Privacy Policy

Last updated: May 24, 2026

This Privacy Policy describes how POCtix ("we," "us"), operated by Port of Cams in Honolulu, Hawaii, collects, uses, and discloses information.

1. Information we collect

From Buyers

• Email address — required to deliver tickets and let you sign in.
• Name (optional) — used as attendee name on tickets.
• Order history — events you bought tickets to, quantities, prices.
• Payment — handled entirely by Stripe; we never see your card number.
• Technical data — IP address, browser type, timestamps. Used to prevent fraud and rate-limit abuse.

From Venues

• Venue name, contact email, phone, city, event details, logos, and Stripe Connect account.

2. How we use it

• To deliver tickets, send confirmation and sign-in emails, and serve your "My tickets" page.
• To prevent fraud, enforce rate limits, and detect abuse.
• To process refunds and respond to support requests.
• To share order info with the Venue that produced your event (your name, email, ticket tier — so they can manage their guest list).

We do not sell, rent, or share Buyer data with advertisers or third-party marketers. We do not run "discovery" ads using your purchase history.

3. Who we share with

• Venues — the organizer of an event you bought tickets to receives your name, email, ticket tier, and order amount.
• Stripe — payment processing only. Stripe's privacy policy: stripe.com/privacy
• Email delivery — we use Resend and/or Gmail SMTP to deliver transactional email.
• Infrastructure — hosted on Vultr (server) and Cloudflare (CDN/edge).
• Legal requests — we may disclose information when required by court order, subpoena, or to protect rights, property, or safety.

4. How long we keep your data

• Order records — kept indefinitely for tax, accounting, and dispute resolution.
• Magic-link sign-in tokens — expire 20 minutes after issue; deleted after use.
• Session cookies — expire 30 days after sign-in.
• Lead/inquiry data from Venues — kept until we mark the inquiry as closed or declined.

5. Cookies

We use a single first-party session cookie (poctix_session) for sign-in. We do not use third-party advertising or tracking cookies. We do not currently run analytics.

6. Your rights

California residents (CCPA)

You have the right to know what personal information we have collected about you, request deletion of that information, and opt out of any "sale" of your information (we do not sell information). Email [email protected] with the subject line "CCPA Request" and we will respond within 45 days.

EU/UK residents (GDPR)

You have rights of access, rectification, erasure, restriction, portability, and objection. Email [email protected] with the subject line "GDPR Request." Legal basis for processing is performance of contract (delivering tickets) and legitimate interests (fraud prevention).

All users

You can request deletion of your account at any time. Note that financial records associated with completed purchases may be retained for tax and accounting purposes, as required by law.

7. Children

POCtix is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us information, email us and we will delete it.

8. Security

We use industry-standard practices: TLS in transit, hashed sign-in tokens, session cookies with HttpOnly + Secure + SameSite=Lax flags. Card data is never touched by POCtix — Stripe Checkout handles all card capture.

9. Changes

We may update this Policy. We'll post the new version here and update the "Last updated" date. Material changes will be emailed with at least 14 days' notice.

10. Contact

Questions, requests, or concerns? [email protected]