RiffOff (“we”, “us”, or “our”) operates the RiffOff platform — a music event ticketing service. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services.
By accessing or using RiffOff, you agree to the practices described in this policy.
1.Information We Collect
1.1 Information You Provide
- Account information: name, email address, phone number, and password when you create an account.
- Profile information: display name, profile photo, organisation details, social media links, and timezone preferences.
- Transaction information: billing details, payment method (processed by Stripe, PayPal, or TNG Digital — we never store full card numbers), purchase history, and ticket details.
- Event information: when you create events as an organiser, including event details, descriptions, venue information, pricing, and cover images.
- Communications: messages you send through our support channels or in-app contact features.
1.2 Information Collected Automatically
- Device information: browser type, operating system, device identifiers, and screen resolution.
- Usage data: pages visited, features used, actions taken, time spent, and navigation patterns.
- Location data: approximate geographic location derived from IP address, used for currency conversion and event recommendations.
- Cookies and similar technologies: session cookies for authentication, preference cookies for display settings, and analytics cookies.
1.3 Information from Third Parties
- Payment providers (Stripe, PayPal, TNG Digital) may share transaction confirmation details.
- If you sign in via third-party authentication (OAuth), we receive your name and email from the identity provider.
2.How We Use Your Information
- Provide, maintain, and improve the RiffOff platform and its features.
- Process ticket purchases, refunds, and payouts to event organisers.
- Generate and deliver digital tickets with unique QR codes.
- Send transactional emails (order confirmations, ticket delivery, event updates).
- Personalise your experience (event recommendations, currency display, language).
- Detect, prevent, and address fraud, abuse, and security incidents.
- Verify ticket authenticity at event gates via our QR scanning system.
- Comply with legal obligations and respond to lawful requests.
- Analyse usage patterns to improve our platform (aggregated and anonymised).
3.How We Share Your Information
We do not sell your personal information. We may share information with:
- Event organisers: when you purchase tickets, the organiser receives your name and email to manage attendance and communicate event updates.
- Payment processors: Stripe, PayPal, and TNG Digital process payments on our behalf under their own privacy policies.
- Service providers: hosting (Vercel), backend services (Appwrite), email delivery, and analytics providers who assist in operating our platform.
- Legal requirements: when required by law, regulation, legal process, or governmental request.
- Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
4.Data Security
We implement industry-standard security measures to protect your information:
- All data is transmitted over TLS/HTTPS encryption.
- Passwords are hashed using Argon2id (never stored in plain text).
- Session tokens use httpOnly, Secure, and SameSite cookies.
- Payment data is handled by PCI-compliant processors — we never store card numbers.
- Database access uses row-level security (RLS) policies.
- Regular security audits and vulnerability assessments are conducted.
- Sensitive data at rest is encrypted using AES-128-GCM.
While we strive to protect your information, no method of transmission over the internet is 100% secure.
5.Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Active + 30 days after deletion |
| Transaction records | 7 years (financial compliance) |
| Usage analytics | 24 months (individual), indefinite (aggregated) |
| Support communications | 3 years after last interaction |
6.Cookies and Tracking
Essential cookies
Required for authentication, security, and basic platform functionality. Cannot be disabled.
Preference cookies
Remember your settings such as display currency, language, and theme (dark/light mode).
Analytics cookies
Help us understand how visitors interact with our platform. Data is aggregated and does not personally identify you.
You can manage cookie preferences through your browser settings.
7.Your Rights
Depending on your jurisdiction, you may have the following rights:
Access
Request a copy of the personal data we hold about you.
Correction
Request correction of inaccurate or incomplete data.
Deletion
Request deletion of your account and associated data. See our Data Deletion page.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing of your data for certain purposes.
Withdrawal
Withdraw previously given consent at any time.
To exercise these rights, visit Settings > Privacy, or contact privacy@riffoff.live.
To request deletion of your account and all associated data, visit our Data Deletion page for detailed instructions.
8.International Data Transfers
RiffOff operates across Southeast Asia and internationally. Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place in compliance with applicable data protection laws (including PDPA Malaysia, PDPA Singapore, GDPR where applicable).
9.Children's Privacy
RiffOff is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such information.
10.Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a revised date. For significant changes, we will also notify you via email or in-app notification.
11.Contact Us
If you have questions or concerns about this Privacy Policy: