language
Effective Date: 7Apr2026
This Privacy Policy describes how XTIX collects, uses, and shares personal information of users interacting with our websites (https://xtix.ai and https://xtix.live), mobile applications, widgets, and related services (collectively, the “Services”). By accessing or using these Services, you acknowledge agreement to the practices described.
XTIX’s mission is providing a secure platform for event organization and ticket distribution. The company acts primarily as a data processor with respect to personal data collected on behalf of Event Organizers, who serve as data controllers determining which data is collected and how it’s used.
This Policy applies to personal data collected through XTIX’s websites, including:
· https://xtix.ai — the Organizer dashboard and ticketing service, used by Event Organizers to create, manage, and sell tickets for their events
· https://xtix.live — the Fan-facing event discovery and ticket purchase marketplace, used by Fans to browse events and purchase tickets
as well as our mobile applications, widgets, and related services.
The Platform serves three user types:
· Event Organizers (Business Users) creating and managing events
· Fans browsing events and purchasing tickets
· Partners/Distributors assisting with marketing or distribution
XTIX does not participate in the negotiation or formation of contracts between Event Organizers and Ticket Buyers. The Platform provides a transactional interface where organizers and buyers connect directly. Any resulting agreement occurs between parties, not with XTIX.
· Facilitates event listings, ticketing functionality, and payment processing
· Does not act as agent or representative of Event Organizers
· Does not determine pricing, seat availability, or contractual obligations
Account and Profile Information
Business users provide company name, contact person details, email, and legal information. Individual users provide email addresses and optional information during account setup.
Contact Information
Email addresses, phone numbers, and mailing addresses collected during account setup, ticket purchase, or other Platform interactions.
Payment Details
XTIX does not store credit card numbers, billing addresses, or financial information on its servers. Third-party providers (Stripe, Unlimit, Airwallex, Xendit) handle payment processing. Only transaction status information is received.
Event Details
Event Organizers provide venue and schedule information. Ticket Buyers provide information required for ticketing — typically name, phone number, and email address — varying based on Organizer needs.
Organizer-Defined Fields
The Event Organizer determines which data fields are required on tickets or registration forms. While typically name, phone, and email are collected, Organizers may request additional information including T-shirt size, dietary preferences, emergency contacts, accessibility needs, professional affiliations, government-issued identification, photographs, or social media links.
XTIX does not control, review, or dictate the content of these additional fields.
Support Requests
Information included in support requests is collected to address questions or issues appropriately.
IP Address and Device Information
IP addresses, operating systems, browser types, device identifiers, and technical details are collected to ensure security and proper Service functioning.
Usage Data
Interactions tracked include pages viewed, time spent, and navigation patterns. We use the following analytics and tracking tools:
· Google Analytics 4 (GA4) — on both https://xtix.ai and https://xtix.live — to measure site usage, page views, and user journeys
· Google Tag Manager (GTM) — on both https://xtix.ai and https://xtix.live — to manage and deploy analytics and marketing tags
Event Interaction Data (xtix.live)
On https://xtix.live, we collect event-level interaction data to understand how Fans discover and purchase tickets. This includes:
· Event page views (view_event_page)
· Checkout initiation (begin_checkout)
· Completed purchases (purchase)
This data may include non-personally-identifiable information such as event ID, ticket type, and transaction value. It is collected through GA4 and may be shared with advertising platforms (such as Meta) for ad measurement purposes, subject to your cookie consent preferences.
Essential Cookies: Required for Platform functionality (session cookies, CSRF protection, cookie consent preferences)
Analytics Cookies: Gather usage statistics and improve performance (Google Analytics 4)
Marketing Cookies: Used by advertising platforms for ad targeting and measurement:
· Meta (Facebook) Pixel — installed on https://xtix.live — tracks visits and conversions for ad targeting and campaign measurement
· Google Tag Manager — manages the deployment of marketing tags on both domains
Cookie Consent: On https://xtix.live, we use CookieYes as our cookie consent management platform to allow you to manage your cookie preferences in compliance with applicable data protection laws. For full details, see our Cookies Policy.
Contact details such as email addresses may be used to send relevant event recommendations and promotional content based on Platform activity. These communications can be opted out of anytime.
· Create, manage, and maintain user accounts
· Process and confirm ticket purchases
· Facilitate event organization for business users
· Send transactional emails (confirmations, updates)
· Respond to inquiries and provide customer support
· Send marketing communications if opted in
· Understand user interactions with Services
· Personalize user experience
· Enhance Platform functionality
· Measure the effectiveness of advertising campaigns through Meta Pixel and GA4 conversion tracking on https://xtix.live
· Create audiences for targeted advertising based on event page interactions (subject to cookie consent)
· Optimize ad delivery for event promotion
· Monitor, detect, and prevent fraud or unauthorized access
· Comply with legal obligations and respond to lawful requests
· Process and resolve refund requests, including where XTIX reviews and determines refund outcomes on behalf of non-responsive Organizers, as described in the Terms of Service and Organizer Services Agreement
· Communicate with Fans and Organizers regarding refund status and determinations
Email addresses and contact details may be used to send promotional communications about other events or features. Users can opt out of such communications at any time by clicking the “unsubscribe” link in the message or contacting us at [email protected].
Where required by law (GDPR), XTIX relies on specific legal grounds:
· Consent: Users voluntarily submit information or opt into marketing; cookie consent managed via CookieYes
· Contract Performance: Data processing needed to perform contracts (ticket sales, refund processing)
· Legitimate Interests: Maintain/improve Services, ensure security, develop features, resolve disputes, prevent chargebacks
· Legal Obligations: Comply with applicable laws and regulations
XTIX does not sell personal data to third parties but may share data in these circumstances:
Third parties supporting operations include: - Payment processors (Stripe, Unlimit, Airwallex, Xendit) - Analytics providers (Google Analytics 4) - Tag management (Google Tag Manager) - Advertising platforms (Meta/Facebook Pixel) - Cookie consent management (CookieYes) - Marketing services (Unisender, MailGun) - CRM tools (Intercom, HubSpot) - Scheduling tools (Calendly, Reclaim.ai)
Service Providers are contractually obligated to protect data and use it solely as specified by XTIX per applicable data protection laws.
When registering or purchasing event tickets, personal data such as name, email, and requested fields are collected and stored on XTIX systems, made available to respective Event Organizers.
The Organizer acts as primary data controller determining collected data fields and purposes. XTIX acts as technical facilitator of data collection/transmission and may act as joint controller for hosting, security, and regulatory compliance.
XTIX stores data on behalf of Organizers applying appropriate technical/organizational measures. However, XTIX does not determine the purposes or means of processing once the data is accessed or exported by the Organizer.
XTIX is not responsible for the Organizer’s handling of your personal data once it has been accessed or exported through the Platform.
Data such as names or phone numbers collected by Organizers for specific purposes — including marketing — may allow opt-out if not necessary for ticketing. XTIX encourages Organizers requesting only strictly necessary and lawful data.
Personal data may be disclosed if required by law, legal process, or governmental requests.
During mergers, acquisitions, or asset sales, user data may transfer to acquiring entities subject to appropriate confidentiality safeguards.
XTIX infrastructure and data are hosted in the European Union (Ireland). Payment processing for EU/UK transactions is handled by Stripe and Unlimit, both of which process data within the EEA.
For users in Indonesia, data may be processed locally through Xendit in accordance with Indonesian data protection laws.
Where cross-border data transfers occur, appropriate safeguards are implemented including:
· Standard Contractual Clauses approved by relevant authorities
· Data Processing Agreements with specific protection provisions
· Adherence to international data protection frameworks
Personal data is retained only as necessary for Policy-outlined purposes:
Account Information: Retained until user requests deletion or account termination. Inactive accounts may be deleted after 24 months of inactivity.
Transaction Records: Information related to purchases/transactions retained for 7 years for tax, accounting, and legal compliance.
Marketing Data: Retained until unsubscribe or deletion request if opted into marketing communications.
Usage Data: Anonymized usage data may be retained indefinitely for analytical purposes.
Upon receiving verified deletion/anonymization requests, XTIX acts within 30 days provided such deletion doesn’t conflict with lawful obligations like tax or record-keeping requirements.
Depending on jurisdiction, users may have rights regarding personal data:
Access and Portability: Request a copy of personal data we hold about you in a machine-readable format.
Rectification: Request corrections to inaccurate or incomplete data.
Deletion: Request deletion of personal data where legally applicable.
Restriction or Objection: Ask to limit or stop certain processing types.
Consent Withdrawal: If you previously gave consent, you can withdraw it at any time by emailing [email protected] with “Withdraw Consent” in the subject line.
Cookie Preferences: You can manage your cookie preferences at any time through the CookieYes consent tool available on both https://xtix.ai and https://xtix.live, or through your browser settings.
Users have rights to opt out of marketing communications anytime using unsubscribe links or contacting the company. This doesn’t affect transactional or event-related messages.
To exercise rights: 1. Contact support team at [email protected] 2. Provide sufficient identification information 3. Clearly specify relevant information or processing
XTIX responds to legitimate requests within 30 days, sometimes requiring additional identity verification information.
XTIX employs various security measures:
Encryption: All passwords are stored using bcrypt with salt, and sensitive data is encrypted at rest using AES-256 encryption. Communications between devices and servers use SSL/TLS encryption.
Access Controls: Role-based access control (RBAC) and API keys restrict unauthorized access. Only authorized personnel access personal data.
Regular Security Audits: Internal and external system/process reviews identify and address potential vulnerabilities.
Employee Training: Team members receive regular data protection and security training.
Incident Response Plan: Procedures exist for handling data breaches promptly and effectively.
Upon data breach or security incident:
Investigation: We will promptly assess the scope of the breach, identifying compromised data or system vulnerabilities within 24 hours of discovery.
Containment and Remediation: Isolate affected systems, reset credentials if necessary, reinforce security barriers preventing further unauthorized access.
Notification: Where legally required (GDPR’s 72-hour rule for EU residents or Indonesia’s data protection laws), appropriate regulatory authorities are notified including Indonesia’s data protection authority or Information Commissioner’s Office (ICO) for UK users. Affected users are informed without undue delay with information about:
· Breach nature
· Affected data categories
· Likely breach consequences
· Measures taken/proposed addressing the breach
· Further inquiry contact information
Follow-Up: All incidents are documented with post-breach reviews improving security posture preventing future occurrences.
The Platform is not intended for independent use by anyone under 18. Per Section 6.2 of Terms of Service, users 13-17 may use the Platform only with parent/legal guardian involvement and consent. “Involvement” means the parent/guardian:
1. Reviews and approves registration
2. Controls Platform use
3. Is responsible for user actions
XTIX doesn’t knowingly collect data from users under 13. If discovery occurs that a child under 13 registered or provided personal information without parental consent, such information is promptly deleted. While age verification beyond self-reported information doesn’t occur actively, parents/guardians are encouraged monitoring children’s online activities.
Parents/guardians believing their child improperly provided personal information should contact [email protected] for prompt appropriate action.
Services may contain links/integrations to third-party websites including: - Google Maps for location services - Calendly and Reclaim.ai for scheduling - Intercom and HubSpot for customer support/relationship management - Social media platforms for sharing/integration
XTIX is not responsible for the privacy practices or content of these sites. Users are encouraged reviewing privacy policies of third-party services accessed through the Platform.
XTIX may update or modify the Policy. When doing so, the company will: - Revise “Last Updated” date - Post notice on website for significant changes - Send email notifications to registered users for material changes
Continued Service use after updated versions signifies acceptance of changes. Users are recommended checking the Policy periodically for informed data practice understanding.
For questions/concerns about the Policy or exercising data protection rights:
Email: [email protected]
For EEA, Switzerland, or UK residents:
Data Controller: XTIX is the data controller for collected personal data through Services.
Supervisory Authority: Residents have rights lodging complaints with local data protection authorities if unsatisfied with company responses.
Data Transfer Mechanisms: For data transfers outside EEA, Switzerland, or UK, appropriate safeguards including European Commission-approved Standard Contractual Clauses are implemented.
California residents may have additional rights under California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
· Right to know collected personal information
· Right to request personal information deletion
· Right to opt-out of personal information sale or sharing
· Right to limit sensitive personal information use
For exercising these rights, contact the company using Section 15 details.
Additional region-specific supplements may be provided based on user service locations.
Residents in jurisdictions with specific data protection laws (Brazil’s LGPD, Canada’s PIPEDA) may have additional rights/provisions. Contact [email protected] for local law rights information.
For most event-involving transactions, the Event Organizer is the data controller, and XTIX acts as a data processor. For understanding personal data processing for specific events, contact respective Organizers responsible for managing and determining processing scope.
END OF DOCUMENT