Privacy Policy

PassAfrik Technologies Ltd ("PassAfrik", "we", "our", or "us") operates the PassAfrik platform — a cross-border events ticketing marketplace serving attendees and organizers across Africa. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you hold over your information. By accessing or using PassAfrik, you agree to the practices described in this policy.

1. Who We Are
2. Data We Collect
3. How We Use Your Data
4. Legal Bases for Processing
5. Data Sharing and Disclosure
6. International Data Transfers
7. Data Retention
8. Cookies and Tracking Technologies
9. Security
10. Your Rights
11. Children's Privacy
12. Third-Party Links
13. Changes to This Policy
14. Contact Us

1. Who We Are

PassAfrik is operated by PassAfrik Technologies Ltd, incorporated in Nigeria with registered offices at Lagos, Nigeria. We are the data controller for personal data collected through the PassAfrik website, mobile-optimised web application, and associated APIs. For data protection enquiries, contact our Privacy Team at [email protected].

2. Data We Collect

We collect personal data in three ways: information you provide directly, information generated automatically when you use the platform, and information received from third parties.

Category	Examples	Source
Account Data	Name, email address, profile photo, preferred language	You, at registration
Identity & Verification	Government ID (for organizer verification only), phone number	You, on request
Transaction Data	Booking reference, ticket tier, amount paid, currency, payment method type	You, at checkout
Payment Instrument Data	Card last-four digits, billing country (full card numbers are never stored — processed by Stripe or NOWPayments)	Payment processors
Event Data	Events created, ticket tiers configured, promo codes, payout bank details	Organizers
Usage Data	Pages visited, search queries, click events, session duration, device type	Automatically
Location Data	Country inferred from IP address; precise location only if you grant permission	Automatically / You
Communications	Support messages, feedback, organizer applications	You
Security Data	Login timestamps, IP addresses, 2FA status, failed login attempts	Automatically

3. How We Use Your Data

We use your personal data only for the purposes for which it was collected or for compatible purposes. The primary uses are set out below.

Platform Operation: Creating and managing your account, processing bookings, issuing tickets (QR code or virtual access link), and facilitating ticket transfers.
Payments and Payouts: Processing payments via Stripe and NOWPayments, calculating and applying platform fees, and disbursing payouts to organizers.
Communications: Sending booking confirmations, e-tickets, event reminders, transfer notifications, and account security alerts. You may opt out of marketing emails at any time.
Safety and Fraud Prevention: Detecting and preventing fraudulent bookings, account takeovers, and abuse of the platform.
Analytics and Improvement: Understanding how the platform is used in aggregate to improve features, fix bugs, and personalise your experience.
Legal Compliance: Meeting obligations under applicable laws, responding to lawful requests from public authorities, and resolving disputes.

4. Legal Bases for Processing

Where the Nigeria Data Protection Act 2023 (NDPA), the Kenya Data Protection Act 2019, the South Africa POPIA, or the EU/UK GDPR applies to your use of the platform, we rely on the following legal bases:

Legal Basis	When We Rely on It
Contract performance	Processing your booking, issuing tickets, facilitating payouts
Legitimate interests	Fraud prevention, platform security, aggregate analytics, improving features
Legal obligation	Tax records, responding to court orders, anti-money-laundering checks
Consent	Marketing emails, optional cookies, precise location data

5. Data Sharing and Disclosure

We do not sell your personal data. We share it only in the following circumstances:

Event Organizers: When you purchase a ticket, the organizer receives your name, email address, and booking reference to manage attendance and communicate event updates.
Payment Processors: Stripe (card payments) and NOWPayments (cryptocurrency) receive the data necessary to process your transaction. Both are PCI-DSS compliant.
Service Providers: Hosting infrastructure (cloud servers), email delivery (Resend), and analytics tools operate under data processing agreements that restrict them to acting on our instructions only.
Legal Authorities: We disclose data when required by law, court order, or to protect the rights, property, or safety of PassAfrik, our users, or the public.
Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, subject to equivalent privacy protections.

6. International Data Transfers

PassAfrik operates across 54 African countries and uses cloud infrastructure that may store data in data centres outside your country of residence. Where data is transferred outside the originating jurisdiction, we ensure appropriate safeguards are in place — including standard contractual clauses, adequacy decisions, or equivalent mechanisms recognised by the applicable data protection authority. By using PassAfrik from any country, you acknowledge that your data may be processed in Nigeria and in the countries where our service providers operate.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.

Data Type	Retention Period
Account data	Duration of account + 2 years after deletion request
Booking and ticket records	7 years (tax and audit obligations)
Payment transaction records	7 years (financial regulation)
Security logs (login, 2FA)	12 months
Marketing consent records	Until consent is withdrawn + 3 years
Support communications	3 years from last contact

8. Cookies and Tracking Technologies

PassAfrik uses session cookies to maintain your authenticated state and functional cookies to remember your language preference. We use analytics cookies (first-party only) to understand aggregate usage patterns. We do not use third-party advertising cookies or sell data to ad networks. You can control cookies through your browser settings; disabling session cookies will prevent you from logging in.

9. Security

We implement industry-standard technical and organisational measures to protect your personal data, including TLS encryption in transit, hashed passwords, optional two-factor authentication, rate limiting on authentication endpoints, and automated suspicious-activity detection. No system is completely secure; if you believe your account has been compromised, contact us immediately at [email protected].

10. Your Rights

Depending on your country of residence, you may have the following rights regarding your personal data. To exercise any of these rights, email [email protected]. We will respond within 30 days.

Right	What It Means
Access	Request a copy of the personal data we hold about you.
Rectification	Ask us to correct inaccurate or incomplete data.
Erasure	Request deletion of your data where there is no lawful reason to retain it.
Restriction	Ask us to pause processing while a dispute is resolved.
Portability	Receive your data in a structured, machine-readable format.
Objection	Object to processing based on legitimate interests, including direct marketing.
Withdraw Consent	Withdraw any consent you have given at any time, without affecting prior processing.

11. Children's Privacy

PassAfrik is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.

12. Third-Party Links

The PassAfrik platform may contain links to third-party websites, social media profiles, or streaming services (for virtual events). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any external sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page. Continued use of PassAfrik after the effective date constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

PassAfrik Technologies Ltd

Lagos, Nigeria

Email: [email protected]

You also have the right to lodge a complaint with the data protection authority in your country of residence, such as the Nigeria Data Protection Commission (NDPC), the Office of the Data Protection Commissioner (Kenya), or the Information Regulator (South Africa).

View Terms of Service →← Back to Home

Table of Contents