Listed ("we," "us," or "our") operates the Listed platform at uselisted.com and related services. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform as a venue operator, promoter, event curator, or attendee.
1. Information We Collect
Personal Information
When you create an account or use our services, we may collect:
- Name, email address, and phone number
- Profile information (photo, bio, social media handles)
- Business information for venue operators (venue name, address, capacity, license details)
- Date of birth (for age verification where required by law)
- Government-issued ID (for Stripe identity verification on venue accounts)
Usage Data
We automatically collect information about how you interact with our platform:
- Device information (browser type, operating system, device identifiers)
- IP address and approximate location
- Pages visited, features used, and actions taken
- Event attendance history, ticket purchases, and check-in records
- Search queries and interaction patterns
Payment Data
We use Stripe as our payment processor. Listed does not store, process, or have access to your full credit card numbers. When you make a purchase or receive payouts:
- Stripe collects and processes your payment card details directly
- We receive only a tokenized reference, card brand, last four digits, and expiration date
- Transaction amounts, dates, and associated event/ticket information are stored in our system
- Venue payout information (bank account details) is stored and managed by Stripe Connect
2. How We Use Your Information
We use the information we collect for the following purposes:
- Account Management: To create and maintain your account, verify your identity, and provide customer support
- Platform Services: To process ticket purchases, manage guestlists, operate venue mapping features, and facilitate event check-ins
- Payments: To process transactions, manage subscriptions, calculate promoter commissions, and facilitate venue payouts through Stripe Connect
- Communications: To send transactional emails (receipts, confirmations, QR codes), account notifications, and with your consent, promotional messages about events and platform updates
- Analytics: To provide venue operators and promoters with event analytics, attendance metrics, revenue reporting, and customer insights through our CRM features
- AI/ML Improvements: To improve event recommendations, optimize dynamic ticket pricing, enhance fraud detection, and develop AI-powered insights for venue operators. We may use anonymized and aggregated data to train our machine learning models
- Safety and Security: To detect and prevent fraud, enforce our terms of service, and protect the safety of our users and platform
3. Information Sharing
We do not sell your personal information. We share information only in the following circumstances:
- Stripe: Payment card data and payout information are processed by Stripe, Inc. under their privacy policy. This includes identity verification for venue operators using Stripe Connect
- Amazon Web Services (AWS): Our platform infrastructure is hosted on AWS. Data is processed and stored in AWS data centers in the United States
- Analytics Providers: We use analytics services to understand platform usage and improve our services. Data shared with analytics providers is anonymized or pseudonymized where possible
- Venue Operators and Promoters: When you purchase a ticket or join a guestlist, the relevant venue operator and/or promoter will receive your name, email, and attendance information as needed to manage the event
- Law Enforcement: We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
4. Data Security
We implement industry-standard security measures to protect your personal information:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
- Encryption at Rest: Data stored in our databases (Amazon Aurora) and file storage (Amazon S3) is encrypted using AES-256 encryption
- Infrastructure Security: Our AWS infrastructure uses VPC isolation, security groups, and private subnets. No databases are publicly accessible
- Access Controls: We enforce role-based access controls, multi-factor authentication for administrative access, and regular access reviews
- SOC 2 Compliance: We are actively pursuing SOC 2 Type II certification to formalize our security and privacy controls
While we take security seriously and implement robust protections, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@uselisted.com.
5. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: You can request a copy of the personal information we hold about you. This is available through your account settings or by contacting us directly
- Deletion: You can request deletion of your account and associated personal information. Some data may be retained as required by law (see Data Retention below)
- Portability: You can request your data in a structured, machine-readable format. We provide data export functionality in your account settings
- Correction: You can update or correct your personal information through your account settings at any time
- Opt-Out of Marketing: You can unsubscribe from promotional communications at any time using the unsubscribe link in any marketing email, or by updating your notification preferences in your account settings
- Restrict Processing: In certain circumstances, you can request that we limit how we use your data
To exercise any of these rights, contact us at privacy@uselisted.com. We will respond to your request within 30 days.
6. Cookies and Tracking
Essential Cookies
We use cookies that are strictly necessary for the operation of our platform. These include session cookies for authentication, CSRF protection tokens, and preferences you set (such as timezone or language). These cookies cannot be disabled.
Analytics Cookies
With your consent, we use analytics cookies to understand how visitors interact with our platform. This helps us improve the user experience, identify issues, and measure the effectiveness of our features. You can opt out of analytics cookies through your browser settings or our cookie consent manager.
No Third-Party Advertising Cookies
We do not use third-party advertising cookies or tracking pixels. We do not participate in ad networks or allow third-party advertisers to track our users across the web.
7. Data Retention
We retain your information for the following periods:
- Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law
- Transaction Records: Financial transaction records, including ticket purchases, payouts, and refunds, are retained for 7 years as required by tax and financial regulations
- Server Logs: Application and access logs are retained for 90 days for security monitoring and debugging purposes, then automatically deleted
- Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely as it cannot be linked back to individual users
- Communication Records: Customer support communications are retained for 3 years after your last interaction
8. Children's Privacy
Listed is not directed at individuals under the age of 18. In jurisdictions where the legal age for nightlife and alcohol-related events is 21, our services are not directed at individuals under 21 for those specific events.
We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@uselisted.com.
Venue operators are responsible for enforcing age restrictions at their events in compliance with local laws and regulations.
9. International Transfers
Listed is based in the United States. Our servers and infrastructure are located in the United States (AWS US regions). If you access our platform from outside the United States, your information will be transferred to, processed, and stored in the United States.
By using our platform, you consent to the transfer of your information to the United States. We take appropriate safeguards to ensure your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.
If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer regulations, we rely on standard contractual clauses and other lawful transfer mechanisms as appropriate.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last updated" date at the top of this page
- We will notify you by email or through an in-app notification for significant changes
- We will provide at least 30 days' notice before material changes take effect
Your continued use of the platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
11. Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your information, please contact us:
- Email: privacy@uselisted.com
- Subject line: "Privacy Inquiry" for fastest routing
We aim to respond to all privacy-related inquiries within 30 days.