EVENTLINQS

LEGAL

Privacy Policy

Last updated 15 April 2026

Introduction

EventLinqs is operated by Lawal Adams (trading as EventLinqs, ABN 30 837 447 587), based in Melbourne, Victoria, Australia. We build technology that connects event organisers and attendees. We take the trust you place in us seriously.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have over your data. It applies to everyone who uses the EventLinqs platform, including the website at eventlinqs.com, our mobile experience, and any related services. By using EventLinqs, you agree to the practices described here.

We are committed to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you have questions at any point, contact us at privacy@eventlinqs.com.

Information We Collect

We collect information in the following categories:

  • Account data. When you create an account, we collect your name, email address, and optionally your phone number and profile photo. Organisers also provide their organisation name and bank account details for payouts.
  • Transaction data. When you purchase a ticket, we record the event, ticket tier, quantity, price paid, and transaction reference. All card payments are processed directly by Stripe. We never see or store your card number, CVV, or full card details.
  • Event attendance data. We record which events you have attended or purchased tickets for, including scan timestamps when your QR ticket is validated at the door.
  • Device and usage data. When you browse EventLinqs, we automatically collect your IP address, browser type, device type, operating system, and the pages you visit. This helps us understand how the platform is being used and diagnose technical problems.
  • Communications. If you contact us via email, our contact form, or social media, we retain those communications to help us respond and improve our support quality.
  • Cookies. See the Cookies and Tracking section below.

How We Use Your Information

We use the information we collect to:

  • Deliver your tickets and send purchase confirmations and QR codes by email.
  • Process payments and handle refunds through our payment partners.
  • Send event reminders, updates, and essential service notifications.
  • Personalise your experience by recommending events based on your location and past attendance, with your consent.
  • Improve the platform by understanding what works and what doesn't through aggregated usage analytics.
  • Comply with legal obligations, including tax record-keeping under Australian law and responding to lawful government requests.
  • Prevent fraud by detecting abnormal purchasing patterns, bot activity, and ticket scalping.

We will not use your information for automated decision-making that has significant legal or financial consequences without obtaining your explicit consent first.

Cookies and Tracking

We use three categories of cookies. You can manage your preferences via our cookie settings, accessible from the footer of any page.

  • Essential cookies (always active). These are required for the platform to function. They include your session token (so you stay logged in), your shopping cart state, and security tokens. You cannot opt out of these while using the service.
  • Analytics cookies(opt-out available). We use PostHog to understand how visitors navigate EventLinqs: which pages are popular, where people drop off in checkout, and how features are used. This data is aggregated and never sold. You can opt out in your account settings or via your browser's Do Not Track setting.
  • Marketing cookies (opt-in only). We only place marketing or retargeting cookies if you explicitly consent. These allow us to show you relevant EventLinqs content on other platforms. We do not enable these by default.

Third Parties Who Receive Your Data

We share your data only with service providers necessary to run the platform. We do not sell your data to advertisers, data brokers, or any third party.

  • Stripe:payment processing. Your card details go directly to Stripe's PCI-compliant infrastructure. Stripe's privacy policy governs how they handle payment data.
  • Supabase:our database and authentication provider. Your account data and transaction records are stored in Supabase's infrastructure.
  • Resend: email delivery. Your email address and ticket details are passed to Resend to send transactional emails (purchase confirmations, QR codes, reminders).
  • Vercel:web hosting. Your IP address and request data pass through Vercel's infrastructure as a normal part of web hosting.
  • Upstash: caching. Anonymised session data and inventory snapshots are cached via Upstash Redis to improve performance.

We require all service providers to maintain appropriate security standards and to use your data solely to provide services to EventLinqs.

International Data Transfers

EventLinqs is based in Australia, but some of our infrastructure providers store and process data on servers located in the United States and the European Union. When your data is transferred internationally, we rely on:

  • Standard contractual clauses approved by relevant data protection authorities.
  • The providers' own compliance frameworks: Stripe (PCI DSS), Supabase (SOC 2), and Vercel (ISO 27001) each maintain robust security certifications.

We take all reasonable steps to ensure that cross-border transfers of your personal information comply with the Australian Privacy Act.

Data Retention

We retain your data for the following periods:

  • Account data: retained while your account is active. If you close your account, we delete identifiable account data within 90 days, subject to the exceptions below.
  • Financial records: retained for 7 years after the transaction date, as required by Australian tax law (ATO record-keeping obligations).
  • Event attendance data: retained for 3 years to support fraud prevention and dispute resolution.
  • Marketing preferences: retained until you withdraw consent or close your account, whichever comes first.

Your Rights

Under the Australian Privacy Act and, where applicable, the GDPR, you have the following rights:

  • Access. You can request a copy of the personal information we hold about you.
  • Correction. If your information is inaccurate or incomplete, you can ask us to correct it, or update it directly in your account settings.
  • Deletion. You can request deletion of your account and associated data, subject to our legal retention obligations.
  • Portability. You can request a machine-readable copy of your data to transfer to another service.
  • Withdrawal of consent. Where processing is based on your consent (e.g. marketing emails), you can withdraw that consent at any time via your account settings or by emailing us.
  • Complaint. If you believe we have mishandled your data, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, contact us at privacy@eventlinqs.com. We will respond within 30 days.

Children

EventLinqs is not intended for children under the age of 16. We do not knowingly collect personal information from anyone under 16 without verified parental or guardian consent. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@eventlinqs.com and we will delete the information promptly.

Security

We take the security of your personal information seriously. Our measures include:

  • Encryption in transit. All data between your browser and EventLinqs is transmitted over HTTPS with TLS 1.2 or higher.
  • Encryption at rest. Your data is encrypted at the database level by Supabase using AES-256.
  • Row-level security. Our database enforces strict access control policies. Your data is only accessible to you and explicitly authorised platform functions.
  • PCI compliance. All card payment data is handled exclusively by Stripe, who maintain PCI DSS Level 1 compliance. We never touch your raw card details.

Despite these measures, no internet transmission is completely secure. If you believe your account has been compromised, contact us immediately.

Contact

For all privacy-related enquiries, requests, or complaints, please contact us:

We aim to respond to all privacy requests within 30 days. For urgent matters, please mark your subject line URGENT: Privacy.