Privacy Policy

This Privacy Policy explains how DayOf, Inc. ("DayOf," "we," "us," or "our") collects, uses, shares, and protects personal information when you use the DayOf consumer website, purchase tickets or other access products through a DayOf-powered checkout, receive digital tickets, communicate with us, or use the DayOf Crew mobile app as invited event staff.

DayOf provides the customer-facing storefront, checkout, ticket delivery, and staff operations tooling for venues, promoters, organizers, artists, brands, and other event partners. An event organizer or venue may also have its own privacy policy that applies to the event, venue, or other services it controls.

Depending on how you interact with DayOf, we may collect:

• Account and contact information, such as your name, email address, phone number, and any information you provide when creating an account, checking out, signing in, joining a waitlist, or contacting support.
• Transaction and ticket information, such as the events, products, quantities, pricing, discounts, taxes, service fees, receipts, ticket identifiers, pass delivery details, and order history associated with your purchase.
• Staff account and access information, such as invited-staff status, organization membership, role assignments, and venue selection data needed to operate DayOf Crew.
• Payment-related information needed to complete a purchase, such as billing name, billing email, billing phone number, payment processor responses, and limited card metadata. Payment card details are processed by Stripe and are not fully visible to or stored by DayOf.
• Verification and security information, such as one-time passcode (OTP) requests, verification status, session tokens, IP address, browser or device information, user agent, and anti-fraud or abuse prevention logs.
• Crew operational data, such as ticket scans, scan results, token or ticket identifiers, attendee lookup activity, and other audit data needed for venue entry and event operations.
• Offline sync and device data used by DayOf Crew, such as attendee names, contact details, ticket and order data, device identifiers, error diagnostics, and performance traces needed to support offline scanning and operational troubleshooting.
• Usage and analytics information, such as pages viewed, referring URLs, event or product interactions, approximate location inferred from IP address, cookie or local storage identifiers, session identifiers, attribution or affiliate parameters, and product reliability metrics.
• Communications information, including support messages and delivery, open, click, or response data for transactional or marketing emails and SMS messages that we send or that are sent on our behalf.

DayOf Crew also requests camera access so invited staff can scan QR codes and related access media. The Crew app does not require access to your contacts, photo library, or precise GPS location to perform its core scanning workflow.

We use personal information to:

• Provide the DayOf website, checkout, ticket delivery, and account features.
• Process orders, collect payment, send receipts, and support refunds or chargeback defense.
• Authenticate invited staff, apply organization and venue access, and operate DayOf Crew.
• Verify identity, prevent fraud, detect abuse, and protect users, venues, and event partners.
• Operate digital ticketing, ticket scanning, attendee lookup, Apple Wallet or pass delivery, and related access-control features.
• Generate audit trails for venue operations, dispute handling, security review, and operational accountability.
• Respond to support requests, troubleshoot issues, and improve reliability and performance.
• Measure conversions, attribution, and product usage, and improve our services and event discovery experience.
• Send transactional communications and, where allowed, promotional messages or product updates.
• Comply with law, enforce our Terms of Service, and protect our rights and the rights of others.

DayOf uses cookies, local storage, and similar technologies to keep you signed in, maintain session state, measure product usage, attribute purchases to campaigns or affiliates, and improve site performance.

• Authentication and session cookies used to keep you logged in.
• Analytics identifiers used to understand how customers navigate and purchase.
• Attribution cookies or parameters used to credit campaigns, affiliates, or referrals.
• Preference storage used to support core checkout and account experiences.
• Secure device storage in DayOf Crew used to keep staff session data available on device.
• An encrypted local database in DayOf Crew that stores operational data needed for offline scanning and sync recovery.

You can control browser cookies through your browser settings, but disabling some cookies or local storage may cause portions of the site or checkout flow to stop working correctly. DayOf Crew relies on secure local storage and offline data storage to keep scanning working when connectivity is limited or unavailable.

We may share personal information with:

• Event partners, such as organizers, venues, promoters, and brands, to operate the event, validate access, deliver customer support, and manage refunds, disputes, or event communications.
• Payment providers and financial service providers, including Stripe, card networks, connected accounts, and fraud-prevention tools, to process payments and manage payment-related risk.
• Service providers that help us host, operate, analyze, monitor, or communicate through our services, including cloud hosting, database, authentication, offline sync, analytics or observability, customer messaging, and email or SMS delivery providers.
• Professional advisers, auditors, insurers, regulators, law enforcement, or parties to a legal process when disclosure is required or appropriate.
• A purchaser, investor, or successor in connection with a merger, acquisition, financing, bankruptcy, or sale of business assets.

Service providers that process personal information on our behalf are expected to use it only for the services they provide and to protect it with reasonable and appropriate safeguards.

We do not sell your personal information for money. We also do not use DayOf Crew operational data for third-party advertising.

We retain personal information for as long as reasonably necessary for the purposes described in this policy, including to complete transactions, provide support, maintain security logs, and comply with legal, tax, accounting, and chargeback obligations.

If you request account deletion, we will delete or anonymize personal information we are not required to keep. We may retain information needed to document completed transactions, comply with legal, accounting, tax, payment-network, chargeback, fraud-prevention, support, security, or operational obligations, or defend legal claims.

• Account and profile information is generally retained while your account remains active.
• Order, payment, tax, and refund records may be retained for up to seven years or longer if required by law.
• Support records, fraud-prevention records, and dispute-related records may be retained as long as reasonably necessary to resolve issues, defend claims, or comply with legal obligations.
• Security and verification logs are kept as long as reasonably needed to investigate fraud, abuse, or operational issues.
• Operational scan and audit records may be retained as needed for venue security, dispute handling, operational accountability, and legal compliance. Where appropriate, those records may be disassociated from a deleted user while the operational record is retained.
• Analytics and attribution data may be kept for shorter periods or aggregated so it no longer identifies you.
• Data cached on a DayOf Crew device may remain on the device as long as it is needed for offline operation, sync recovery, or app lifecycle management.

We use administrative, technical, and physical safeguards designed to protect personal information, including HTTPS/TLS in transit, access controls, and security monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Payment information is processed securely by Stripe, our payment processor. Stripe is a PCI-compliant payment provider. DayOf does not store your full payment card number, full card verification code, or similar sensitive authentication data.

Access to DayOf Crew operational data is tied to invited-staff access, organization membership, and venue context. We limit access based on the operational role needed to perform the service.

Subject to applicable law, you may have the right to:

• Access, correct, or update certain account or profile information.
• Request deletion of personal information that we no longer need. When you delete your account, some records may still be retained if required for legal, financial, dispute, security, support, or operational reasons.
• Opt out of marketing emails by using the unsubscribe link or by contacting us.
• Withdraw consent for marketing SMS where offered by replying STOP or contacting us.
• Ask questions about how we process personal information or request a copy of this policy.

If you use DayOf Crew, you can also revoke app permissions, including camera access, through your device settings. Revoking camera access will prevent scanning features from working.

If you use DayOf Crew, you can also initiate account deletion from the app's account screens. Some records may still be retained as described in the Data retention section above.

If you use DayOf Crew through an employer, venue, or event partner, that organization may control your staff access and operational role. You may need to work with your organization administrator as part of an access or deletion request.

To make a privacy request, email support@dayof.ai with "Privacy Request" in the subject line.

DayOf is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through these Services. If you believe a child has provided personal information to us, please contact us so we can review and address the issue.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and may provide additional notice where appropriate.

If you have questions about this Privacy Policy or our privacy practices, contact DayOf, Inc. at support@dayof.ai or visit https://dayof.ai.