Draft notice for business and attorney review. This draft is styled as a formal legal document and should be reviewed by qualified counsel before publication. Last updated: March 15, 2026.
This Privacy Policy (the "Privacy Policy") describes how FestAxis LLC ("FestAxis," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes Personal Information in connection with the FestAxis platform, festaxis.com, associated subdomains, organizer microsites, public event pages, external-user workflows, and related products and services (collectively, the "Service"). This Privacy Policy also explains the rights and choices that may be available to individuals whose Personal Information is processed through the Service.
This Privacy Policy is intended to function as a formal privacy notice. It should be read together with the FestAxis Organizer Terms of Use, the FestAxis Customer Terms of Use, any event-specific disclosures published by the applicable Organizer, and any additional notices or contractual documents that govern a particular product, integration, or enterprise deployment.
This Privacy Policy applies to Personal Information processed by FestAxis in connection with the operation, provision, administration, security, support, and improvement of the Service.
This Privacy Policy applies whether Personal Information is collected directly from an individual, submitted by an Organizer, generated through use of the Service, received from integrated service providers, or otherwise made available to FestAxis in connection with an event, transaction, account, or support interaction.
This Privacy Policy applies to the following categories of individuals:
Individuals, businesses, nonprofits, agencies, clubs, and other entities that establish organizer-side accounts, subscribe to FestAxis plans, create or administer events, invite staff, configure operational tools, or otherwise use the organizer-facing portions of the Service.
External users of FestAxis-powered event experiences, including ticket purchasers, registrants, attendees, vendors, exhibitors, applicants, sponsors, and similar participants who create non-organizer accounts, submit forms, upload materials, purchase admissions, reserve inventory, or otherwise interact with public-facing event pages or workflows.
Individuals who browse festaxis.com, event microsites, or related pages without creating an account or completing a transaction.
This Privacy Policy does not apply to third-party websites, applications, integrations, or services that are not owned or controlled by FestAxis, even if linked from or made accessible through the Service. Such third parties remain subject to their own privacy notices, terms, and practices.
FestAxis generally acts as an independent controller with respect to Personal Information relating to organizer account creation, subscription administration, account security, billing records, support communications, product analytics derived from operation of the Service, compliance administration, and other business records FestAxis maintains for its own legitimate business purposes.
When an Organizer uses the Service to collect, store, organize, review, or otherwise manage Personal Information concerning Customers or other event participants, FestAxis generally acts as a processor, service provider, or comparable role on behalf of the Organizer, subject to applicable law and any additional contractual arrangements between FestAxis and the Organizer.
In that context, the applicable Organizer generally determines the purposes of collection, the event-specific content displayed to the public, the categories of information requested from Customers, the lawfulness of collection and use, and the event-specific disclosures, permissions, policies, and retention choices applicable to the event.
Payment card information is processed directly by Stripe or another payment processor expressly approved by FestAxis for an enterprise deployment. FestAxis does not receive or store full payment card numbers, full magnetic-stripe data, CVV values, or equivalent sensitive authentication data on FestAxis servers.
Each Organizer is responsible for: (a) establishing and documenting an appropriate lawful basis for processing Customer and participant information where required by law; (b) providing event-specific privacy disclosures and consents where required; (c) honoring applicable rights requests directed to the Organizer; and (d) using the Service in a lawful manner consistent with the FestAxis Organizer Terms of Use and applicable law.
Where FestAxis acts on behalf of an Organizer, FestAxis may assist the Organizer with rights requests, deletion workflows, exports, or other privacy-related administration to the extent commercially reasonable, technically feasible, and consistent with applicable law, system architecture, security requirements, and the information available within the Service.
FestAxis may collect Personal Information provided directly by Organizers, Customers, and Visitors, including the categories listed below.
Name, email address, username, password, organization name, business contact details, account role, permissions, and similar registration or profile information.
Event names, dates, times, venues, schedules, layout information, ticket classes, vendor categories, maps, branding assets, pricing details, inventory settings, operational notes, credentialing information, staffing assignments, and related event-configuration content submitted by Organizers or authorized team members.
Purchaser name, attendee or registrant name, email address, optional phone number where collected, ticket selections, order details, reservation data, application selections, registration responses, and related transactional records.
Business names, owner or contact names, email addresses, phone numbers, mailing or business addresses where submitted, tax or permit-related information where required by an Organizer, uploaded forms, insurance certificates, menus, photos, booth preferences, application responses, and other materials submitted in connection with participation in an event.
Names, business contact details, permissions, invitation records, and audit records associated with staff, volunteers, contractors, collaborators, and similar users invited into organizer-controlled workflows.
Messages sent to FestAxis, support tickets, dispute communications, notes, attachments, and other information provided when contacting support, requesting assistance, or reporting a problem, suspected fraud, or security issue.
FestAxis may automatically collect certain technical, device, and usage information associated with access to and operation of the Service.
Internet Protocol (IP) address, browser type and version, device type, operating system, approximate diagnostic location derived from IP, language settings, referring URLs, page visitation history within the Service, timestamps, error logs, and similar diagnostic information.
Session identifiers, authentication events, logout events, password reset events, CSRF protections, rate-limiting signals, and other security or anti-abuse telemetry needed to protect the Service.
Ticket scans, scan timestamps, gate activity, access-event logs, session-based device identifiers used for scanning or event operations, and other operational records necessary to support check-in, capacity management, and event administration.
FestAxis may receive information from third-party service providers, integrations, and business partners in connection with operation of the Service.
From Stripe or an approved enterprise processor, FestAxis may receive transaction identifiers, payment status information, payout status, partial billing descriptors, card brand, and masked payment details such as the last four digits of a payment method. FestAxis does not receive or store full primary account numbers or CVV values.
FestAxis may receive security, infrastructure, email-delivery, spam-prevention, or fraud-prevention information from service providers used to host, secure, and operate the Service.
FestAxis processes Personal Information as reasonably necessary to provide, maintain, administer, and support the Service and the features made available through the applicable plan, deployment, or workflow.
FestAxis may use Personal Information to: (a) create and administer accounts; (b) authenticate users and maintain account security; (c) facilitate ticket purchases, registrations, applications, and confirmations; (d) enable Organizers to manage events, vendors, staff, logistics, credentials, and operations; (e) communicate transactional notices such as receipts, confirmations, reset messages, or operational notices; (f) provide customer or technical support; (g) detect, investigate, prevent, and remediate suspected fraud, abuse, chargeback activity, security incidents, policy violations, or unlawful activity; (h) monitor, troubleshoot, secure, and improve the reliability and performance of the Service; (i) maintain internal business records; and (j) comply with applicable law, legal process, accounting obligations, and enforcement requests.
FestAxis does not sell Personal Information for monetary consideration and does not use Personal Information to serve third-party advertising. FestAxis does not currently use third-party advertising cookies and does not share Personal Information with advertisers for cross-context behavioral advertising purposes.
FestAxis may compile, use, disclose, and retain aggregated, statistical, or de-identified information that does not identify a particular person, provided that FestAxis will not attempt to reidentify such data except as permitted by applicable law.
Where a legal basis for processing must be identified under applicable law, FestAxis generally relies on one or more of the following: performance of a contract; compliance with legal obligations; legitimate interests in operating, securing, improving, and administering the Service; and, where applicable, consent.
Customer, participant, and application information submitted through an Organizer’s event pages or workflows is generally disclosed to the applicable Organizer because such disclosure is necessary for the Organizer to administer the event, review applications, manage admissions, provide event services, communicate with participants, and fulfill the purpose for which the information was submitted.
FestAxis may disclose Personal Information to vendors, contractors, subprocessors, and service providers that perform services on FestAxis’s behalf, including payment processing, cloud hosting, infrastructure, storage, email delivery, security monitoring, support tooling, and related operational functions. Such recipients are generally required by contract or comparable obligations to protect Personal Information and to process it only for authorized purposes.
FestAxis may disclose Personal Information where FestAxis, in good faith, believes disclosure is reasonably necessary to: (a) comply with applicable law, regulation, subpoena, court order, or lawful request; (b) enforce contracts or policies; (c) detect, investigate, prevent, or address fraud, abuse, chargebacks, security incidents, or unlawful conduct; (d) protect the rights, property, safety, or security of FestAxis, Organizers, Customers, or others; or (e) establish, exercise, or defend legal claims.
FestAxis may disclose or transfer Personal Information in connection with an actual or proposed merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar corporate transaction, subject to customary confidentiality and transaction safeguards. Where required by applicable law, FestAxis will provide notice before Personal Information becomes subject to a materially different privacy policy.
FestAxis does not sell Personal Information to advertisers and does not disclose Personal Information to advertisers for their independent marketing or profiling purposes.
FestAxis uses session cookies and similar technical mechanisms that are reasonably necessary to operate the Service, maintain user sessions, authenticate accounts, support secure navigation, preserve workflow state, and administer essential functionality.
FestAxis uses CSRF protections, security tokens, and similar short-lived mechanisms to protect the Service against unauthorized requests, abuse, and session compromise. These technologies are used for security and operational integrity rather than for cross-site advertising or cross-site behavioral tracking.
FestAxis does not currently use third-party advertising cookies and does not currently deploy third-party analytics scripts intended to track users across unaffiliated websites. FestAxis may, however, use first-party operational logs and diagnostic tools reasonably necessary to secure, monitor, and improve the Service.
Certain browsers permit users to delete, restrict, or block cookies. Because some cookies and similar technologies are necessary to authenticate users and operate core portions of the Service, disabling them may affect functionality.
FestAxis retains Personal Information for the period reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, needed for legitimate business purposes, required for dispute resolution, or necessary for fraud prevention, security, audit, backup, or legal compliance.
Subject to the qualification above, FestAxis generally follows the retention expectations below.
Account and profile information may be retained while an account remains active and for up to three (3) years following closure or deactivation.
Transaction data, order records, billing records, payout records, and related financial records may be retained for up to seven (7) years or such longer period as may be required by law, processor rules, audit obligations, or dispute needs.
Ticket scan logs, gate activity records, and similar operational records may be retained for up to two (2) years.
Support records and related correspondence may be retained for up to three (3) years.
FestAxis may retain certain information beyond the periods above where reasonably necessary to comply with legal obligations, enforce agreements, resolve disputes, detect or prevent fraud, maintain system integrity, preserve backups, document consent or transaction history, or protect FestAxis, Organizers, Customers, or others.
Depending on the jurisdiction in which an individual resides and the role FestAxis plays in the relevant processing activity, that individual may have certain rights under applicable privacy law, including rights of access, correction, deletion, portability, restriction, objection, appeal, or withdrawal of consent where consent is the applicable basis for processing.
Requests may be submitted to privacy@festaxis.com. FestAxis may take reasonable steps to verify the requestor’s identity, authority, and relationship to the relevant account, event, or transaction before taking action on a request.
Where FestAxis processes Personal Information on behalf of an Organizer, FestAxis may refer the request to the applicable Organizer, require the request to be submitted to the Organizer directly, or coordinate with the Organizer in responding to the request, as appropriate under applicable law and system design.
FestAxis intends to respond within the time periods required by applicable law. Where no specific response period applies, FestAxis generally aims to respond within thirty (30) days, subject to permissible extensions where requests are complex, numerous, or require additional verification.
Individuals in the European Economic Area or the United Kingdom may have the right to lodge a complaint with their local supervisory authority or other competent data protection regulator.
FestAxis maintains technical and organizational measures that are reasonably designed to protect Personal Information against unauthorized access, loss, misuse, alteration, and disclosure. Such measures may include encrypted transmission using HTTPS/TLS, password hashing, authentication controls, access restrictions, activity logging, and other administrative, technical, and physical safeguards appropriate to the nature of the Service.
No method of transmission over the Internet, no method of electronic storage, and no software platform can be guaranteed to be absolutely secure. Accordingly, FestAxis does not warrant or guarantee that the Service or any data transmission or storage environment will be immune from all compromise, intrusion, or failure.
Potential security vulnerabilities may be reported to security@festaxis.com. If FestAxis determines that a security incident has occurred for which notification is required by applicable law, FestAxis will provide notice in the manner and within the timeframe required by such law.
The organizer-facing portions of the Service are not directed to children under thirteen (13), and FestAxis does not knowingly permit children under thirteen (13) to establish organizer accounts or registered organizer-side profiles.
Public event pages, registrations, and ticketing workflows may in some cases be used in connection with events attended by minors. In such cases, the applicable Organizer is responsible for obtaining any notices, permissions, or parental consents required by law and for structuring the event workflow in a lawful manner.
If you believe Personal Information from a child has been collected through the Service in a manner inconsistent with applicable law, you may contact privacy@festaxis.com.
FestAxis is operated from the United States, and Personal Information may be stored, processed, or accessed in the United States or in other jurisdictions where FestAxis, its affiliates, or its service providers operate.
Where required by applicable law, FestAxis will rely on appropriate transfer safeguards for cross-border transfers of Personal Information, including Standard Contractual Clauses or comparable approved mechanisms where applicable.
FestAxis may revise or update this Privacy Policy from time to time to reflect changes in the Service, business practices, legal requirements, operational needs, or risk posture.
Where FestAxis determines that a revision is material, FestAxis may provide notice by posting an updated notice through the Service, by updating the "Last updated" date, by email to applicable account holders, or by another method reasonably calculated to provide notice under the circumstances.
The version posted through the Service will control as of its stated effective date, subject to any additional rights or requirements imposed by applicable law.
Questions, requests, or concerns regarding this Privacy Policy or FestAxis privacy practices may be directed to privacy@festaxis.com.
Potential security issues may be reported to security@festaxis.com.
FestAxis LLC
[Registered mailing address - add before publishing]