Home →

Privacy Policy – GoSYNQ

Effective Date: 30 October 2025

GoSYNQ Ltd ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you engage with our services.

1. Information We Collect

1.1 Personal Information

  • Name, email address, phone number
  • Date of birth (if required for age-restricted events)
  • Survey responses and feedback

1.2 Ticketing & Event Data

  • Ticket purchase information (buyer email, event attended)
  • Payment information (processed securely via Stripe - we do not store card details)
  • QR code ticket data (unique ticket ID, scan status, scan timestamp)
  • Event interaction data (QR code scans at venues, check-in times)

1.3 Marketing & Engagement Data

  • Email sign-ups and competition entries
  • Opt-in preferences for event communications
  • Redemption of offers and rewards

1.4 Technical Data

  • IP address, browser type, device information
  • Cookies and similar tracking technologies
  • Website usage analytics

2. How We Collect Your Information

  • Ticket purchases through Stripe checkout
  • Forms and surveys (Tally, Typeform, Airtable)
  • QR code scans at venue entrances
  • Email sign-ups and competition entries
  • Website cookies and analytics tools
  • Opt-ins at checkout for event updates

3. How We Use Your Information

3.1 Service Delivery

  • Process ticket purchases and deliver QR code tickets via email
  • Verify ticket validity at event entrances using our mobile scanner
  • Provide customer support and respond to inquiries

3.2 Marketing & Communications

  • Send offers and updates for upcoming events (only with your consent)
  • Deliver competition prizes and rewards
  • Share relevant promoter content and opportunities

3.3 Analytics & Improvement

  • Analyse event attendance and engagement data
  • Improve our services through feedback and survey data
  • Generate insights for event promoters (anonymized where possible)

3.4 Legal & Security

  • Fulfil legal obligations and comply with regulations
  • Prevent fraudulent activity and ticket duplication
  • Maintain security and integrity of our platform

4. Legal Basis for Processing (UK GDPR)

We process your data under the following legal bases:

  • Consent — You have explicitly agreed to receive marketing or participate in offers
  • Contract — Processing is necessary to deliver ticketing services you purchased
  • Legitimate Interest — To improve our services, prevent fraud, and grow our business while respecting your rights
  • Legal Obligation — When required by law or regulation

5. How We Store Your Data

5.1 Data Storage

Your data is stored securely using trusted, GDPR-compliant third-party platforms:

  • Supabase (ticket database, EU region)
  • Stripe (payment processing, PCI-DSS compliant)
  • Resend (email delivery)
  • n8n Cloud (workflow automation)
  • Tally, Airtable, Notion (forms and audience management)

5.2 Security Measures

  • Encrypted data transmission (HTTPS/TLS)
  • Access restricted to authorised personnel only
  • Regular security audits and updates
  • Secure password policies and authentication

6. Data Sharing

We share your data only when necessary:

6.1 Event Promoters & Venues

  • We share attendee data with the promoter/venue of events you attend
  • This includes name, email, and ticket purchase details
  • Promoters use this data to manage their events and communicate with attendees

6.2 Third-Party Service Providers

  • Stripe (payment processing)
  • Resend (email delivery)
  • Supabase (data hosting)
  • n8n (workflow automation)
  • Analytics and marketing tools (anonymized where possible)

6.3 Legal Requirements

  • Regulatory authorities if required by law
  • Law enforcement in response to valid legal requests

We do not sell your personal data to third parties.

7. Data Retention

  • Ticket data: Retained for 12 months after the event for accounting and dispute resolution
  • Marketing data: Retained until you withdraw consent or request deletion
  • Financial records: Retained for 6 years as required by UK tax law
  • Anonymized analytics: May be retained indefinitely

You can request deletion of your data at any time (subject to legal retention requirements).

8. Your Rights (UK GDPR)

You have the right to:

  • ✅ Access the personal data we hold about you
  • ✅ Rectify inaccurate or incomplete data
  • ✅ Erase your data (right to be forgotten)
  • ✅ Restrict processing of your data
  • ✅ Data portability (receive your data in a portable format)
  • ✅ Object to processing based on legitimate interest
  • ✅ Withdraw consent for marketing at any time
  • ✅ Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise your rights, contact us at: charlie@gosynq.io

9. Marketing Communications

  • You can opt-out of marketing emails at any time using the unsubscribe link
  • Opting out of marketing will not affect transactional emails (ticket confirmations, etc.)
  • We respect your preferences and will honour opt-out requests immediately

10. Cookies & Tracking

10.1 What We Use

We use cookies and similar technologies to:

  • Improve your browsing experience
  • Measure campaign effectiveness
  • Analyse website traffic and usage patterns

10.2 Your Control

  • You can disable cookies in your browser settings
  • Some features may not function properly without cookies
  • For more information, see our Cookie Policy (if separate) or contact us

11. International Data Transfers

Your data is primarily stored within the UK/EU. If we transfer data outside these regions:

  • We ensure adequate safeguards are in place (e.g., Standard Contractual Clauses)
  • We comply with UK and EU data protection standards

12. Children's Privacy

Our services are not directed at children under 16. If we become aware we have collected data from a child without parental consent, we will delete it promptly.

13. Security

We implement reasonable technical and organisational measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Incident response procedures

However, no system is 100% secure. We cannot guarantee absolute security.

14. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

15. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any changes will be posted on this page with a revised "Effective Date". Continued use of our services after changes constitutes acceptance.

16. Contact Us

If you have any questions, concerns, or wish to exercise your rights, contact us at:
GoSYNQ Ltd
Email: charlie@gosynq.io
Website: gosynq.io

For data protection inquiries, you can also contact the UK Information Commissioner's Office:
ico.org.uk | 0303 123 1113

We use cookies to improve your experience and analyze site usage. See our Cookies Info.