Privacy Policy

Last Updated: February 28, 2026

1. Introduction

Bjornsoft ("we," "us," or "our") operates this event ticketing platform. We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our event ticketing service. This policy applies to all users of our platform.

Contact Information: If you have questions about this policy or how we handle your data, please contact us at tickets@halfpastvibe.com

2. Information We Collect

2.1 Payment and Contact Information

When you purchase event tickets, Stripe (our payment processor) collects:

Email address (for payment confirmation)
Payment card information (securely processed by Stripe, never stored by us)
Billing information

2.2 Event Purchase Information

We collect:

Event selection and ticket quantity
Purchase transaction details (date, amount, event name)

2.3 Technical Information

Our servers automatically collect minimal technical information:

IP address (for fraud prevention and legal compliance)
Browser type and version
Access times and pages viewed

What We Don't Collect: We do not create user accounts, track your browsing behavior, use analytics tools, or collect any information beyond what is necessary for ticket purchases.

3. How We Use Your Information

We use your information only for the following purposes:

Process ticket purchases: To complete your transaction and provide you with event access
Event management: To maintain attendee lists and manage event logistics
Payment processing: To facilitate secure payments through Stripe
Legal compliance: To comply with financial record-keeping requirements and applicable laws
Fraud prevention: To detect and prevent fraudulent transactions

We do NOT use your information for:

Marketing or promotional communications
Behavioral tracking or analytics
Selling or renting your data to third parties
Any purpose other than those listed above

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal basis for processing your personal data is:

Contractual necessity: Processing is necessary to fulfill our contract with you (processing your ticket purchase)
Legal obligation: Processing is required to comply with legal obligations (tax and financial record-keeping)
Legitimate interests: Fraud prevention and service security

5. Third-Party Service Providers

5.1 Stripe (Payment Processing)

All payment transactions are processed by Stripe, Inc., a certified PCI Service Provider Level 1 (the highest level of certification available in the payments industry).

Stripe collects and processes your payment card information, email address, and billing information. Your payment card data never touches our servers. Stripe may store your payment information for future use as per their policies.

Stripe's privacy policy: https://stripe.com/privacy

Stripe complies with PCI-DSS requirements and implements appropriate security measures.

5.2 No Other Third Parties

We do not share your information with any other third parties, including:

No analytics or tracking services (Google Analytics, etc.)
No advertising platforms
No marketing services
No social media platforms

6. Data Storage and Security

6.1 Where We Store Your Data

Our servers are located in the United States. By using our service, you understand that your information will be transferred to, stored, and processed in the United States.

For users in the EEA, Canada, or other jurisdictions, this means your data is transferred internationally. We ensure appropriate safeguards are in place for such transfers.

6.2 How We Protect Your Data

We implement appropriate technical and organizational security measures:

HTTPS encryption for all data transmission
Secure database storage with access controls
Regular security updates and monitoring
No storage of credit card information (handled entirely by Stripe)
Limited access to personal data (only authorized personnel)

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6.3 Data Retention

We retain your purchase and event information for 7 years from the date of purchase to comply with tax and financial record-keeping requirements.

After this retention period, we will securely delete your personal information unless we are required by law to retain it longer.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 Rights Under GDPR (EEA Residents)

Right to Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your data (subject to legal retention requirements)
Right to Restrict Processing: Request limitation on how we use your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 Rights Under PIPEDA (Canadian Residents)

Right to access your personal information
Right to request correction of inaccurate information
Right to withdraw consent (where applicable)
Right to file a complaint with the Privacy Commissioner of Canada

7.3 Rights Under CCPA (California Residents)

Right to know what personal information we collect and how we use it
Right to request deletion of your personal information
Right to opt-out of the sale of personal information (Note: We do not sell personal information)
Right to non-discrimination for exercising your privacy rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at tickets@halfpastvibe.com. We will respond to your request within 30 days.

We may need to verify your identity before processing your request. We will never charge a fee for processing a legitimate privacy rights request.

8. Cookies and Tracking

8.1 Essential Cookies Only

We use minimal session cookies for:

Admin authentication: Cookies for event organizers to log into the admin panel

8.2 What We Don't Use

We do not use:

Analytics or tracking cookies
Advertising cookies
Social media cookies
Third-party tracking tools

Stripe may set cookies during the payment process. These are governed by Stripe's privacy policy.

9. International Data Transfers

As our servers are located in the United States, personal data from users in other countries is transferred to and processed in the United States.

For EEA residents: We rely on:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Appropriate safeguards to protect your personal data

Stripe's international data transfers are governed by their Data Processing Agreement and privacy policies.

10. Children's Privacy

Our service is not directed to children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at tickets@halfpastvibe.com so we can delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes, we will update the "Last Updated" date at the top of this policy. For significant changes, we may provide additional notice (such as a notice on our homepage).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bjornsoft
Email: tickets@halfpastvibe.com

For privacy-related inquiries, we aim to respond within 30 days.

This privacy policy is designed to comply with GDPR (EU), PIPEDA (Canada), CCPA (California), and general international privacy best practices.