FESTI Privacy Policy

1. Who We Are

FESTI is an event discovery, ticketing, organizer, and event-entry platform. Users can discover events, reserve or buy tickets, receive digital tickets, transfer eligible tickets, contact organizers or support, and receive service notifications. Organizers can create event listings, upload media, manage tickets, prepare offline scanner packages, scan ticket QR codes, review scan history, and manage organizer activity.

For privacy questions or requests, contact us using the details at the end of this Policy.

2. Information We Collect

We collect information that you provide, information created when you use the service, information from your device when you grant permission, and information from service providers that help operate FESTI.

Account and profile information

• Name, first name, last name, display name, profile photo, avatar URL, email address, phone number, verified phone status, country, city, language, currency, date of birth if provided, short bio or location text if provided, invitation code if provided, account role, account status, signup date, update timestamps, and Firebase authentication identifiers.

Authentication information

• Email/password sign-in information handled through Firebase Authentication.
• Phone or email one-time-passcode verification data, including phone number or email address, verification code status, language, and authentication token exchange data.
• Google Sign-In and Apple Sign-In identifiers, profile name, and email address when you choose those sign-in methods.

Organizer and business information

• Full name or organization name, organizer type, organizer profile photo, organizer email, organizer phone, company title, company phone, website, business or organizer address, organizer bio, organizer secret code, organizer status, verification status, contract or policy acceptance records, and organizer application timestamps.

Events and listings

• Event title, description, category, tags, dates, times, timezone, venue name, city, country, map coordinates, public or private visibility settings, private event access code settings, ticket tiers, capacity, pricing, refund policy, sales status, approval status, media, organizer identity, and event-management timestamps.
• Event preview metadata used to generate public event sharing pages and app links.

Ticketing, reservations, and attendance

• Tickets viewed, reserved, bought, issued, transferred, cancelled, archived, refunded, or checked in.
• Order identifiers, reservation identifiers, ticket identifiers, ticket type, quantity, price, currency, fees, country, payment state, expiry timestamps, QR code data or ticket code data, and ticket lifecycle status.
• Scan results, scan timestamps, scanner user or device identifiers, duplicate-use information, wrong-event or invalid-ticket outcomes, and scan-report history.

Payments, mobile money, and payout-related data

• Payment method type, amount, currency, order kind, payment status, Stripe payment intent or checkout identifiers, mobile money phone number, mobile money network, country code, provider transaction reference, payment polling status, and transaction metadata.
• Organizer payout and operational records where needed to support payment, payout, refund, dispute, accounting, fraud-prevention, and audit workflows.

FESTI does not store full payment card numbers in the FESTI app database. Card data is handled by Stripe or other payment providers according to their own privacy and security practices.

Chat, support, and reports

• Messages sent in organizer, event, or support conversations, conversation identifiers, participant identifiers, message text, delivery status, read status, timestamps, and support-thread metadata.
• Reports submitted about users, organizers, events, conversations, or ticket transfers, including target identifiers, reason code, details, and related event or conversation identifiers.

Device, app, and notification information

• Platform, operating system, app version, device locale, language setting, country setting, network connectivity state, device push token, notification content metadata, notification read status, and local app preferences.
• Backend, infrastructure, security, and error logs that may include identifiers such as user ID, request metadata, IP address, timestamps, device or platform information, and function execution data.

Location information

• Foreground location when you allow it, used to detect country, set app currency and phone-code defaults, show nearby or relevant event context, and help choose event venues on a map.
• Venue coordinates and reverse-geocoded city, country, and country code when you create or edit events or choose a venue.
• Recent venue selections saved to your profile preferences for faster event creation.

FESTI does not request background location access and does not use continuous background location tracking.

Contacts

• When you choose to pick a contact for ticket transfer, the app may read contact names and phone numbers on your device so you can select a recipient.
• The selected phone number may be sent to FESTI to look up whether that recipient has a FESTI account and to complete the ticket transfer.
• FESTI does not upload your full address book for marketing or social graph building.

Camera, photos, video, and microphone

• Camera access for scanning ticket QR codes, taking event photos, taking organizer profile photos, or updating profile images.
• Photo library access when you choose images for your profile, organizer application, or event listing.
• Video and microphone access when you choose to record video event content in the app.
• Uploaded images, videos, thumbnails, media metadata, file paths, storage URLs, and processing status for event media.

Offline data

• Cached event data, user profile data, language and country preferences, notification token pending state, ticket data, chat data, offline action queue items, scanner device identifiers, offline scanner packages, hashed or partial ticket data, and pending offline scan records stored locally on your device to support offline or low-connectivity use.

3. How We Use Information

We use information to provide, secure, improve, and administer FESTI, including to:

• Create, authenticate, maintain, and secure accounts.
• Verify phone numbers, email addresses, and sign-in providers.
• Display relevant events, event details, organizer profiles, ticket availability, prices, currencies, and fees.
• Create, review, publish, update, feature, archive, or reject event listings.
• Process reservations, issue tickets, display QR codes, support transfers, validate tickets, and prevent duplicate ticket use.
• Operate card, mobile money, free-ticket, private-event activation, refund, payout, accounting, and dispute workflows.
• Enable organizers and staff to scan tickets online and offline and reconcile offline scans.
• Send service notifications, booking confirmations, event reminders, event updates, organizer updates, security notices, and support messages.
• Provide chat, support, moderation, reporting, and dispute resolution.
• Detect, investigate, prevent, and respond to fraud, abuse, unauthorized access, payment risk, safety issues, policy violations, and security incidents.
• Maintain records required for legal, tax, accounting, audit, payment, fraud-prevention, and platform-integrity purposes.
• Cache data locally so the app can load faster and continue limited functionality when offline.
• Improve app reliability, performance, localization, country support, and user experience.

4. Device Permissions

FESTI asks for device permissions only when needed for a feature. You can deny or later disable permissions in your device settings, but some features may not work without them.

Camera

• Used to scan ticket QR codes and to capture photos for profiles, organizers, or event listings.

Photos and media library

• Used when you choose images or videos for a profile, organizer application, or event listing.

Microphone

• Used only when you choose to record video content that includes audio.

Location while using the app

• Used to detect country, set defaults, help show relevant event context, and help organizers select venues.

Contacts

• Used only when you choose a contact to prefill a recipient phone number for ticket transfer.

Notifications

• Used to send booking, ticket, event, organizer, support, and account messages.

5. How Ticket Scanning and Offline Scanner Mode Work

Organizers and authorized staff can scan tickets using the camera. When a ticket is scanned, FESTI may process ticket code data, event ID, ticket ID, attendee or holder hints, ticket type, scanner user ID, scanner device ID, timestamps, and the scan result.

Offline scanner mode can download an event-specific scanner package to a device. That package may include ticket IDs, ticket code hashes, ticket statuses, ticket type labels, holder hints, manifest data, signatures, and expiration data. Offline scan decisions and timestamps may be stored locally until the device reconnects and reconciles them with FESTI servers.

Scanner data is used for event entry, attendance control, fraud prevention, duplicate-use prevention, event operations, support, audits, and dispute handling.

6. Payments and Financial Processing

FESTI uses third-party payment providers to process payments. Depending on country and feature availability, this may include Stripe for card payments and mobile money providers or payment gateways for mobile money payments.

Payment providers may collect and process payment details, authentication information, transaction data, fraud-prevention signals, and other information required to complete or review a payment. FESTI receives and stores payment metadata such as payment status, payment identifiers, amount, currency, order ID, transaction reference, and related operational records.

Organizer payouts, refunds, disputes, chargebacks, fraud reviews, audits, accounting, and compliance may require us and our providers to retain certain transaction and account records even after an account deletion request.

7. How We Share Information

We share information only as needed to operate FESTI, comply with law, protect users and the platform, and complete transactions. This may include sharing with:

Service providers

• Firebase, Google Cloud, and related Google services for authentication, database, storage, cloud functions, app integrity, hosting, security, and infrastructure.
• Expo services for app delivery, updates, notifications, and related mobile infrastructure.
• Stripe and other payment providers for card payments, payment authentication, fraud prevention, refunds, and disputes.
• Mobile money providers, payment gateways, telecom, SMS, WhatsApp, or OTP providers for payment, payout, and verification workflows.
• Google Sign-In, Apple Sign-In, Google Maps, Google Places, geocoding, and mapping services where those features are used.

Event organizers and authorized staff

• Information needed to manage event attendance, validate tickets, communicate about an event, resolve ticketing issues, and operate event entry.

Other users

• Public event listings may show organizer name, organizer profile photo, event details, event location, event media, and other information intended for event discovery.
• Ticket transfer recipient lookups may reveal limited recipient information, such as name and phone match status, to help confirm a transfer.

Admins, support, and moderation teams

• Information needed for support, account recovery, moderation, event review, organizer review, payout review, fraud prevention, dispute resolution, security review, and audit workflows.

Legal, safety, and business reasons

• We may disclose information when required by law, court order, legal process, regulatory request, tax or accounting requirement, or when we believe disclosure is necessary to protect users, organizers, FESTI, payment systems, or the public.
• If FESTI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction subject to appropriate protections.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising or third-party advertising tracking.

8. Data Retention and Deletion

We keep information for as long as needed to provide FESTI, maintain accurate records, comply with legal obligations, resolve disputes, prevent fraud and abuse, enforce agreements, and protect the service.

• Account profile data is generally kept while your account is active.
• Event, ticket, order, payment, payout, refund, chargeback, scan, audit, and dispute records may be retained longer because they are needed for event operations, financial records, fraud prevention, legal obligations, and user protection.
• Messages, reports, and support records may be retained as needed to provide support, investigate abuse, and resolve disputes.
• Offline cached data remains on your device until replaced, expired, removed by app logic, deleted through app/device storage controls, or removed when you delete or reinstall the app.
• Push tokens may be cleared when you log out or disable notifications, although previously sent notifications and server records may remain for operational reasons.

You may request account deletion in the app. The deletion flow may delete or de-identify account data where reasonably possible. Some records may be retained where necessary for legal, tax, accounting, security, fraud-prevention, payment, ticketing, chargeback, dispute, audit, or platform-integrity reasons.

9. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent.

• You can update some profile information in the app.
• You can delete your account from the app settings deletion flow.
• You can disable camera, contacts, photo, location, microphone, or notification permissions through device settings.
• You can unsubscribe from or disable push notifications through app or device settings where supported.
• You can contact support to request access, correction, deletion, or other privacy help.

We may need to verify your identity before responding to a request. We may decline or limit requests where permitted by law, including when retaining information is necessary for legal, security, payment, fraud-prevention, ticketing, or dispute-resolution reasons.

10. Security

We use reasonable technical and organizational safeguards designed to protect information, including authenticated access, Firebase and cloud security controls, database security rules, app integrity controls, role-based flows, restricted admin workflows, payment-provider security controls, and audit processes.

No system is completely secure. You are responsible for using a secure device, protecting your password and one-time codes, and contacting us if you believe your account or ticket has been compromised.

11. International Processing

FESTI and our service providers may process and store information in countries other than where you live. Data protection laws in those countries may differ from the laws in your location. Where required, we rely on appropriate legal mechanisms and service-provider commitments for cross-border processing.

12. Children

FESTI is not intended for children under 13 or the minimum age required by local law to use the service independently. We do not knowingly collect personal information from children in violation of applicable law. If you believe a child provided personal information to FESTI, contact us so we can review and take appropriate action.

13. Third-Party Services and Links

FESTI may link to or integrate third-party services, including app stores, authentication providers, payment providers, map providers, mobile money providers, communication providers, event venues, and organizer websites. Their privacy practices are governed by their own policies, not this Policy.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may update the effective date, post the updated Policy, and provide additional notice in the app or through other reasonable means where required.

15. Contact Us

For privacy questions, account deletion issues, data requests, or complaints, contact:

FESTI
Email: support@festi-events.com
Website: https://festi-events.com