TicketAttendant App Privacy Policy
1. Introduction
This Privacy Policy outlines the practices of TicketAttendant concerning the collection, utilization, and disclosure of information in connection with the TicketAttendant app, which is designed to facilitate the pricing and broadcasting of ticket inventory. By engaging with the App and its associated services, users acknowledge their understanding and acceptance of the terms detailed within this Privacy Policy. The provision of information by users for the use of the App and its services is a voluntary act; however, it is important to recognize that the inability to furnish essential information may preclude TicketAttendant from delivering its full suite of services.[1]
The foundational premise of this policy is rooted in the understanding that data provision is not merely an optional component but an intrinsic prerequisite for the core functionalities of TicketAttendant’s services. This operational model implies a direct and essential link between the data supplied by users and the availability of the service. Unlike applications where data collection might primarily serve ancillary functions such as analytics or optional feature enhancement, TicketAttendant’s fundamental operations, including inventory management and broadcasting capabilities, are inherently dependent on the provision of specific user data. This dependency means that users who wish to fully leverage the App’s capabilities cannot meaningfully opt out of core data collection practices. Consequently, the policy is structured to transparently describe these essential data flows, underscoring that consent for data processing is inextricably linked to the utility and access of the service itself. This necessitates a comprehensive and detailed disclosure of data practices to foster user trust and ensure regulatory compliance.
2. Information We Collect
TicketAttendant collects various categories of information, which are essential for the effective provision and continuous enhancement of its services. This encompasses data directly submitted by users, as well as information gathered automatically through the App’s operational processes.
2.1 Information You Provide to Us
This category encompasses data actively submitted or made accessible by users through the App or related communication channels.
To enable the full scope of TicketAttendant’s services, users are required to furnish accurate and current login credentials for their external ticket accounts. This critical information includes the complete email address, associated password, and the precise website or URL where the tickets are located, such as Ticketmaster or an Account Manager for specific sports events.[2] This granular level of access is indispensable for the Operations Team to execute Purchase Orders (POs), facilitate automated processes via PurchaseNow, and enable the Account Surrender feature when necessary. The extensive collection of these client account credentials for third-party ticket platforms signifies a high-trust operational paradigm where TicketAttendant acts as an authorized agent managing clients’ external inventory. This arrangement places a substantial responsibility on TicketAttendant for maintaining robust data security protocols and implies a potential for increased liability should these sensitive credentials be compromised. Furthermore, the operational effectiveness of TicketAttendant’s automated systems, such as PurchaseNow, is directly contingent upon the client’s diligence in maintaining accurate and up-to-date credentials and recovery information for designated accounts, such as the Gmail EmailParser account.[2] A failure by the client to update these credentials, for instance, following a password change or account lockout, would directly impede PurchaseNow’s automated PO creation, underscoring a shared responsibility model for the continuity and reliability of automated processes. This means that while TicketAttendant provides automation, the underlying security and functionality of that automation are partly contingent on the client’s proactive management of their own external accounts. This framework implies a need for clear communication to clients about these dependencies and the potential service disruptions, such as missed POs or delayed broadcasts, that can arise from outdated information, which in turn could impact their business operations.
When users list or manage tickets, they provide comprehensive details about their inventory. This includes specific event information, such as the full team name, sport, venue, exact event dates, and precise event times. Additionally, detailed ticket attributes are collected, including section, row, seat numbers, and quantity. The stock type, such as “Mobiles QRs,” “Hard stock,” or “Paperless,” along with in-hand dates and any supplementary notes or disclosures pertinent to the inventory, are also provided.[2]
Contact information, including name, email address (e.g., support@ticketattendant.com, consignment@ticketattendant.com), and phone number (e.g., (773) 888-3048), is collected when users create an account, submit support requests, or engage with the Operations Team.[2] The content of communications with the Operations Team, whether through email, phone calls, or chat programs, is also collected. This encompasses all support requests, inquiries, and any other interactions, forming a comprehensive record of user engagement.[2]
For physical tickets where TicketAttendant is involved in the shipping process, users provide specific shipping information. This includes their unique client Loc number, the date the tickets were shipped, and a comprehensive list of all tickets being shipped, typically included within a shipping manifest.[2, 3] Finally, financial information necessary for TicketAttendant to remit payments to users, typically via ACH, including relevant banking details, is collected to facilitate timely payouts.[2]
Table 1: Types of Information Collected and Their Purpose
| Category of Information | Specific Data Points | Primary Purpose of Collection | Source |
|---|---|---|---|
| Account Credentials | Full email address, password, website/URL of ticket accounts | Account creation, PO generation, PurchaseNow automation, Account Surrender facilitation | Provided by User |
| Inventory Details | Event name, date, time, venue, team, section, row, seats, quantity, stock type, in-hand date, notes, disclosures | Inventory management, Listing, Broadcasting, Order fulfillment | Provided by User |
| Contact Information | Name, email address, phone number | Account creation, Communication, Support request management | Provided by User |
| Communication Data | Content of emails, phone calls, chat logs, support requests | Operational support, Issue investigation, Policy enforcement, Employee protection | Provided by User |
| Shipping Information | Client Loc number, shipment date, list of tickets in manifest | Physical ticket tracking, Shipping coordination | Provided by User |
| Financial Information | Banking details (for payouts) | Payment remittance to client | Provided by User |
| Usage Information | Click stream activity, browser type, OS, access location, app areas visited | Service improvement, User experience enhancement, Analytics | Automatically Collected |
| Device Information | Device type, device identifier, date/time stamps of usage | Service optimization, Troubleshooting, Analytics | Automatically Collected |
| Log Files | IP addresses, browser type, ISP, date/time stamp, referring/exit pages, clicked pages | System monitoring, Security, Troubleshooting | Automatically Collected |
| Cookies & Tracking Tech | Anonymous identifiers, tracking data | User activity tracking, Personalization, Analytics | Automatically Collected |
This table provides a clear and concise overview of the data collected, its specific components, and the primary reasons for its collection, enhancing transparency and aiding user comprehension. For internal compliance and external auditing, this structured presentation serves as a quick and comprehensive reference to verify that all collected data types are adequately disclosed and linked to a legitimate purpose, thereby aiding in demonstrating adherence to privacy principles. In the event of any dispute or inquiry regarding data collection practices, this table clearly demonstrates the disclosed scope of data collection and its stated purposes, strengthening TicketAttendant’s position and demonstrating transparency.
2.2 Information Collected Automatically
Upon engagement with the App, certain information about the user’s device and usage patterns may be automatically collected.
Usage information, such as “click stream” activity (e.g., features accessed and interactions within the App), the type of Internet browser and operating system in use, the geographical location from which the App is accessed, and the specific areas of the App visited, is systematically gathered.[4] This data is instrumental in comprehending user behavior and continually refining the overall App experience. Limited device information, including the device type, a unique device identifier, and timestamps corresponding to App usage, may also be collected.[1, 4] Our systems further generate and record log files automatically, capturing data such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP) details, date/time stamps, referring/exit pages, and pages clicked within the App.[1] Additionally, anonymous identifiers and various tracking technologies, such as cookies, may be employed to collect information pertaining to user activity on our services. A dedicated Cookie Policy would provide more granular details on these technologies.[1, 4]
3. How We Use Your Information
The collected information is utilized for a range of purposes that are fundamental to the provision, maintenance, and continuous improvement of TicketAttendant’s services.
3.1 To Operate and Provide Our Services
User account credentials and inventory details are leveraged to generate Purchase Orders (POs) on behalf of the user, configure PurchaseNow automation, broadcast tickets to integrated exchanges, and manage in-hand dates for timely fulfillment.[2] Ticket and account information are essential for fulfilling orders, which includes mobile transfers, URL delivery, and facilitating Account Surrender. This information is also crucial for managing substitute tickets and processing time-sensitive last-minute or same-day sales.[2] The PurchaseNow system, an automation tool, uses user account and email information to automatically create purchase orders by monitoring designated email accounts.[2]
Beyond mere service delivery, the detailed “Communication and Abuse Policy” [2] indicates that communication data—including emails, phone call content, and chat logs—is actively monitored and analyzed. This analysis serves to enforce behavioral policies and, when deemed necessary, to impose restrictions on or terminate client relationships. This expands the scope of data utilization beyond typical service provision to encompass compliance, employee protection, and the implementation of disciplinary actions. This means that data provided during support interactions is not solely for the client’s benefit but also serves TicketAttendant’s internal policy enforcement and employee welfare. Users should be aware that their communications are subject to review for compliance with behavioral guidelines, and non-compliance can lead to severe consequences, including restrictions on contact methods or termination of services.
The specific “15-minute cutoff” for mobile transfer tickets and the “33% rule” for same-day sales, as outlined in the Last Minute/Same Day Sales Policy [2], demonstrate a sophisticated internal application of timing and event data. This goes beyond straightforward order fulfillment, illustrating how TicketAttendant employs precise data points—such as sale time, event time, and transfer restriction time—to manage operational risk, define boundaries of liability, and optimize internal processes to mitigate financial penalties stemming from late deliveries. These rules are not arbitrary; they are calculated thresholds that determine when TicketAttendant assumes or disclaims responsibility for cancellations. This indicates that TicketAttendant’s systems are processing and analyzing these time-sensitive data points in real-time. This suggests that TicketAttendant employs internal logic or algorithms that use these data points to manage its own operational exposure and financial liability. It is a clear example of data being used for internal risk management and performance optimization, directly impacting the client’s potential financial outcomes, such as being held accountable for cancellations. This level of detail in the policy provides transparency into the operational realities and risks associated with time-sensitive ticket sales.
3.2 To Communicate with You
Contact information is used to dispatch notifications regarding orders, account status, policy updates, and other service-related communications. This includes email notifications in instances where delivery fails for last-minute sales or if an order is canceled.[2]
3.3 For Security and Fraud Prevention
Collected information is leveraged to detect, prevent, and address potential fraud, security vulnerabilities, and abusive behaviors. This includes the investigation of denied entry claims to ascertain fault and apply corresponding charges.[2]
3.4 For Legal Compliance and Dispute Resolution
Information is utilized to ensure adherence to legal obligations, enforce TicketAttendant’s policies (e.g., Abuse Policy, Cancellation Policy), and resolve disputes, which includes processing charges for client-fault cancellations or penalties imposed by exchanges.[2]
4. How We Share Your Information
To deliver its services effectively, TicketAttendant shares user information with various third parties, including integrated exchanges, other ticketing platforms, service providers, and in specific legal or business contexts.
4.1 With Integrated Exchanges and Ticketing Platforms
Inventory details, and in certain scenarios, account credentials, are shared to facilitate the listing, broadcasting, and fulfillment of tickets on external platforms.
Event information, dates, times, stock type, notes, and disclosures are transmitted to integrated exchanges for the purpose of listing and broadcasting user inventory. Users bear the responsibility for the accuracy of this information.[2] Necessary information is shared to facilitate ticket fulfillment, including mobile transfers, and to coordinate substitute tickets with exchanges. Examples of these exchanges include StubHub (governed by LMS, Local Pick Up, Walk In at Venue, and Will Call policies), Vivid, and Mercury/TND (subject to masking and substitute ticket policies).[2, 5]
In specific instances where tickets are non-transferable, the Account Surrender policy allows for the direct sharing of user account login and password with the buyer for venue entry.[2] This method is not universally permitted by all exchanges, such as SeatGeek, StubHub, TicketsNow, and TM+, and carries inherent risks. The sharing of client account logins and passwords directly with buyers for “Account Surrender” represents an exceptionally high-risk data sharing practice. This direct transfer of sensitive, persistent credentials to an external party (the buyer) creates significant vulnerability for the client beyond the immediate transaction. These credentials grant ongoing access to the client’s primary account, which may contain other personal and financial information. This practice exposes the client to substantial security risks, including potential misuse of their account, identity theft, or unauthorized access to other linked services. TicketAttendant explicitly disclaims responsibility for issues arising from this method, effectively transferring the full liability to the client.[2] This highlights the severity of this risk and places the entire burden of potential negative outcomes squarely on the client, raising questions about the necessity and alternatives to such a high-risk sharing method.
For certain Paciolan teams, URL delivery is employed as a fulfillment strategy, which involves sharing URLs that grant access to tickets. This method carries specific risks related to barcode alterations or venue restrictions.[2] For tickets sold via the Dice app, users are responsible for directly transferring tickets to the buyer, a process that necessitates the sharing of phone numbers and mutual contact addition.[2]
The detailed policies and disclaimers surrounding the “Masking Policy” [2, 5] and “Resale Restricted Tickets Policy” [2] illustrate a business model where TicketAttendant facilitates complex, potentially non-compliant, listing strategies for clients on third-party exchanges. However, TicketAttendant consistently places the ultimate accountability, penalties, and risks of cancellation squarely on the client. This indicates TicketAttendant’s role as a technological facilitator rather than a guarantor of compliance or success on external platforms. TicketAttendant processes and transmits client data, including potentially masked or resale-restricted ticket information, to various exchanges. While providing guidelines, TicketAttendant explicitly distances itself from the consequences of these practices on third-party platforms. This reveals that TicketAttendant’s service is to provide the means for clients to list and broadcast, even if those listings carry inherent risks or violate third-party exchange policies. The data is shared, but the legal and financial burden for its acceptance or rejection by the ultimate marketplace (the exchange or buyer) remains with the client. This model emphasizes client autonomy in listing decisions but also underscores their full accountability for the outcomes of those decisions in the broader ticketing ecosystem.
Table 2: Data Sharing with Third Parties and Associated Responsibilities/Risks
| Third Party Category | Examples | Purpose of Sharing | Specific Data Shared | Associated Client Responsibility/Risk/Disclaimer |
|---|---|---|---|---|
| Integrated Exchanges & Ticketing Platforms | StubHub, Vivid, Mercury/TND, SeatGeek, TicketsNow, TM+, Paciolan-enabled teams | Listing, Broadcasting, Fulfillment, Order Management | Inventory details (event, date, time, stock type, notes, disclosures), Ticket URLs, Account credentials (in specific cases) | Client responsible for accuracy of broadcasted inventory; Client liable for penalties from mislistings (e.g., resale restricted, masking); Client liable for issues/penalties with Account Surrender; URL Delivery carries risks of barcode alteration/venue restrictions. |
| Buyers | Individual ticket purchasers | Direct ticket transfer for non-transferable tickets (Account Surrender), Dice App transfers | Account login/password (Account Surrender), Phone numbers (Dice App) | Client liable for risks associated with Account Surrender (TA not responsible for entry issues); Client responsible for Dice App transfers. |
| Service Providers | Payment Processors, Freshdesk, Gmail (for PurchaseNow) | Payment remittance, Support ticket management, Automated PO creation | Banking information (for payouts), Communication content, Email account credentials (for PurchaseNow) | Client responsible for maintaining current credentials for automated services (e.g., PurchaseNow Gmail account). |
| Legal/Governmental Entities | Law enforcement, Regulatory bodies | Legal compliance, Enforcement of terms, Fraud prevention | Any relevant personal information as required by law | Disclosure as legally required or deemed necessary for protection of rights/property/safety. |
| Business Transferees | Acquiring or merging entities | Business continuity | All personal information related to the business | Information may be transferred in the event of acquisition, merger, or bankruptcy. |
This table is valuable because it explicitly highlights the complex web of third-party interactions and, crucially, where liability and operational risk shift from TicketAttendant to the client. This level of transparency is vital for obtaining truly informed consent, especially given the high-risk nature of practices like Account Surrender. It clearly illustrates the operational model of TicketAttendant, showing how data flows through various partners and platforms to deliver the service. This helps clients understand the full scope of their data’s journey beyond just TicketAttendant’s direct control. By detailing specific responsibilities and disclaimers for each sharing scenario, the table provides actionable insights for clients, helping them make informed decisions about how they use TicketAttendant’s services and manage their inventory.
4.2 With Service Providers
TicketAttendant engages third-party service providers to execute functions on its behalf and to assist in the delivery of its services.
For the remittance of payments to users, TicketAttendant utilizes payment service providers.[2] It is noted that while similar companies may process credit card details via accredited third-party services, TicketAttendant’s primary function in this context is client payouts, not direct client payments to TicketAttendant. Platforms such as Freshdesk are employed for managing client support requests and communications.[2] The PurchaseNow system interacts with third-party email services, such as Gmail, through an EmailParser account to facilitate automated purchase order creation.[2] Statistical and analytical information may also be shared with third-party service providers, including standard analytics tools, to enhance and improve the services offered.[1, 4]
4.3 For Legal Reasons
Personal information may be disclosed if there is a good faith belief that such disclosure is beneficial or reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request.[1] Disclosure may also occur to enforce TicketAttendant’s Terms of Service, including the investigation of potential violations [1], to detect, prevent, or otherwise address fraud or security issues [1], or to safeguard the rights, property, or safety of TicketAttendant, its users, or the general public.[1]
4.4 In Business Transfers
In the event of an acquisition of TicketAttendant by, or a merger with, a third-party entity, or in circumstances such as bankruptcy or a comparable event, TicketAttendant reserves the right to transfer or assign personal information in connection with these occurrences.
5. Data Security
TicketAttendant employs generally accepted industry standards to safeguard the personal information submitted to it, encompassing protection during both transmission and storage. These protective measures include appropriate administrative, physical, and technical safeguards.[1] However, it is crucial to acknowledge that no method of transmission over the Internet or electronic storage can guarantee absolute security. Therefore, while TicketAttendant endeavors to utilize commercially acceptable means to protect personal information, its absolute security or confidentiality cannot be guaranteed.[1]
While TicketAttendant is committed to implementing industry-standard security measures, its operational policies repeatedly underscore client responsibility for data accuracy and timely updates. This is evident in requirements such as providing “accurate login information,” ensuring “current credentials and recovery information,” verifying that “everything is accurate and complete after the purchase order is finalized,” and providing “all necessary information, in advance”.[2] This emphasis on client diligence implies a shared security burden, where the client’s proactive maintenance of accurate and secure data, particularly sensitive credentials, constitutes a critical component of the overall data security posture for the entire service ecosystem. Inaccurate or outdated client-provided data, such as incorrect passwords or erroneous inventory details, can directly lead to operational failures, security vulnerabilities (e.g., inability to fulfill orders, potential for unauthorized access if old credentials remain active elsewhere), or financial penalties for the client. This means that TicketAttendant’s overall data security and operational integrity are not solely dependent on its internal safeguards but also significantly on the client’s adherence to data hygiene and security best practices. The policy implicitly establishes a co-dependent security model where client actions play a crucial role in mitigating risks, a critical nuance for users to understand beyond a general security statement.
6. Your Data Rights
Users possess certain rights concerning their personal information, subject to applicable legal frameworks.
Users may have the option to opt out of receiving specific promotional or service-related communications. Control over location-sharing features on mobile devices may also be available.[1] The ability to access, review, delete, or correct personal information may be provided through tools within the App or by direct contact with TicketAttendant. Verification of identity may be required before processing such requests.[1] Where personal information is processed based on user consent, users retain the right to withdraw that consent at any time. Such withdrawal will not retroactively affect the lawfulness of processing conducted prior to the withdrawal, nor will it impact processing based on other lawful grounds.[1] Users may also possess the right to request a transfer of their personal information in a structured, commonly used, and machine-readable format.[1] Furthermore, users may have the right to object to the processing of their personal information for direct marketing purposes or on grounds specific to their individual situation.[1] Finally, users have the right to lodge a complaint with a data protection supervisory authority in their habitual residence, place of work, or concerning an alleged infringement of data protection laws.[1]
The inclusion of comprehensive data rights, particularly those aligning with stringent data protection regulations such as the GDPR (as evidenced in the provided information from Tickets99 [1]), suggests that TicketAttendant, as a modern app-based service, either anticipates serving or already serves a global user base. Even if the provided operational handbook does not explicitly detail these rights, incorporating them is considered a best practice for a robust and future-proof privacy policy within the digital ticketing industry. While TicketAttendant’s own policy handbook focuses on operational procedures, a comprehensive privacy policy for an app operating in the current digital landscape must address these broader data subject rights. This suggests that TicketAttendant, to be legally sound and competitive, should adopt a privacy framework that extends beyond its immediate operational policies to encompass international data protection standards. This proactive inclusion enhances user trust and prepares the company for potential expansion or stricter regulatory scrutiny, even if its current primary operations are domestic.
7. Third-Party Links and Services
The TicketAttendant App may incorporate links to, or integrate with, third-party websites, applications, or services. These include various ticketing exchanges, such as StubHub, Vivid, Mercury/TND, SeatGeek, TicketsNow, and TM+, as well as specific applications like the Dice App and platforms for Paciolan-enabled teams.[2] This Privacy Policy exclusively pertains to information collected by TicketAttendant. TicketAttendant disclaims responsibility for the privacy practices or content of these external third-party sites or services. Users are strongly encouraged to review the privacy policies of any third-party sites or services with which they interact.
The extensive and critical reliance on “integrated exchanges” and specific third-party applications [2] necessitates a robust and explicit disclaimer regarding third-party privacy practices. TicketAttendant facilitates the transfer of sensitive client data to these external platforms, but its control over that data ceases once it is transmitted. This highlights a key boundary of TicketAttendant’s responsibility and the inherent complexity of data flows within the broader ticketing ecosystem. TicketAttendant’s core service involves sending client inventory data to these platforms for listing, broadcasting, and fulfillment. Once this data leaves TicketAttendant’s direct control and enters a third-party system, it becomes subject to that third party’s privacy policies and terms of service. A strong disclaimer is crucial for legal protection, clearly delineating TicketAttendant’s scope of responsibility. It informs users that while TicketAttendant handles their data up to the point of transfer, they must also understand and accept the privacy practices of the numerous third parties involved in the broader ticketing transaction, over which TicketAttendant cannot exert control or provide guarantees. This transparency is vital for managing user expectations and legal liability.
8. Changes to This Privacy Policy
This Privacy Policy may be periodically updated to reflect modifications in TicketAttendant’s practices, services, or relevant laws and regulations. Given the dynamic nature of the ticketing industry and the fact that “Exchanges’ guidelines and terms of service are subject to change without warning” [2], TicketAttendant’s own data practices may evolve in response. Notice of any material changes to this policy will be provided within a reasonable timeframe in advance, typically through posting the updated policy on TicketAttendant’s website and/or by sending an email notification. This allows users to review the changes and determine whether to continue utilizing the services.[1]
9. Contact Us
For any inquiries or concerns pertaining to this Privacy Policy or TicketAttendant’s data practices, please contact us using the following details:
- Email: support@ticketattendant.com
- Phone: (773) 888-3048 (Operations Team available during business hours: 8:30 AM-9 PM CST Monday-Friday and 9 AM-9 PM CST Saturday and Sunday, excluding holidays).[2]
Conclusions
The development of a privacy policy for the TicketAttendant app, informed by the operational policies outlined in the 2024 Policy Handbook, reveals a sophisticated interplay between service delivery, data collection, and risk management. The app’s core functionality, centered on the pricing and broadcasting of ticket inventory, inherently necessitates a high degree of data exchange and access, particularly concerning sensitive client account credentials for external ticketing platforms. This establishes a foundational understanding that data provision is not merely an optional user choice but a prerequisite for service engagement.
A significant aspect of TicketAttendant’s operational model is the shared responsibility for data accuracy and security. While TicketAttendant implements industry-standard safeguards, the continuous efficacy of its automated processes and the overall security posture are demonstrably reliant on client diligence in maintaining up-to-date and accurate account information. This co-dependent security model means that client actions directly influence the mitigation of operational and financial risks within the ecosystem.
Furthermore, the policy highlights TicketAttendant’s role as a facilitator within a complex, multi-party ticketing environment. The extensive sharing of data with integrated exchanges, other ticketing platforms, and in some high-risk scenarios, directly with buyers (e.g., Account Surrender), underscores the interconnectedness of the digital ticketing landscape. Crucially, the policy consistently delineates the boundaries of TicketAttendant’s responsibility, often transferring ultimate accountability for outcomes, such as penalties from mislistings or issues arising from high-risk fulfillment methods, back to the client. This approach emphasizes client autonomy in listing decisions while simultaneously clarifying their full accountability for the consequences within the broader ticketing ecosystem.
The inclusion of comprehensive data rights, aligning with modern data protection regulations, positions TicketAttendant’s privacy framework as robust and forward-looking, capable of addressing the needs of a potentially global user base and anticipating evolving regulatory landscapes. Overall, the privacy policy reflects a pragmatic approach to data governance, balancing the imperative of efficient service delivery with the complexities of data security, shared responsibilities, and external platform interactions in the dynamic world of ticket inventory management.