R
Rhesia
ShowsEventsPrivacy PolicyCookie Policy

Privacy Policy

GDRP / CCPA COMPLIANTLast Updated: March 10, 2026

1. DATA CONTROLLER

Rhesia is the data controller for the personal information collected through the Platform. We are committed to protecting the privacy of our Users and Attendees. This policy outlines how we handle data to provide a secure and efficient ticketing experience.

2. INFORMATION WE COLLECT

We collect personal information through your interaction with our Platform, divided into the following categories:

Identifiable Data

  • Full Name & Title
  • Email Address
  • Billing & Delivery Address
  • Phone Number
  • Profile Photo (optional)

Technical Data

  • IP Address & Location
  • Device ID & Browser Type
  • Booking History
  • Payment Method Tokens
  • Interactions with Venue Maps

3. HOW WE USE YOUR DATA

  • Booking Fulfillment: To process payments and deliver digital tickets to your device.
  • Fraud Prevention: To detect and prevent scalping, bot activity, and unauthorized chargebacks.
  • Event Logistics: Sharing your name and contact details with Event Organizers for entry management and safety purposes (e.g., contact tracing or age verification).
  • Personalization: Recommending events based on your browsing history and geographic location.
  • Communication: Sending transaction receipts, event updates, and, where consented, marketing communications.

4. DATA SHARING & THIRD PARTIES

We do not sell your personal data to third parties. However, we share data with:

  • Organizers: The entity hosting your event receives your identification for the purpose of valid ticket redemption.
  • Payment Processors: Stripe, Rhesia Wallet, and other gateway providers handle your financial details via encrypted protocols. We never store raw credit card numbers.
  • Compliance: Law enforcement or regulatory bodies when required by legal processes or to protect the safety of the public.

5. YOUR RIGHTS

Depending on your location (e.g., EU, UK, California), you have significant rights regarding your data:

Right to Access

Request a copy of all personal data we hold about you.

Right to Erasure

Request that we delete your account and associated data.

Right to Correct

Update inaccurate or incomplete information in your profile.

Right to Object

Withdraw consent for marketing and behavioral tracking.

6. DATA SECURITY

We implement industry-standard AES-256 encryption for data at rest and TLS 1.3 for data in transit. While we strive for absolute security, no system is 100% impenetrable. We maintain a comprehensive Breach Response Plan to notify users within 72 hours of any suspected compromise.

Privacy Office

To exercise your data rights or report a vulnerability:
[email protected]