Privacy Policy

1. Data Controller and Contact Information

For the purposes of applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, and equivalent national implementing legislation, RMJ FINTECH LTD, a Pennsylvania limited liability company doing business as Liventix, is the data controller in respect of personal information processed in connection with user accounts, event discovery, platform features, and marketing communications.

Where Liventix processes personal information of event attendees on behalf of Operators (event organizers) for the purposes of event management and fulfilment, Liventix acts as a data processor and the relevant Operator acts as the data controller for such processing. Operators are independently responsible for ensuring that their processing activities comply with applicable data protection law.

2. Categories of Personal Information Collected

3. Lawful Basis for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies to our processing of your personal information, we process personal information on the following lawful bases:

• Performance of a Contract (Article 6(1)(b) GDPR): Processing necessary to perform our contractual obligations to you, including creating and managing your account, processing ticket purchases, facilitating event participation, and processing Operator payouts.
• Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for our or a third party's legitimate interests, where such interests are not overridden by your rights and interests, including: fraud detection and prevention; security monitoring; improving and developing our Services; financial risk management; and enforcing our legal rights.
• Legal Obligation (Article 6(1)(c) GDPR): Processing necessary to comply with applicable law, including financial services regulations, AML/KYC requirements, tax reporting obligations, and data retention mandates.
• Consent (Article 6(1)(a) GDPR): Where we rely on your consent, including for marketing communications, analytics cookies, and targeted advertising. You have the right to withdraw consent at any time, as described in Section 8.
• Vital Interests (Article 6(1)(d) GDPR): In limited circumstances where processing is necessary to protect your vital interests or those of another person.

4. Purposes of Processing

We use the personal information we collect for the following purposes:

• Creating, administering, and securing your account and authenticating your identity;
• Processing ticket purchases, payments, and refunds, and providing transaction confirmations;
• Facilitating event discovery, ticketing, attendance management, and post-event communications;
• Processing Operator payouts, managing reserve holds, and assessing financial and credit risk;
• Conducting AML, KYC, CTF, and sanctions screening in compliance with applicable financial regulations;
• Personalising your experience and delivering content and event recommendations based on your interests and location;
• Helping you discover and connect with contacts who are already on Liventix, if you choose to use the optional Find Friends feature;
• Communicating with you about transactions, account updates, service changes, and (with your consent) marketing and promotional materials;
• Detecting, investigating, and preventing fraudulent transactions, account abuse, and security incidents;
• Complying with applicable laws, regulations, court orders, and government or regulatory requests;
• Enforcing our Terms of Service and other applicable policies;
• Resolving disputes and processing appeals and complaints;
• Analysing usage patterns and platform performance to maintain and improve the Services; and
• In connection with any proposed or actual merger, acquisition, sale of assets, or restructuring of Liventix's business.

5. Disclosure of Personal Information

We do not sell personal information to third parties. We may disclose your personal information to the following categories of recipients for the purposes set out in this Policy:

• Event Operators: When you purchase a ticket or register for an event, we share necessary attendee information (including name, contact details, and ticket details) with the relevant Operator to facilitate event administration and access control. Operators are contractually required to process such data in compliance with applicable data protection law and solely for purposes related to the event.
• Payment Processors (PayPal): We share financial and transaction data with PayPal, Inc. and its affiliates to process payments, manage payouts, conduct fraud and risk analysis, and comply with financial regulatory requirements. PayPal's use of personal data is governed by PayPal's own Privacy Policy.
• Service Providers and Sub-processors: We engage third-party service providers to perform services on our behalf, including: cloud infrastructure (Supabase); video hosting (Mux); mapping services (Mapbox); analytics (PostHog); push notifications; customer support; identity verification; and credit/risk assessment. Such providers are contractually bound to process personal data only as directed by Liventix and in accordance with applicable law.
• Legal and Regulatory Authorities: We may disclose personal information to governmental, regulatory, judicial, or law enforcement authorities where required by applicable law, regulation, court order, or valid legal process, or where we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Liventix, our users, or the public.
• Financial and Compliance Authorities: We may disclose information to tax authorities, financial regulators, sanctions bodies, and AML/KYC compliance authorities where required by applicable financial regulation or applicable law.
• Business Transfers: In the event of a proposed or completed merger, acquisition, corporate reorganisation, or sale of all or substantially all of Liventix's assets, personal information may be disclosed to prospective or actual acquirers and their advisers, subject to appropriate confidentiality obligations. We will notify you in accordance with applicable law if such a transfer materially changes how your information is processed.
• With Your Consent: We may disclose information to third parties where you have given your explicit consent to such disclosure.

6. Cookies and Tracking Technologies

We use cookies, pixel tags, web beacons, local storage, and similar tracking technologies to operate and improve the Services, personalise your experience, and, where you have consented, to deliver targeted advertising and analytics. The categories of cookies we use are as follows:

• Strictly Necessary Cookies: These cookies are essential for the operation of the Services and cannot be disabled. They include cookies for user authentication, session management, security, and core platform functionality.
• Analytics Cookies: With your consent, we use analytics tools including PostHog to collect aggregated information about how users interact with the Services, enabling us to measure performance and make improvements. Analytics cookies are only placed where you have provided consent through our cookie consent banner.
• Marketing and Advertising Cookies: With your consent, we may place cookies or allow third parties to place cookies that enable us to deliver relevant advertising and promotional content based on your interests. You may withdraw your consent at any time through the cookie preference centre accessible via the Services.

You may manage your cookie preferences through our in-app cookie consent banner. You may also control cookies through your browser settings; however, disabling certain cookies may impact the functionality of the Services. For EU/UK users, we obtain explicit consent prior to placing non-essential cookies.

Do Not Track: Some browsers offer a "Do Not Track" (DNT) signal. The Services do not currently respond to DNT signals, as no universally accepted standard for honouring such signals has been established. You may use our cookie consent banner to control non-essential tracking.

7. International Data Transfers

Liventix is headquartered in the United States, and your personal information may be transferred to, stored in, and processed in the United States and other countries whose data protection laws may differ from those of your country of residence.

Where we transfer personal information from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed adequate by the European Commission or applicable supervisory authorities, we rely on appropriate safeguards, including: (a) Standard Contractual Clauses (SCCs) approved by the European Commission; (b) the UK International Data Transfer Agreement or UK Addendum; or (c) other lawful transfer mechanisms under applicable data protection law.

You may request further information about the transfer mechanisms we rely upon by contacting us at privacy@liventix.app.

8. Your Data Subject Rights

Subject to applicable law and certain limitations, you may have the following rights in respect of your personal information:

• Right of Access (Article 15 GDPR; CCPA § 1798.100): The right to obtain confirmation of whether we process your personal information and to receive a copy of such information.
• Right to Rectification (Article 16 GDPR): The right to request correction of inaccurate or incomplete personal information. Many data points can be updated directly through your account settings.
• Right to Erasure / "Right to Be Forgotten" (Article 17 GDPR; CCPA § 1798.105): The right to request deletion of your personal information in certain circumstances. You may exercise this right directly by deleting your account (see below) or by contacting us.
• Right to Restriction of Processing (Article 18 GDPR): The right to request that we restrict processing of your personal information in certain circumstances.
• Right to Data Portability (Article 20 GDPR): The right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to Object (Article 21 GDPR): The right to object to processing of your personal information where we rely on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (for EEA/UK users, the relevant Data Protection Authority) if you believe that our processing of your personal information infringes applicable data protection law.
• California Residents — CCPA Rights: California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to opt out of the sale or sharing of personal information, the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising CCPA rights. We do not sell or share personal information as defined by the CCPA.

To exercise any of the above rights (other than account deletion), please submit a written request to privacy@liventix.app. We will respond to verified requests within thirty (30) days (or such period as required by applicable law). We may require verification of your identity before fulfilling your request.

9. Data Security

We implement and maintain appropriate technical, administrative, and organisational security measures designed to protect personal information against unauthorised access, accidental or unlawful destruction, loss, alteration, disclosure, or other forms of unlawful processing. These measures include, but are not limited to: encryption of data in transit (TLS) and at rest; role-based access controls; multi-factor authentication for privileged access; penetration testing and vulnerability management; and security incident response procedures.

Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and accept no liability for unauthorised access or loss of personal information beyond what is required by applicable law. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you in accordance with our legal obligations and applicable supervisory authority requirements.

10. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, and reporting obligations, to resolve disputes, and to enforce our agreements. Our key retention periods are as follows:

• Account data: retained for the duration of your account and purged upon confirmed account deletion, subject to legal retention requirements;
• Transaction and financial records: retained for a minimum of seven (7) years following the transaction date, or such longer period as required by applicable tax and financial regulation;
• Operator financial and risk data: retained for as long as necessary to manage payout obligations, satisfy regulatory requirements, and resolve disputes, which may extend beyond the closure of an Operator account;
• Legal hold data: data subject to a legal hold, litigation, or regulatory investigation is retained until such matter is finally resolved; and
• Marketing data: retained until you withdraw consent or opt out of marketing communications, following which it will be suppressed or deleted within a reasonable period.

Upon expiry of the applicable retention period, personal information is securely deleted or irreversibly anonymised.

11. Children's Privacy

The Services are not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13). If you are under thirteen years of age, you must not use or access the Services. If we become aware that we have inadvertently collected personal information from a child under thirteen without verified parental consent, we will take prompt steps to delete such information from our systems. If you believe we have collected personal information from a child under thirteen, please contact us immediately at privacy@liventix.app.

12. Third-Party Links and Services

The Services may contain links to, or integrate with, third-party websites, applications, and services that are not operated or controlled by Liventix. This Policy does not apply to third-party services, and we are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of each third-party service you access. Our key third-party service providers and their applicable policies include: PayPal (payments), Supabase (infrastructure), Mux (video), Mapbox (mapping), and PostHog (analytics).

13. Changes to This Privacy Policy

We reserve the right to update or modify this Policy at any time. We will post the revised Policy to this page and update the "Effective Date" and "Last updated" dates. For material changes, we will provide notice to registered users via email or in-app notification at least fourteen (14) days before the changes take effect, or such longer period as required by applicable law. Your continued use of the Services after the effective date of any updated Policy constitutes your acceptance of the revised terms. If you do not agree to any updated Policy, your sole remedy is to discontinue use of the Services and delete your account.

14. Automated Decision-Making and AI Features

Liventix uses automated systems and artificial-intelligence-assisted tools to improve your experience on the platform. Specifically:

• Event and content recommendations: We use algorithmic ranking to suggest events, organizers, and content that may interest you, based on your browsing history, ticket purchases, location, and stated preferences. These recommendations are generated automatically and do not produce legal or similarly significant effects.
• Fraud and risk signals: Automated checks are applied at checkout and account-creation to detect suspicious activity. These checks may result in a transaction being flagged for review or declined. You have the right to request human review of any such decision by contacting us at support@liventix.app.
• Communications assistance: AI-assisted tools may be used internally to draft or moderate platform communications; no fully automated messages are sent to you without human oversight.

We do not use your personal data to make decisions that produce legal effects or that significantly affect you in a solely automated manner, beyond the fraud and risk checks described above. If you have questions about how automated systems have affected you, please contact our Privacy team.

15. Contact and Complaints

If you have any questions, concerns, or complaints regarding this Policy or our data processing practices, or if you wish to exercise any of your data subject rights, please contact us using the details below. We are committed to resolving complaints and will endeavour to respond promptly and in accordance with applicable law.

EEA and UK residents who are not satisfied with our response have the right to lodge a complaint with their local supervisory authority (e.g., the Information Commissioner's Office (ICO) in the UK, or the relevant EU Data Protection Authority).