GatekeepersGatekeepers

Gatekeepers Privacy Policy

Last Updated: August 31, 2025

At Gatekeepers (“Company,” “we,” “us” or “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose and safeguard personal information when you interact with our website, mobile application and other services (collectively, “Service”). We provide this Policy in accordance with the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), emerging U.S. state privacy laws and other applicable data‑protection regulations. Please read this Policy carefully to understand our practices. By using our Service, you consent to the practices described in this Policy.

1. Scope and Application

This Policy applies to information we collect from visitors, users, customers and other individuals who access or use our Service. It does not apply to employees or contractors acting in their work capacity, or to information collected in other contexts that are covered by different privacy notices. A privacy policy is a written statement that provides a broad picture of an organization’s online and offline practices for the collection, use, sharing and sale of consumers’ personal information and must include information on consumers’ rights and how to exercise them.

2. Information We Collect

2.1 Categories of Data

We collect personal information and other data that you provide directly or that we obtain automatically when you use our Service. In 2025 a robust privacy policy should clearly list only the specific types of data you collect rather than including every imaginable data type. The categories of data we collect may include:

  • Personal identification information – such as your name, email address, postal address, telephone number and account credentials.
  • Demographic information – such as your age or date of birth.
  • Payment information – such as payment card numbers or billing details when you purchase subscription services.
  • Usage data – including information about how you access and use the Service (e.g., IP addresses, device identifiers, browser types, pages visited, features used and the referring website).
  • Location information – general location derived from your IP address or device settings.
  • Sensitive personal data – we generally do not seek to collect sensitive data (e.g., biometric, health or financial information), but if we do, we will highlight it and obtain any consent required by law.
  • 2.2 Data from Children
  • Our Service is intended for adults. We do not knowingly collect personal information from children under the age of 13. If you believe we have collected such information, please contact us immediately so we can delete it.

3. How We Collect Information

We collect information from you in various ways, including:

  • Directly from you – You may provide information when you register for an account, subscribe to newsletters, request support or otherwise communicate with us. A sample privacy policy lists common data‑collection points: registering online, placing an order, completing surveys or providing feedback, or using the website via cookies.
  • Automatically through your use of the Service – We automatically collect certain usage data and device information when you interact with the Service, such as your IP address, device type, browser, operating system, referring URLs and usage patterns.
  • From cookies and tracking technologies – We use cookies, web beacons and similar technologies to collect information about your interactions with the Service. Cookies are text files placed on your device that collect standard Internet log information and visitor behaviour information.
  • From third parties – We may receive information from analytics providers, advertising networks, social media platforms or other partners when you interact with their services or give them permission to share your data with us.

4. Purposes and Legal Bases for Processing

We use your personal information for the following purposes and rely on the corresponding legal bases when required by law:

  • To provide and maintain the Service – We process your data to operate, maintain and improve the Service, including authenticating users, providing requested content, fulfilling transactions and delivering customer support. Our legal basis is our legitimate interest in running our Service or performing a contract with you.
  • To communicate with you – We use your contact information to send confirmations, service updates, administrative messages and responses to inquiries. We may also send marketing messages if you have given consent or if permitted by law. A sample privacy policy notes that companies collect data to process orders, manage accounts and email users with special offers.
  • To personalize the Service and conduct analytics – We analyze usage trends to understand how users engage with the Service and to personalize content and features. Transparency about the real‑world purposes for data use—including analytics, marketing, personalization and AI training—is important.
  • To develop and improve products and features – We may use aggregated or anonymized data to research and develop new products and improve existing features. We rely on our legitimate interests for such processing.
  • For compliance and legal obligations – We may process your data to comply with our legal and regulatory obligations, to enforce our Terms of Service and to protect our rights and the rights of others.
  • With your consent – We may process your data for other purposes that you consent to, such as participating in surveys or using your data for targeted marketing. You may withdraw your consent at any time.

5. Use of AI and Automated Decision‑Making

We may use automated systems and algorithms to analyze data for personalization, recommendations, security monitoring and fraud detection. If we use user data to train our own models or third‑party machine learning models, we will disclose the type of data used and the intended purpose. In 2025 privacy policies should explicitly state whether user data is used for AI or algorithmic purposes, describe the extent of involvement, and disclose the exact data types used. We do not use automated decision‑making that produces legal or similarly significant effects without human oversight.

6. How We Share and Disclose Information

We may disclose personal information to the following categories of recipients for the purposes described above:

  • Service providers and vendors – We share information with third‑party vendors who perform services on our behalf, such as payment processing, data hosting, analytics, marketing, customer support and IT services. We require these vendors to protect personal information and use it only for the services they provide to us.
  • Affiliates and partners – We may share information with affiliates and trusted business partners to provide joint services or co‑branded offerings. If we share personal data with partner companies for marketing, we will obtain any required consent.
  • Third‑party processors – If we engage third‑party processors, we will describe the volume of data they can access, the purposes for which they use the data, and the jurisdictions in which they operate. Privacy policies should explain how much data processors access, what they do with it and any cross‑border transfer safeguards.
  • Legal authorities – We may disclose information when required by law, regulation, court order or government request; to protect the security or integrity of the Service; to protect the rights, property or safety of Gatekeepers, our users or the public; or to enforce our policies or contracts.
  • Business transfers – If we are involved in a merger, acquisition, reorganization, financing or sale of assets, your information may be transferred as part of that transaction, subject to lawful requirements and notice.
  • With your consent – We may share information with third parties when you explicitly direct us to do so or when you consent to the disclosure.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to recognize you and collect information about your interactions with the Service. Cookies can keep you signed in, help us understand how you use our website and may be used for advertising. Cookies may be first‑party (set by us) or third‑party (set by others). You can control cookies through your browser settings or by using consent‑management tools. Note that disabling cookies may affect the functionality of certain features.

We may allow third‑party advertising companies to place cookies on our sites and collect information about your activities across websites. This information may be used to provide advertising tailored to your interests. You can opt out of targeted advertising through industry programs or by exercising your rights described below.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which we collected it, including satisfying legal, accounting or reporting requirements. Best practice and legal expectations dictate that personal data should be deleted or anonymized once it has served its intended purpose. Specific retention periods may vary depending on the type of data and the requirements of applicable laws. We will securely delete or anonymize data when retention is no longer required.

9. Security Measures

We implement technical and organizational measures designed to protect personal information from unauthorized access, use and disclosure. While most security practices are technical, privacy policies should explain them in plain language and describe encryption, access controls, audit policies and even crisis‑management strategies. We use industry‑standard encryption in transit and at rest, role‑based access controls, regular security assessments and employee training. However, no method of transmission over the Internet or electronic storage is completely secure; therefore, we cannot guarantee absolute security.

10. Your Rights and Choices

We believe you should have meaningful control over your personal information. Depending on your jurisdiction, you may have the following rights:

  • 10.1 Rights Under the GDPR (EEA/UK Residents)
  • If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under Articles 12–23 of the GDPR. A GDPR privacy notice must inform individuals of these rights and be concise, transparent and written in clear language. You have the right to:
  • Access – Request copies of your personal data.
  • Rectification – Request that we correct inaccurate or incomplete personal data.
  • Erasure – Request that we delete your personal data under certain conditions.
  • Restriction of processing – Request that we restrict processing of your personal data.
  • Objection – Object to our processing of your personal data.
  • Data portability – Request that we transfer the data we have collected to another organization or directly to you.
  • Withdraw consent – Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint – Lodge a complaint with a supervisory authority if you believe our processing of your personal data violates the law.
  • 10.2 Rights Under the CCPA/CPRA (California Residents)
  • California residents have specific rights regarding their personal information. The CCPA requires business privacy policies to include information on consumers’ rights and how to exercise them. If you reside in California, you have the right to:
  • Know – Request that we disclose the categories and specific pieces of personal information we have collected, the sources of collection, our purposes for collecting or selling that information, and the categories of third parties with whom we share it.
  • Delete – Request deletion of personal information that we have collected, subject to certain exceptions.
  • Correct – Request correction of inaccurate personal information we maintain about you.
  • Opt‑out of Sale/Sharing – Direct us not to sell or share your personal information with third parties, including for targeted advertising. We do not sell personal information as defined by the CCPA.
  • Limit Use of Sensitive Personal Information – In certain cases, direct us to limit our use and disclosure of sensitive personal information to the specific purposes permitted by law.
  • Non‑Discrimination – Exercise these rights without receiving discriminatory treatment.
  • We will verify your identity before responding to CCPA requests and respond within the time frames required by law.
  • 10.3 Rights Under Other U.S. State Laws
  • Several U.S. states enacted comprehensive privacy laws taking effect in 2025. Most of these laws grant consumers the ability to access, confirm processing, correct, delete and transfer their personal data, and to opt out of the sale of data and targeted advertising. For example:
  • Delaware – The Delaware Personal Data Privacy Act gives consumers the right to access, confirm, correct, delete and transfer their personal data and to opt out of the sale of data and targeted advertising.
  • Nebraska – The Nebraska Data Privacy Act grants rights to access, confirm processing, correct, delete, transfer and opt out of data sales and targeted advertising; sale of sensitive personal data is prohibited without consumer consent.
  • New Hampshire – SB 255 provides the rights to access, confirm processing, correct, delete and port personal data, and to opt out of data sales and targeted advertising. Businesses must recognize universal opt‑out signals by January 1 2025.
  • Iowa – The Iowa Consumer Data Protection Act grants rights to access, confirm processing, delete and port personal data and to opt out of targeted advertising and data sales; it does not provide a right to correct inaccuracies or opt out of profiling.
  • New Jersey – New Jersey’s Data Privacy Act provides rights to access, delete, correct and transfer personal data; opt out of data sales, targeted advertising, automated decision making and profiling; and appeal denials of requests.
  • Tennessee – The Tennessee Information Protection Act grants rights to access, confirm processing, correct, delete, transfer and opt out of targeted advertising and data sales, and requires compliance with COPPA for sensitive data processing.
  • Minnesota – The Minnesota Consumer Data Privacy Act provides rights to access, confirm processing, correct, delete, transfer and opt out of data sales and targeted advertising; consumers may question profiling decisions, receive explanations and request information on how to achieve a different result.
  • Maryland – The Maryland Online Data Privacy Act grants rights to access, confirm processing, correct, delete, transfer and opt out of targeted advertising and data sales. Maryland’s law also introduces stricter controls on sensitive data: it bans the sale of sensitive data, limits collection to what is necessary and proportionate, and prohibits targeted advertising to minors or the sale of minors’ data without explicit consent.
  • We strive to honor your rights under all applicable state laws. When you submit a privacy request, we will consider the relevant laws based on your state of residence and respond accordingly.

11. Exercising Your Rights

To exercise any of your rights, please submit a request by contacting us using the details in the “Contact Us” section below. We will verify your identity before responding and may request additional information to process your request. Under the GDPR we generally respond within one month; under the CCPA we respond within 45 days or as otherwise required by law. You may also designate an authorized agent to make a request on your behalf, provided you supply sufficient evidence of the agent’s authority.

12. International Data Transfers

We operate in the United States and may process your information in countries outside of your own. If you are located outside the U.S., your personal information may be transferred to, stored and processed in the United States or other countries that may not provide the same level of data protection. When we transfer personal information internationally, we use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other lawful mechanisms, to ensure adequate protection of your data.

13. Children’s Privacy

We do not knowingly collect personal data from children under 13 years of age. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe that a child under 13 has provided us with personal information, please contact us so we can take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will post the updated Policy on our website and indicate the date of the latest revision. Every organization that maintains a website should publish its privacy notice online and update it regularly. We encourage you to review this Policy periodically for any changes. Your continued use of the Service after we post changes signifies your acceptance of those changes.

15. Contact Us

If you have questions, concerns or requests regarding this Privacy Policy or our privacy practices, please contact us:

  • @Gatekeepers.app
  • Email: support@gatekeepers.app

Additional App-Specific Disclosures

The following sections describe how this application specifically collects and uses data, including the services we integrate and the choices available to you.

Service Providers (Third Parties)

We use the following providers solely to operate and improve the Service. We share only what is necessary for each provider to perform their function.

  • Authentication: Clerk —Privacy
  • Payments/Wallet: Thirdweb —Privacy
  • Email Delivery: Resend —Privacy
  • Error Monitoring: Sentry —Privacy
  • Analytics: Umami —Privacy
  • Location Autocomplete: Google Places —Privacy

Analytics and Do Not Track

We use Umami to measure usage (pages visited, UTM parameters, and referrers) without tracking individuals. Analytics loads only in production and respects your browser’s “Do Not Track” setting.

Error Monitoring

We use Sentry to diagnose issues. Depending on the context, this may include IP address, request headers, URL, and device details to reproduce errors. We do not use Sentry to build marketing profiles.

Wallets and On‑Chain Transactions

If you complete a purchase via Thirdweb or a supported on‑chain method, we may associate your email with your blockchain wallet address and record transaction metadata (e.g., transaction hash, chain ID, payment status, and amount) to confirm payment and deliver tickets.

Scanner, Camera, and Local Storage

  • Camera access is requested only to scan QR codes in your browser. Video is processed locally and not stored by us.
  • A short‑lived scanner session token is stored in your browser’s localStorage to keep your scan session active.

IP Address and Rate Limiting

To protect the Service, we apply rate limits using short‑lived keys derived from session information and IP address. These records are used only for abuse prevention and are not used to profile users.

Data Visibility to Organizers

Event organizers can access attendee names, emails, ticket types, and check‑in status for their events. Organizers must use this information only for event‑related communications and must comply with applicable laws.

Retention

  • Scanner sessions: typically valid for up to ~2 hours.
  • Failed orders: purged after ~7 days.
  • Replaced event images: previous files are deleted after successful upload.
  • Orders/tickets and error logs: retained as needed to operate the Service and meet legal obligations.

No Sale or Sharing of Personal Information

We do not sell or “share” personal information as these terms are defined under applicable privacy laws (e.g., CPRA). We also do not use personal information for targeted advertising.

Contact

For privacy questions or requests, contact support@gatekeepers.app.