Early AccessJoin PaySeats early and enjoy exclusive launch terms for your space 

Trust Center

Privacy Policy

Last Updated: February 8, 2026

1. General Information

In accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), this Privacy Policy describes how your personal data is processed by PaySeats.

Data Controller:

  • Company Name: PaySeats Europe SL
  • Tax ID (NIF): B22704407
  • EU VAT ID: ESB22704407
  • Registered Address: Calle Camí d'es Castell 261, 2º 3ª, 07702 Mahón, Balearic Islands, Spain
  • Contact Email: [email protected]
  • Data Protection Contact: [email protected]

PaySeats acts as a controller for data processed to operate the platform and manage accounts. Where we process Attendee data on behalf of Organizers, we act as a data processor and the Organizer is the controller. For details, see our Data Processing Addendum (DPA).

2. Categories of Personal Data We Process

2.1. For Organizers

  • Identity Data: Full name or business name, fiscal address, country of residence, and VAT ID (if applicable).
  • Contact Data: Email address and phone number.
  • Payment Data: Bank account details for payouts are handled by the Payment Partner. PaySeats receives limited status information (for example, payout status and account verification state) to provide support.
  • Technical Data: IP addresses, device and browser information, logs, activity metadata, and platform usage data.

2.2. For Attendees

  • Identity Data: Full name.
  • Contact Data: Email address.
  • Transaction Data: Purchase information (event, date, ticket type) and any data voluntarily shared during checkout.

An Attendee's email address is used to deliver tickets and operational communications about the purchased event (for example, changes or cancellations). Marketing communications are only sent with explicit consent.

2.3. Support and Communications

  • Support Data: Messages, attachments, and metadata submitted through the Support Ticket System.
  • Communication Preferences: Opt-in or opt-out status for marketing communications.

3. Purposes for Processing Your Data

We use your data for the following purposes:

3.1. Service Provision

To create and manage Organizer accounts, process ticket sales, facilitate event management, and send operational communications essential for the service.

3.2. Legal Compliance

To comply with legal obligations regarding taxation, accounting, fraud prevention, and to respond to requests from competent authorities.

3.3. Security and Fraud Prevention

To protect the platform, prevent abuse, and investigate suspicious activity.

3.4. Marketing Communications

Only with your explicit consent, we will send you information about our products, news, or promotions. These campaigns are managed via third-party providers acting as data processors, who cannot use your data for their own purposes.

3.5. Service Improvement

To perform aggregated and anonymous usage analysis, gather statistics, and conduct satisfaction surveys that help us develop new features and improve the platform.

3.6. Account Management Experience

To provide a seamless user experience, we process data from Guest Checkouts to allow users to later create a full account and access past order history without creating duplicate records.

4. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Performance of a contract with you (Art. 6.1.b GDPR).
  • Compliance with a legal obligation (Art. 6.1.c GDPR).
  • Your explicit consent for specific purposes, such as marketing communications (Art. 6.1.a GDPR).
  • Our legitimate interest in ensuring platform security, preventing fraud, and improving our services (Art. 6.1.f GDPR).

5. Data Retention Period

We retain data for as long as necessary to provide the service and comply with legal obligations:

  • Organizer Data: Retained for the duration of the account and for required legal retention periods after closure.
  • Attendee Data: Guest checkout records are retained until the event concludes and for subsequent legal requirements (for example, tax and accounting obligations). If a guest record is converted into a full account, retention follows the active account policy.
  • Suspended or Investigated Accounts: If an account is under review for fraud, disputes, or legal obligations, data may be retained longer to protect users and comply with law.

Once retention periods end, data is deleted or anonymized.

6. Recipients and Data Processors

We do not sell your data. We only share it with service providers who help us operate, under strict data processing agreements:

  • Payment Partners (for example, Stripe): To handle payments and payouts. The Payment Partner may act as an independent controller for regulatory compliance (KYC/AML).
  • Cloud Infrastructure: DigitalOcean (hosting of the platform and databases).
  • Email Delivery: Resend (transactional emails) and EmailOctopus (marketing or launch communications).
  • Support and Communication Tools: For managing support tickets and customer communications.
  • Analytics and Monitoring (if enabled and with consent): To measure performance and improve the Service.

7. International Data Transfers

Some providers may be located outside the European Economic Area (EEA). In such cases, we ensure that international data transfers are carried out using the European Commission's Standard Contractual Clauses (SCCs) or other appropriate safeguards.

8. Your Rights and Choices

You may at any time exercise your rights of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection, and you have the right not to be subject to automated individual decision-making.

You can exercise your rights by sending an email to our Data Protection Contact at [email protected]. We may ask you to verify your identity to protect your data. If we cannot verify your identity, we may be unable to fulfill the request.

Withdrawing consent will not affect lawful processing already performed, but it may limit certain features (for example, marketing communications or optional analytics).

9. Data Security

We implement technical and organizational measures to protect your data, such as encryption of information in transit and at rest, strict access controls, backup protocols, and business continuity plans. In the event of a security breach, we will notify affected users and the competent supervisory authority within 72 hours when required by law.

10. Minors

Our services are not intended for children under the age of 16. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete that information.

11. Changes to this Policy

We may amend this policy in the future. We will notify you of any substantial changes at least 30 days in advance via the platform or by email.

12. Supervisory Authority

If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at http://www.aepd.es or the data protection authority in your EU country of residence.