Privacy Policy

1.1. SporTickets ("Platform", "we") provides technology to create, promote and sell tickets/registrations for events.

1.2. This Policy applies to Users/Buyers/Participants, Organizers and site/app visitors.

1.3. We process personal data under Brazilian Law 13.709/2018 (LGPD), the Internet Civil Framework (Law 12.965/2014) and related regulations.

2.1. SporTickets as CONTROLLER: when defining purposes and means for Platform operation (registration, authentication, fraud prevention, billing, support, security, service improvement).

2.2. SporTickets as PROCESSOR: when processing data on behalf of the ORGANIZER (e.g., check-in, participant reports, certificate issuance).

2.3. ORGANIZER as CONTROLLER: responsible for participant data for event execution/communication and must publish the event privacy notice, define legal bases and address data subject rights.

2.4. When in doubt about responsibility, we will indicate the agent during the data subject support flow.

3.1. Account data: full name, email, phone (E.164), country, CPF or CPF-CNPJ (when applicable), ZIP code, date of birth, gender (Male/Female/Prefer not to say), profile photo (optional).

3.2. Purchase and event data: items purchased, lot/category, amount, coupons, payment method, ownership, change history, check-in/QR Code, attendance/excuse when informed by Organizer.

3.3. Payments: transaction identifiers and tokenization (full card number is not stored by SporTickets; processing occurs with payment providers).

3.4. Platform usage and logs: IP, date/time, device, operating system, browser, session identifiers, pages/resources accessed, telemetry and technical events for security and metrics.

3.5. Support and communications: messages, emails, attachments and metadata exchanged with our channels.

3.6. Cookies/SDKs: necessary (login/security), functional (preferences), analytical (metrics) and marketing (when applicable and with consent).

3.7. Sensitive data: we avoid processing; if Organizer requests (e.g.: health/accessibility) must appear in event notice with legal basis and minimization.

3.8. Third-party data: when purchasing for others or transferring ownership, we may process new holder's data under this Policy.

4.1. Account / Platform operation: contract performance; legitimate interest; legal obligation.

4.2. Processing orders/tickets (checkout, confirmation, receipts, check-in): contract performance.

4.3. Organizer relationship (reports, reconciliation, support): contract performance; legitimate interest.

4.4. Consumer rights (cancellations, refunds, claims): legal obligation.

4.5. Analytics & improvement (metrics, A/B tests, usability): legitimate interest with minimization.

4.6. Marketing (newsletter, offers, remarketing): consent or other valid basis; opt-out always available.

4.7. Legal orders and defense of rights: legal obligation; regular exercise of rights.

5.1. Organizers: data necessary for event management.

5.2. Payment methods and anti-fraud.

5.3. Infrastructure providers and essential technical partners.

5.4. Authorities, regulators and audits when required.

5.5. International transfers: use of global providers with contractual safeguards and protection level assessment.

6.1. We use cookies/SDKs for session, security, preferences, metrics and (when applicable) marketing.

6.2. Manage via browser and banner/preference center. Essential ones cannot be disabled without functional impact.

6.3. Behavioral advertising (when used) depends on consent and has opt-out.

7.1. We keep as long as necessary for purposes and limitation periods.

7.2. Access logs: minimum 6 months (Civil Framework).

7.3. Tax/financial data: legal deadlines then deletion/anonymization.

7.4. Support tickets: as long as necessary for service/defense.

8.1. Technical/administrative measures: access control, encryption, segregation, backups, monitoring, key management, reviews.

8.2. Relevant incidents: we will notify data subjects and ANPD when applicable.

8.3. We recommend credential secrecy and MFA when available.

9.1. LGPD rights (art. 18): confirmation, access, correction, anonymization/deletion, portability, sharing information, objection, review of automated decisions, consent revocation.

9.2. Exercise through channels in item 12; we may validate identity.

9.3. When operation is the Organizer's, we will forward and follow up if we act as Processor.

10.1. Automated mechanisms for fraud prevention and risk.

10.2. Possible to request criteria and review under LGPD.

11.1. Platform intended for users 18+. Participation of minors occurs under Organizer/legal guardian responsibility with minimal collection and appropriate legal basis.

12.1. Data Protection Officer (DPO): [DPO Name] – [dpo@sportickets.com.br]

12.2. LGPD channel: privacidade@sportickets.com.br

12.3. Support: suporte@sportickets.com.br

12.4. Email changes will be reflected in updated versions.

13.1. Organizer must publish event privacy notice (purposes, bases, recipients, retention, rights channels).

13.2. We do not authorize collection beyond necessary; special collections require justification, minimization and, when possible, anonymization.

14.1. We may update this Policy for legal, technical or business reasons; material changes will be communicated via usual channels.

15.1. Personal data: information relating to an identified or identifiable natural person.

15.2. Sensitive data: racial/ethnic origin, religious belief, political opinion, health/sexual life, genetic/biometric data.

15.3. Controller: decides on data processing.

15.4. Processor: processes on behalf of controller.

15.5. Data subject: natural person the data refers to.

15.6. ANPD: Brazilian National Data Protection Authority.