GDPR and Ticket Spot
Last updated June 9, 2026
Ticket Spot is committed to protecting personal information and helping event organizers comply with applicable privacy laws, including the European Union's General Data Protection Regulation ("GDPR").
This page explains how Ticket Spot approaches GDPR and how organizers can use our platform responsibly.
Ticket Spot's Approach to GDPR
We have implemented policies, procedures, and technical safeguards designed to support compliance with applicable privacy laws.
Our legal documents provide additional information regarding how we process personal information:
- Privacy Policy
- Terms of Service
- Cookie Policy
Who Owns Attendee Data?
When organizers use Ticket Spot to sell tickets and collect attendee information, the organizer generally controls how and why attendee information is collected and used.
As a result:
- Organizers are generally considered the "data controllers" of attendee information collected through their events.
- Ticket Spot generally acts as a "data processor", processing attendee information on behalf of organizers in order to provide ticketing and event management services.
This means that organizers remain responsible for complying with applicable privacy laws relating to their attendees.
Ticket Spot Does Not Market Directly to Attendees
Ticket Spot does not use attendee information collected through organizer events to send Ticket Spot marketing communications to attendees.
Attendee information is processed solely to provide and improve the Services, fulfill our contractual obligations, maintain security, comply with legal requirements, and support organizers in delivering their events.
Organizers Control Their Attendee Relationships
Organizers retain control over attendee information associated with their events.
Subject to applicable laws and the functionality of the Services, organizers may:
- export attendee data;
- communicate with attendees;
- respond to attendee requests;
- manage attendee registrations;
- update or remove attendee information where appropriate.
Organizers are responsible for ensuring they have an appropriate legal basis for collecting and using attendee information.
Organizer Privacy Policies
Under GDPR and other privacy laws, organizers may be required to explain how they collect and use attendee information.
Ticket Spot encourages organizers to maintain their own privacy policies and make them available to attendees.
Where supported by the Services, organizers may provide links to their privacy policies during the registration process.
Marketing Consent
Privacy laws may require organizers to obtain consent before sending certain marketing communications.
Ticket Spot may provide tools that allow organizers to collect attendee marketing preferences.
Organizers are solely responsible for ensuring they have an appropriate legal basis for any marketing communications they send.
International Transfers
Ticket Spot operates globally.
Personal information may be transferred to and processed in countries outside of the country where it was originally collected.
Where required by applicable law, Ticket Spot implements safeguards designed to protect personal information during international transfers, including contractual protections such as Standard Contractual Clauses.
For additional information regarding international transfers, please review our Privacy Policy.
Security and Data Protection
Ticket Spot implements reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.
No method of transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. However, we continuously work to maintain appropriate safeguards designed to protect the information entrusted to us.
Third-Party Service Providers
Ticket Spot works with carefully selected service providers to operate the Services.
Examples may include providers supporting:
- payment processing;
- cloud hosting;
- analytics;
- communications;
- customer support.
Where required by law, Ticket Spot enters into contractual arrangements designed to protect personal information processed by such providers.
Ticket Spot Service Providers and Subprocessors
Ticket Spot works with trusted third-party service providers to help us operate the Services. These providers may process personal information on our behalf in accordance with contractual obligations designed to protect personal information.
The following categories of service providers are currently used by Ticket Spot:
| Provider | Purpose |
|---|---|
| Google Cloud | Cloud infrastructure, hosting, storage, and related platform services |
| Postmark | Transactional email delivery, including ticket confirmations and account communications |
| PostHog | Product analytics, feature usage insights, and service improvement |
| Stripe | Payment processing services for organizers using Stripe |
| Square | Payment processing services for organizers using Square |
| PayPal | Payment processing services for organizers using PayPal |
Ticket Spot evaluates service providers based on their ability to support the secure and reliable operation of the Services.
Where required by applicable law, Ticket Spot enters into agreements designed to ensure that these providers process personal information in accordance with applicable privacy obligations.
Ticket Spot may update this list from time to time as our Services evolve.
Data Subject Rights
Individuals located in certain jurisdictions, including the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland, may have rights relating to their personal information, including rights to:
- access personal information;
- correct inaccurate information;
- request deletion of personal information;
- restrict certain processing activities;
- object to certain processing activities;
- request portability of personal information;
- withdraw consent where consent forms the legal basis for processing.
Because organizers generally act as data controllers of attendee information, attendees seeking to exercise privacy rights relating to a particular event should generally contact the relevant organizer first.
Ticket Spot may assist organizers in responding to such requests where required.
Data Processing Agreements
Where required by applicable law, Ticket Spot may make available a Data Processing Addendum ("DPA") governing the processing of personal information subject to GDPR.
Organizers who believe they require a DPA should contact Ticket Spot using the information below.
Questions About GDPR
If you have questions regarding Ticket Spot's approach to GDPR, please contact us.
Ticket Spot, operated by Architect Spot LLC
Email: privacy@ticketspotapp.com
Mail:
Architect Spot LLC
1150 Garden View Rd
Unit 230056
Encinitas, CA 92024
United States
This page is intended to provide general information regarding Ticket Spot's approach to GDPR and other privacy obligations. It does not constitute legal advice. Organizers are responsible for determining their own compliance obligations under applicable privacy laws.