Become an Organizer

Privacy Policy

Last updated May 19, 2026 · Effective May 19, 2026

Xpat Events ("we", "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding it. It applies to the marketplace at xpat.events, our APIs, and any associated applications (the "Service").

1. Information we collect

Account information

Because the Service uses Xpat.Money for sign-in and identity, we receive from Xpat.Money a unique identifier (Cognito sub), your verified name and email, and KYC / wallet status flags needed to determine whether you are eligible to become an organizer. We do not collect or store your government-issued ID, social-security number, tax-identification number, or other KYC documentation; that data is collected and held solely by Xpat.Money.

Event and ticket data

For organizers: the events you list (titles, descriptions, dates, venues, ticket categories, pricing, refund and cancellation policies, and any media you upload). For attendees: the orders you place, including buyer name, email and phone provided at checkout, and the resulting ticket records.

Payment information

Payment instrument details (card number, bank account, etc.) are collected by Xpat.Money at checkout and are never transmitted to or stored by Xpat Events. We receive a payment-session identifier and the result (success / failed / cancelled), the amount, and a non-sensitive payment-method label (e.g. "wallet", "card").

Usage and device data

When you visit the Service we receive standard request metadata: IP address, user-agent, referring page, and the requested URL. We use this to operate the Service, prevent abuse, and produce aggregate analytics.

2. How we use information

  • To provide, secure, and improve the Service.
  • To process and deliver tickets you purchase.
  • To validate that organizers meet KYC and merchant prerequisites before they can collect funds.
  • To send transactional notifications (purchase confirmations, ticket QR codes, event reminders, refund updates).
  • To prevent fraud, scalping, and abuse.
  • To comply with legal obligations and respond to lawful requests.

3. How we share information

  • Event organizers receive the buyer's name, email, phone (if provided) and order details for each ticket purchased for their event, so they can deliver the experience and contact you about it.
  • Xpat.Money receives the order amount and a reference id when we initiate a payment session on your behalf, and returns the payment status to us.
  • Service providers (cloud hosting, monitoring, transactional email) process data on our behalf under contractual confidentiality.
  • Legal / compliance: we may disclose information when required by law, subpoena, or to protect the rights, property, or safety of users or the public.

We do not sell your personal information to advertisers or data brokers.

4. Cookies and similar technologies

We use cookies and local-storage values strictly for session management and remembering your sign-in. We do not use third-party advertising or cross-site tracking cookies.

5. Retention

We retain account and order data for as long as your account is active and for a period thereafter as required to comply with legal, accounting, or reporting obligations. Order and payment records are typically retained for seven (7) years for tax and audit reasons.

6. Security

We use industry-standard technical and organizational safeguards including encryption in transit, access controls, audit logging, and principle-of-least-privilege for internal access. No security control is perfect; promptly notify us at security@xpat.events if you suspect unauthorized access to your account.

7. Your rights

Depending on your jurisdiction (including the EU/EEA, the United Kingdom, California, and others), you may have the right to access, correct, delete, restrict the processing of, or port your personal information, and to withdraw consent. To exercise any of these rights contact privacy@xpat.events from the email associated with your account.

8. International transfers

The Service is hosted in the United States. If you access it from outside the United States, your data may be transferred to and processed in the United States or other jurisdictions, where data-protection laws may differ from those in your country.

9. Children

The Service is not directed to children under 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us their information, contact us and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be announced on the Service and become effective on the date noted at the top of this page.

11. Contact

Privacy questions or requests can be sent to privacy@xpat.events.