
10.3. VenueStack may store transaction records such as order totals, timestamps, fee breakdowns, partial payment identifiers, and payment status to operate the Services, support refunds and disputes, and meet accounting obligations.
11. Ticket Links, QR Codes, and Access Credentials
11.1. Tickets may be accessible via download links, order lookups, or similar methods. Anyone with the relevant access credential may be able to access the associated ticket or order information.
11.2. QR codes and ticket identifiers are used for entry validation and check-in tracking, and check-in events may be logged for operational integrity and audit purposes.
12. Data Retention
12.1. We retain Personal Information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.
12.2. Retention periods vary depending on the type of data and legal requirements, including accounting, tax, dispute, and fraud-prevention obligations.
12.3. Where we process Guest information on behalf of venues, venues may control retention settings or request deletion, subject to applicable law and required recordkeeping.
13. Security
13.1. We implement administrative, technical, and organizational measures designed to protect Personal Information against unauthorized access, loss, misuse, alteration, or disclosure.
13.2. Security measures may include encryption in transit, access controls, least-privilege permissions, monitoring, audit logging, and secure credential handling.
13.3. No security system is impenetrable, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials.
14. International Data Transfers
14.1. VenueStack and its service providers may process and store Personal Information in jurisdictions outside your province, state, or country.
14.2. Where required, we use appropriate safeguards for international transfers, such as contractual protections and other mechanisms recognized under applicable law.
15. Your Rights and Choices
15.1. Depending on your location, you may have rights relating to your Personal Information, such as access, correction, deletion, portability, restriction, or objection.
15.2. Business Users may be able to access, update, or correct certain account information directly in the dashboard.
15.3. To request access, correction, deletion, or portability, contact support@venuestack.io
.
15.4. If you are a Guest, the venue may be the controller of your information. In that case, we may direct you to the venue to submit your request, and we will support the venue in fulfilling requests as required under applicable agreements and law.
15.5. We may need to verify your identity before fulfilling certain requests, and we may deny requests where permitted by law, including where we must retain information for legal compliance or security.
16. Region-Specific Disclosures
16.1. California. VenueStack does not sell Personal Information for money. If we engage in processing that qualifies as “sharing” under California law for cross-context behavioral advertising in the future, we will provide opt-out mechanisms as required.
16.2. EEA/UK. Where applicable, you may have the right to lodge a complaint with a supervisory authority, in addition to the rights described in Section 15.
16.3. Canada. VenueStack processes Personal Information in accordance with applicable Canadian privacy principles and requirements, including consent and reasonable purposes, where applicable.
17. Children’s Privacy
17.1. The Services are not directed to children under 13, or under a higher minimum age where required by local law.
17.2. We do not knowingly collect Personal Information from children without appropriate authorization.
17.3. If you believe a child has provided Personal Information, contact support@venuestack.io
so we can review and take appropriate action.
18. Third-Party Services and Links
18.1. The Services may integrate or link to third-party services, including payment processors and messaging providers.
18.2. Third-party services operate under their own privacy practices, and we encourage you to review their policies.
19. Changes to This Privacy Policy
19.1. We may update this Privacy Policy from time to time.
19.2. When we update it, we will revise the “Effective Date” at the top of this Privacy Policy.
19.3. If changes are material, we may provide additional notice through the Services where appropriate.
20. Contact Us
20.1. For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact support@venuestack.io