At RiffOff, we respect your right to control your personal data. This page explains how you can request the deletion of your account and all associated data from our platform.
This policy applies to all users of the RiffOff platform, including attendees, event organisers, and artists. It covers data processed in accordance with our Privacy Policy.
1.How to Request Data Deletion
You can request deletion of your account and personal data through any of the following methods:
1.1 Through the App
- Navigate to Settings in the RiffOff app or website.
- Select Privacy & Data.
- Click โDelete My Accountโ.
- Confirm your identity by entering your password or completing email verification.
- Your account will be scheduled for deletion.
1.2 Via Email
Send a deletion request to privacy@riffoff.live with the subject line โData Deletion Requestโ. Include:
- Your registered email address.
- Your full name as it appears on your account.
- A brief statement requesting deletion of your data.
We will verify your identity before processing the request.
1.3 For Facebook or Google Login Users
If you signed up using Facebook Login or Google Sign-In, you can also request data deletion directly from those platforms:
- Facebook: Go to Settings & Privacy > Settings > Apps and Websites on Facebook, find RiffOff, and click โRemoveโ. This will notify us to delete your data.
- Google: Go to myaccount.google.com > Security > Third-party apps, find RiffOff, and revoke access. Then email us at privacy@riffoff.live to complete the deletion.
2.What Data Is Deleted
When your deletion request is processed, we permanently remove the following:
| Data Category | Action |
|---|---|
| Account profile | Permanently deleted |
| Email, name, phone number | Permanently deleted |
| Profile photo | Permanently deleted |
| Purchase history | Anonymised (financial records retained as required by law) |
| Ticket data | Permanently deleted (void active tickets) |
| Event organiser data | Events transferred or archived; personal data deleted |
| OAuth tokens (Google, Facebook) | Revoked and deleted |
| Session and login data | Permanently deleted |
3.What Data May Be Retained
Certain data may be retained for a limited period as required by law or for legitimate business purposes:
- Financial transaction records: Retained for 7 years as required by tax and accounting regulations.
- Fraud prevention data: Limited data may be retained to prevent abuse and protect other users.
- Legal obligation data: Data required to comply with legal proceedings, government requests, or regulatory obligations.
- Anonymised analytics: Aggregated, non-identifiable data used for platform improvement may be retained indefinitely.
All retained data is anonymised where possible and stored securely. Once the retention period ends, the data is permanently deleted.
4.Processing Timeline
24h
Acknowledgement
We confirm receipt of your request
30 days
Grace period
You can cancel the request during this time
30 days
Permanent deletion
All data permanently removed from our systems
After the 30-day grace period, deletion is irreversible. Your account, tickets, and all associated data will be permanently removed and cannot be recovered.
5.What Happens to Active Tickets
If you have active (unused) tickets at the time of deletion:
- All active tickets will be voided and cannot be used for entry.
- If the event has not yet occurred, you may request a refund before submitting the deletion request.
- Transferred tickets that have been accepted by another user are not affected.
We strongly recommend using or transferring your tickets, and requesting any applicable refunds, before submitting a data deletion request.
6.Organiser Account Deletion
If you are an event organiser with active or upcoming events:
- All upcoming events must be either completed, cancelled, or transferred to another organiser before account deletion.
- Past event data (attendance records, financial settlements) will be anonymised but retained for tax compliance.
- Any pending payouts will be processed before your account is deleted.
7.Your Rights Under Applicable Laws
This data deletion process is designed to comply with applicable data protection regulations including:
- PDPA (Malaysia) โ Personal Data Protection Act 2010
- PDPA (Singapore) โ Personal Data Protection Act 2012
- GDPR (EU/EEA) โ General Data Protection Regulation, Article 17 (Right to Erasure)
- CCPA (California) โ California Consumer Privacy Act
If you believe your data deletion request has not been handled appropriately, you have the right to lodge a complaint with your local data protection authority.
8.Contact Us
For questions about data deletion or to submit a request:
See also our Privacy Policy and Terms of Service.