This Privacy Policy explains how AFICH collects, uses, shares, and retains personal information when you use AFICH websites, apps, checkout, ticketing, organizer, scanner, support, and related services. It is written from current backend behavior for users in the United States, California, and the European Union. It is not a promise that every future feature or every organizer's independent practice is covered without review.
We collect account and profile information such as name, email address, phone number, password credentials, age confirmation, privacy consent status, marketing preferences, organizer profile data, event content, uploaded media, support messages, refund requests, and other information you submit. Buyers may also provide attendee, ticket-transfer, guest-checkout, billing-contact, and delivery information.
We collect operational and security data such as IP address, user agent, device and session information, authentication events, scanner device identifiers or hashed fingerprints, ticket scans, check-in metadata, audit logs, purchase attempts, fraud signals, rate-limit and reCAPTCHA results, webhook and provider events, payment references, refunds, disputes, payout and settlement records, and error-monitoring data. We do not store full card numbers when payment card entry is handled by Stripe-hosted Elements or Checkout.
Data Accessed: If you choose Sign in with Google, AFICH receives a Google Identity Services credential and verifies it with Google. The Google user data AFICH accesses for this sign-in flow is limited to your verified email address, Google email-verification status, Google account identifier contained in the credential, and profile name fields (name, given name, family name) when Google provides them. AFICH does not request Gmail, Google Drive, Google Calendar, Contacts, or other Google API content for this sign-in flow, and does not store the raw Google credential as a long-term record. Data Usage: AFICH uses Google sign-in data to create or find your AFICH account, verify that the email belongs to you, issue AFICH session cookies, apply consent and age gates, protect the login flow with reCAPTCHA and rate limits, detect duplicate or abusive account activity, and support account security. AFICH does not use Google user data for advertising or sell Google user data. Data Sharing: AFICH does not share the raw Google credential with event organizers or other third parties. Stored AFICH account fields derived from Google sign-in may be processed by hosting, security, monitoring, support, email delivery, and legal/compliance providers as needed to operate AFICH, and may be disclosed if required by valid legal process. Event organizers may see ordinary account or attendee fields you choose to provide through ticketing flows, but they do not receive your raw Google credential. Data Storage and Protection: Google-derived account fields are protected using the same safeguards described in this policy, including TLS, access controls, audit logging, least-privilege staff access, session controls, rate limits, and abuse monitoring. AFICH stores only the minimum account fields needed to operate authentication and account records. Data Retention and Deletion: Google-derived account fields are retained while your AFICH account remains active and as needed for security, dispute, legal, tax, accounting, fraud-prevention, and compliance purposes. If you delete your AFICH account or submit a verified deletion request to privacy@afichtickets.com, profile fields derived from Google sign-in are anonymized or removed as part of the account-deletion process, while transaction, payment, refund, dispute, tax, accounting, fraud-prevention, and legal records may be retained as described in Data Retention. AFICH's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We use personal information to create and secure accounts, process checkout, issue tickets, support transfers and resale when enabled, run check-in and scanner workflows, process refunds and disputes, manage organizer dashboards and payouts, send transactional notices, provide support, detect fraud and abuse, enforce purchase limits and platform rules, maintain audit and accounting records, comply with legal obligations, improve reliability, and operate integrations configured for the service.
Marketing email or newsletter messages are optional and separate from transactional, security, ticket, refund, and event-operation messages. You can unsubscribe or change preferences using account settings, email links, or by contacting AFICH. We may still send non-marketing messages that are necessary to provide the service or comply with law.
AFICH does not sell personal information. We share data when needed to operate the platform with event organizers, payment providers such as Stripe or configured local payment providers, banking and payout providers, email/SMS providers, cloud hosting and storage providers, reCAPTCHA and anti-abuse services, error monitoring and analytics providers, support tools, configured integrations or webhooks, professional advisors, and lawful authorities when required or appropriate. Organizers may receive buyer, order, attendee, refund, and check-in information needed to run their events.
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port your personal information, and to withdraw consent where consent is the legal basis. EU/UK-style data subject requests are generally answered within one month and may be extended by up to two additional months for complex or numerous requests. California requests are generally answered within 45 calendar days and may be extended by another 45 days with notice. We may verify your identity and may keep information when required for transactions, accounting, tax, security, fraud prevention, disputes, or legal obligations.
We keep account data while the account is active or as needed to operate the service. Account deletion anonymizes profile fields, disables the account, revokes sessions, and removes device tokens, while preserving transaction, payment, refund, dispute, payout, settlement, tax, accounting, fraud, and legal records when retention is required. Transaction and financial records may be retained for up to 7 years or longer where law, disputes, audits, or payment-provider rules require. Raw check-in metadata can be anonymized through the ticketing retention cleanup process. Signup sessions are short-lived operational records and should not be treated as long-term consent evidence.
AFICH uses technical and organizational measures such as TLS, password hashing, optional two-factor authentication, role-based access controls, audit logging, rate limits, reCAPTCHA, signed webhooks, idempotency controls, device and scanner trust signals, rotating ticket validation tokens, backup or snapshot processes, and fraud-review workflows. Backend Sentry is configured not to send default PII, and frontend monitoring includes limited redaction for token-like URL data; however, Replay or future monitoring configuration must be reviewed before making broader privacy-redaction claims. No platform can guarantee perfect security.
AFICH and its providers may process data in the United States and other countries where our service providers operate. When transfer rules apply, AFICH relies on appropriate safeguards such as provider contracts, standard contractual clauses, data-protection terms, or other lawful transfer mechanisms available for the provider and region.
AFICH is not directed to children under 13. AFICH may also require users to confirm they are old enough to use the service and enter binding agreements. If you believe a child under 13 provided personal information to AFICH, contact privacy@afichtickets.com so we can review and take appropriate action.
We may update this Privacy Policy to reflect changes in backend behavior, providers, legal requirements, or product features. Material changes will be posted on this page and, when appropriate, communicated through the service.
To exercise privacy rights or ask questions about this policy, contact AFICH.