Privacy Policy

We collect information that is necessary to operate a secure, trustworthy ticketing platform. The type of data we collect depends on whether you use Ventry as a ticket buyer or as an event organizer.

1.1 Information You Provide Directly

• Buyers: name, email address, and any other information you supply when purchasing tickets or submitting a refund claim.
• Organizers: name, email address, phone number, and password when registering an account.
• KYC documents (organizers only): government-issued photo ID, a selfie holding your ID, social media profile links, venue proof documents, and bank account details (bank name, account number, and account name) required to release payouts.
• Event details: event name, description, date, venue, address, city, ticket tier pricing, and any banner images you upload.
• Support communications: the content of any message you send to us via email or the help center, including refund claims and complaints.

1.2 Information Collected Automatically

• IP address and approximate geographic location derived from it.
• Browser type, operating system, and device identifiers.
• Pages visited on the Ventry platform, timestamps, and referring URLs.
• Authentication session tokens stored in secure HTTP-only cookies.

1.3 Payment Information

We do not store full card numbers, PINs, or other sensitive payment credentials on our servers. All payment processing is handled directly by Paystack. When you make a purchase, your payment details are transmitted directly to Paystack under their own privacy policy. We receive and store only the transaction reference number, the amount paid, and the payment status returned by Paystack.

We use the information we collect for the following purposes:

2.1 Delivering Tickets & Processing Payments

• Generating your unique QR-coded ticket and delivering it to your email address after a successful purchase.
• Creating a secure payment transaction on Paystack and reconciling the outcome with your order.
• Holding funds in escrow and releasing them to the organizer after the event.
• Processing refunds when an event is cancelled or a complaint is upheld.

2.2 KYC Verification (Organizers)

• Reviewing identity documents to verify that organizers are real individuals or registered businesses.
• Validating phone numbers and social media presence as part of the trust-verification process.
• Confirming venue documentation before approving event listings.
• Preventing fraud, money laundering, and the listing of fictitious events.

2.3 Platform Operations

• Creating and managing your account, authenticating your identity on each login.
• Sending transactional emails: ticket confirmations, KYC decisions, event approvals or rejections, payout notifications, and password reset links.
• Enabling event organizers to scan and validate QR tickets at their events.
• Providing organizers with sales analytics and payout records via the dashboard.

2.4 Safety, Security & Fraud Prevention

• Detecting and investigating fraudulent transactions, fake events, or abuse of the refund system.
• Monitoring for compromised accounts and unauthorized access.
• Maintaining audit logs of QR scan events for dispute resolution.

2.5 Legal Compliance

We may use your information to comply with applicable Nigerian laws and regulations, respond to lawful requests from government authorities, and enforce our Terms of Service.

We engage a small number of carefully selected third-party service providers to operate the platform. Each provider processes data only as necessary to perform their specific function.

3.1 Paystack (Payment Processing)

Ventry uses Paystack Inc. to process all ticket payments and organizer transfers. When you purchase a ticket, you are redirected to Paystack's hosted payment page. Paystack collects, processes, and stores your card details under their own privacy policy, available at paystack.com/privacy. We receive only a transaction reference and payment status. Paystack is PCI-DSS compliant.

3.2 Resend (Transactional Email)

We use Resend Inc. to deliver transactional emails — ticket confirmations, password resets, and platform notifications. Resend processes your email address and the content of each message sent on our behalf. Resend does not use this data for advertising. Their privacy policy is available at resend.com/legal/privacy-policy.

3.3 Supabase (Database & File Storage)

Our database, file storage, and backend infrastructure are hosted on Supabase Inc.All data described in this policy — account records, ticket records, KYC documents, event data — is stored on Supabase infrastructure with encryption at rest and in transit. KYC documents are stored in a private, access-controlled storage bucket and are not publicly accessible. Supabase's privacy policy is available at supabase.com/privacy.

3.4 No Advertising Partners

We do not sell your personal data to advertisers. We do not use your data for targeted advertising. We do not work with data brokers or marketing analytics companies.

We do not sell, rent, or trade your personal information. We may share it only in the following circumstances:

• With event organizers: when you purchase a ticket, the organizer receives your name and email address so they can manage attendance. They do not receive your payment card details.
• With our service providers: Paystack, Resend, and Supabase as described in Section 3, solely to provide the services you use.
• For legal compliance: when required by law, court order, or a lawful request from a Nigerian government authority, regulatory body, or law enforcement agency.
• To protect rights: when we believe in good faith that disclosure is necessary to prevent fraud, protect the safety of any person, or enforce our Terms of Service.
• In a business transfer: if Ventry is acquired, merged, or its assets are transferred, your data may be transferred as part of that transaction. We will notify affected users before their data is subject to a different privacy policy.

We retain your data for as long as necessary to fulfil the purposes set out in this policy.

• Ticket records: retained for 7 years from the transaction date to satisfy financial record-keeping obligations under Nigerian law.
• Account data: retained for the life of your account. If you close your account, personal profile data is deleted within 30 days, subject to financial retention requirements above.
• KYC documents: retained while your organizer account is active and for 2 years after account closure to comply with anti-fraud and anti-money-laundering obligations.
• Support communications: retained for 2 years to allow resolution of disputes and charge-backs.
• Server and access logs: retained for 90 days and then automatically deleted.

To request deletion of your account and associated data, email us at support@ventrybooking.com. We will acknowledge your request within 5 business days and complete deletion within 30 days, except where retention is required by law.

As a user of the Ventry platform you have the following rights regarding your personal data. You may exercise any of these rights by emailing support@ventrybooking.com.

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may ask us to correct inaccurate or incomplete data. Organizers can update most profile data directly in the dashboard.
• Right to erasure: you may request deletion of your personal data, subject to retention requirements described in Section 5.
• Right to data portability: you may request that we export your data in a machine-readable format (JSON or CSV).
• Right to restrict processing: you may ask us to suspend processing of your data while a correction or objection is being resolved.
• Right to object: you may object to processing of your data for purposes other than the core service delivery.

We will respond to all rights requests within 30 days. If we are unable to action your request, we will explain why.

Ventry uses a minimal set of cookies necessary to operate the platform securely. We do not use advertising cookies, tracking pixels, or third-party analytics scripts that build profiles across the web.

• Authentication cookie (ventry_token): an HTTP-only, secure, SameSite=Lax cookie that holds your signed session token. This cookie is essential for you to remain logged in. It cannot be read by JavaScript and expires after 7 days or on logout, whichever is earlier.
• No advertising cookies: we do not set cookies from Google Ads, Meta, or any other advertising network.
• No third-party analytics: we do not embed Google Analytics, Mixpanel, or similar tools. Any analytics we run are first-party and use anonymised aggregated data only.

Because we use only one essential cookie, cookie consent banners are not required for our platform. You may disable cookies in your browser settings, but doing so will prevent you from logging in.

• All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted by Supabase using AES-256.
• KYC documents are stored in a private Supabase storage bucket inaccessible to the public.
• Passwords are never stored in plain text; they are hashed using bcrypt with an appropriate work factor.
• QR ticket tokens are signed JWTs with a 365-day expiry, verified server-side on every scan.
• Authentication tokens use HTTP-only cookies, preventing JavaScript access.
• Admin and organizer access requires authentication; admin credentials are never stored in the database.
• We perform periodic security reviews of our API routes and access controls.

No system is completely secure. If you discover a security vulnerability in the Ventry platform, please report it responsibly to support@ventrybooking.com and we will respond promptly.

Ventry is not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@ventrybooking.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify organizer account holders by email.

Your continued use of the Ventry platform after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

We will acknowledge privacy-related enquiries within 5 business days and aim to resolve them within 30 days.