Privacy Policy
How LoopInOne collects, uses and protects information when you use our Services.
Last updated 22 June 20261. Introduction
This Privacy Policy explains how LoopInOne ("LoopInOne", "we", "us") collects, uses, shares and protects information about you when you use our website, mobile experiences and related services (the "Services").
We act as a data controller for the personal data you provide directly to us, and as a data processor where we process personal data on behalf of an event organizer.
2. Information we collect
We collect the following categories of personal data:
- Account data: name, email, password (hashed), profile photo, locale and time zone.
- Verification data: government identifiers, business registration documents and beneficial-owner details required by our payment partners.
- Transactional data: tickets purchased or sold, order amounts, refund history, payout destinations and the last four digits of payment cards.
- Event content: information you publish about your events, including descriptions, images, lineup and venue details.
- Communications: messages you send through our support channels, including the contents of email and chat conversations.
- Device and usage data: IP address, device identifiers, browser type, pages viewed, and the date and time of access.
3. How we use your information
We use personal data to:
- provide, secure and improve the Services;
- process orders, issue tickets and remit organizer payouts;
- verify identity and prevent fraud, money-laundering and abuse;
- send you transactional emails (receipts, refunds, security alerts);
- with your consent, send marketing communications about events and features you may like;
- comply with legal obligations and respond to lawful requests.
4. Legal bases for processing
Where the GDPR or a similar law applies, we rely on the following legal bases: performance of a contract (to deliver the Services you requested), legitimate interests (to keep the platform secure and improve our products), legal obligation (e.g. tax and anti-money-laundering rules), and consent (for optional marketing communications).
5. How we share information
We share personal data with:
- Organizers: when you purchase a ticket, we share your name, email and order details with the organizer of that event so they can fulfil your booking.
- Service providers: payment processors, identity-verification providers, email/SMS providers, hosting and analytics partners - bound by contract to use the data only on our instructions.
- Authorities and advisors: when required by law, court order, or to protect our legal rights.
- Business transfers: in the event of a merger, acquisition or asset sale, we may transfer personal data to the successor entity.
We do not sell personal data.
6. International transfers
Our infrastructure and some of our service providers operate outside Kenya, including in the European Union and the United States. Where we transfer personal data across borders, we rely on appropriate safeguards such as the European Commission's standard contractual clauses.
7. Data retention
We retain personal data only for as long as necessary for the purposes set out in this policy and to comply with our legal, tax and accounting obligations.
Order and ticket records are retained for at least seven years for tax and audit purposes. Account data is deleted within 90 days of account closure unless we are required to keep it longer.
8. Your rights
Depending on where you live, you may have the right to: access the personal data we hold about you, correct inaccurate data, ask us to delete data, object to processing, withdraw consent, and request a portable copy of your data.
You can exercise most of these rights from Account → Settings, or by emailing [email protected]. We may need to verify your identity before acting on your request.
9. Security
We use industry-standard safeguards - including encryption in transit, encrypted password storage, rate limiting and two-factor authentication - to protect your data. No system is perfectly secure; you also play a role by keeping your password secret and enabling 2FA on your account.
10. Cookies and similar technologies
We use cookies and similar technologies to keep you signed in, remember your preferences, secure the platform, and measure how the Services are used. You can manage cookies from your browser settings; some parts of the Services may not work without strictly necessary cookies.
11. Children's privacy
The Services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have done so, please contact us and we will delete the data.
12. Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we'll notify you by email or via an in-product banner before they take effect.
13. Contact
Questions about this Privacy Policy or our data practices? Email us at [email protected] or write to LoopInOne, Nairobi, Kenya.