Privacy Policy
Effective date: 22 March 2026 | GatePass Pty Ltd (ABN TBC)
Contents
- 1. Who We Are
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Disclosure of Your Information
- 5. Stripe and Payment Processing
- 6. Cookies and Tracking
- 7. Data Security
- 8. Data Retention
- 9. Your Rights
- 10. Children's Privacy
- 11. International Transfers
- 12. Changes to This Policy
- 13. Contact and Complaints
1. Who We Are
GatePass Pty Ltd (ABN TBC) operates the GatePass event ticketing platform. We are the entity responsible for the personal information we collect about you. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
If you have any questions about this policy or our privacy practices, please contact our Privacy Officer at [email protected].
2. Information We Collect
2.1 Information you provide to us
| Category | Examples | Who it applies to |
|---|---|---|
| Identity information | Name, email address | All users |
| Account information | Login credentials, account preferences | All users |
| Payment information | Card details (processed by Stripe; we do not store full card numbers) | Buyers |
| Business information | ABN, business name, bank account details for payouts | Organisers |
| Event information | Event name, description, venue, date, ticket prices | Organisers |
| Attendee information | Name, email, ticket type purchased | Buyers |
| Communications | Emails, support requests, feedback | All users |
| Waitlist information | Email address, city of interest | Waitlist subscribers |
2.2 Information collected automatically
When you use the Platform, we automatically collect certain technical information including your IP address, browser type and version, operating system, referring URLs, pages visited, and the date and time of your visit. This information is collected via server logs and analytics tools and is used to operate and improve the Platform.
2.3 Information from third parties
We receive information from Stripe when you complete a payment, including a payment confirmation and a tokenised reference to your payment method. We also verify ABNs against the Australian Business Register (ABR), which is a publicly available government database.
3. How We Use Your Information
We use personal information for the following purposes:
| Purpose | Legal basis (APP 3) |
|---|---|
| Processing ticket purchases and issuing digital tickets | Performance of contract |
| Verifying organiser identity and ABN | Legal obligation / legitimate interest |
| Processing payouts to organisers via Stripe Connect | Performance of contract |
| Sending order confirmation and ticket delivery emails | Performance of contract |
| Providing customer support | Legitimate interest |
| Sending platform updates and marketing emails (with consent) | Consent |
| Detecting and preventing fraud and abuse | Legitimate interest / legal obligation |
| Complying with legal obligations (e.g., tax records) | Legal obligation |
| Improving the Platform through analytics | Legitimate interest |
| Notifying waitlist subscribers when events launch in their city | Consent |
We will not use your personal information for any purpose that is incompatible with the purpose for which it was collected, unless you have consented or we are required to do so by law.
4. Disclosure of Your Information
We may disclose your personal information to the following categories of recipients:
| Recipient | What is shared and why |
|---|---|
| Event Organisers | Buyer name, email, and ticket details are shared with the Organiser of the event you purchased tickets for, so they can manage their guest list and facilitate entry. |
| Stripe Payments Australia Pty Ltd | Payment card details and identity information are shared with Stripe to process payments and payouts. See Section 5 for details. |
| Australian Business Register (ABR) | Organiser ABNs are verified against the ABR public API. No personal data is sent to the ABR. |
| Resend (email delivery) | Your email address and order details are shared with Resend to deliver order confirmation and ticket emails. |
| Law enforcement / regulators | We may disclose information where required by law, court order, or to protect the rights, property, or safety of GatePass, our users, or the public. |
| Business successors | If GatePass is acquired or merged, your information may be transferred to the successor entity, subject to the same privacy protections. |
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. Stripe and Payment Processing
All payment processing on GatePass is handled by Stripe Payments Australia Pty Ltd. When you make a purchase, you are providing your payment information directly to Stripe. GatePass does not receive or store your full card number, CVV, or bank account details.
Stripe's collection and use of your payment information is governed by Stripe's Privacy Policy. Stripe is certified to PCI DSS Level 1, the highest level of payment security certification.
For Organisers using Stripe Connect, Stripe will collect additional identity and business verification information as part of their Know Your Customer (KYC) obligations. This information is collected and held by Stripe, not GatePass.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include TLS encryption for all data in transit, hashed storage of authentication credentials, and restricted access controls for staff.
Dynamic QR codes on tickets rotate every 30 seconds and are cryptographically signed to prevent fraud. TOTP secrets are stored server-side and are never transmitted to the browser.
No method of transmission over the internet or electronic storage is 100% secure. If you become aware of a security incident involving your account, please contact us immediately at [email protected].
8. Data Retention
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, as set out in the table below.
| Data type | Retention period |
|---|---|
| Account information | Until account deletion, plus 7 years for tax and legal compliance |
| Order and ticket records | 7 years (required for GST and income tax records under the Tax Administration Act 1953) |
| Payment records | 7 years |
| Check-in audit logs | 2 years |
| Marketing consent records | Until consent is withdrawn, plus 1 year |
| Waitlist signups | Until the subscriber unsubscribes or 2 years from signup, whichever is earlier |
| Server and access logs | 90 days |
9. Your Rights
Under the Australian Privacy Principles, you have the following rights in relation to your personal information:
Access (APP 12)
You may request access to the personal information we hold about you. We will respond within 30 days.
Correction (APP 13)
If you believe information we hold about you is inaccurate, incomplete, or out of date, you may request that we correct it.
Withdrawal of consent
Where we process your information based on your consent (e.g., marketing emails), you may withdraw consent at any time by clicking the unsubscribe link in any email or contacting us.
Deletion
You may request deletion of your account and associated personal information, subject to our legal retention obligations (see Section 8).
Complaints
If you believe we have breached the Privacy Act or the APPs, you may lodge a complaint with us (see Section 13). If you are not satisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request.
10. Children's Privacy
The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us and we will delete it promptly.
11. International Transfers
GatePass is an Australian business and stores data primarily in Australia. However, some of our service providers (including Stripe and Resend) may process data in other countries, including the United States. We take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the APPs.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Platform. The updated policy will be effective from the date stated at the top of this page. Your continued use of the Platform after that date constitutes acceptance of the updated policy.
13. Contact and Complaints
For privacy enquiries, access requests, correction requests, or complaints, please contact our Privacy Officer:
Privacy Officer, GatePass Pty Ltd
Email: [email protected]
If you are not satisfied with our response to a complaint, you may contact the Office of the Australian Information Commissioner (OAIC):