Privacy Policy
Version 2026-02-16
1. Introduction
Janix, Inc. ("Janix," "we," "our," or "us"), a Texas corporation, operates the Janix Event Suite ticketing platform ("Platform" or "Services"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Services to purchase tickets, register for events, or interact with our Platform.
We are committed to protecting your privacy and handling your data transparently. By using our Services, you agree to the practices described in this policy. This Privacy Policy is incorporated into and subject to our Terms of Service.
2. Our Role in Your Data
Understanding who manages your data: Janix serves two roles depending on the type of data involved. Understanding this helps you know whom to contact about your information.
Janix as Data Controller
Janix is the data controller for information related to your Platform account, including your authentication credentials, account preferences, and your direct interactions with the Platform. We decide how and why this data is processed.
Janix as Data Processor
When Event Organizers use our Platform to manage ticket sales and attendee relationships, Janix processes attendee data on behalf of the Event Organizer. In this context, the Event Organizer is the data controller and Janix is the data processor. The Event Organizer determines how your ticket purchase data and event attendance data are used for their own marketing, analytics, and audience development purposes.
Event Organizer as Independent Controller
Once an Event Organizer receives your information through the Platform (your name, email, purchase details), they become an independent data controller for that information. Their use of your data is governed by their own privacy practices. We encourage you to review the privacy policies of Event Organizers whose events you attend.
3. Information We Collect
Information You Provide
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name | Ticket delivery, event check-in, personalization | Contract performance |
| Email address | Account authentication, ticket delivery, event updates | Contract performance |
| Phone number (optional) | Event reminders, urgent notifications | Consent |
| Billing address | Payment processing, fraud prevention | Contract performance, legal obligation |
| Age range (optional) | Demographics for grant reporting by Event Organizers | Consent |
Information Collected Automatically
- Device information: Browser type, operating system, device identifiers
- Usage data: Pages visited, features used, interaction patterns
- IP address: For security, fraud prevention, and approximate location
- Cookies and local storage: Session management, authentication tokens, preferences
Payment Information
We do not store your credit card details. All payment processing is handled securely by Stripe, a PCI DSS Level 1 compliant payment processor. Your payment is processed directly to the Event Organizer's connected Stripe account. Stripe may collect and store payment information according to their privacy policy.
4. How We Use Your Information
We use your information for the following purposes and legal bases:
- Provide our Services (contract performance): Process ticket purchases, deliver digital tickets, enable event check-in, manage your account
- Communicate with you (contract performance, legitimate interest): Send purchase confirmations, event reminders, service updates, and respond to support requests
- Improve our Platform (legitimate interest): Analyze usage patterns, diagnose technical issues, develop new features
- Prevent fraud (legitimate interest, legal obligation): Detect and prevent unauthorized transactions, bot activity, and abuse
- Support Event Organizers (contract performance): Provide attendance data and aggregate analytics to the organizers of events you attend
- Legal compliance (legal obligation): Respond to legal requests, comply with applicable laws, protect our rights
5. CRM and Data Enrichment
To help Event Organizers better understand and serve their audiences, we may supplement contact profiles with publicly available information.
Enrichment Services
| Service | Data Collected | Source |
|---|---|---|
| Apollo.io | Company, job title, industry | Publicly available business databases |
| Exa.ai | Professional background, public web presence | Indexed public web content |
Your right to opt out: You may opt out of profile enrichment at any time by emailing privacy@janix.ai with the subject line "Opt Out of Enrichment." We will remove any enriched data from your profile and flag your account to prevent future enrichment. We only use publicly available information and never purchase private data.
Relationship Tracking
We use Neo4j, a graph database, to help Event Organizers understand audience engagement patterns (e.g., which events you've attended, frequency of attendance). This enables personalized event recommendations. This processing is based on legitimate interest in improving the event experience. You may object to this processing by contacting us.
AI-Generated Insights
We may use automated processing, including large language models, to generate aggregate audience insights such as persona clusters and marketing recommendations for Event Organizers. These insights are based on aggregate patterns across many attendees and are not used to make decisions that produce legal or similarly significant effects on individual users. You may request information about and object to automated processing by contacting us.
6. Information Sharing
We share your information only as described below. We do not sell your personal data.
With Event Organizers
When you purchase tickets or register for an event, the Event Organizer receives:
- Your name and email address
- Purchase details (ticket type, quantity, price paid)
- Check-in status at the event
- Any optional information you provided during registration
The Event Organizer becomes an independent data controller for this information and may use it according to their own privacy practices for event management, audience development, and communication.
Service Providers (Sub-Processors)
We engage the following service providers to help operate the Platform. Each processes data only as necessary for the stated purpose and under contractual data protection obligations:
| Provider | Purpose | Data Processed |
|---|---|---|
| Stripe, Inc. | Payment processing | Payment details, transaction data |
| Resend | Transactional email delivery | Email address, name, email content |
| Amazon Web Services | Cloud hosting and data storage | All Platform data (encrypted at rest) |
| Neo4j Aura | CRM relationship database | Contact profiles, attendance relationships |
| Apollo.io | Contact data enrichment | Email address (for lookup); returns public professional data |
| Exa.ai | Contact data enrichment | Name, email (for lookup); returns public web data |
Advertising and Conversion Tracking
When Event Organizers use our marketing tools, we may share data with advertising platforms for conversion tracking and audience targeting:
- Meta (Facebook/Instagram): We transmit hashed email addresses and purchase event data via server-side Conversions API for conversion attribution and lookalike audience creation.
- Google Ads: We transmit hashed purchase data via server-side conversion tracking for campaign attribution.
Important: Although we hash (encrypt) identifiers before transmission, this data is considered personal information under CCPA, TDPSA, and GDPR. This constitutes "sharing" under CCPA. You have the right to opt out of this sharing. See Section 9 for how to exercise this right.
Legal Requirements
We may disclose your information if required to do so by law, subpoena, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Janix, our users, or the public.
We never sell your personal data to third parties. We do not exchange your personal information for monetary consideration.
7. Data Security
We implement technical and organizational measures designed to protect your personal information:
- TLS/HTTPS encryption for all data in transit
- Encryption at rest for stored data (AWS)
- Secure, time-limited authentication tokens (JWT with 30-minute expiration; magic link tokens with 60-minute single-use expiration)
- Multi-tenant data isolation ensuring each organization's data is logically separated
- Regular security audits, penetration testing, and monitoring
- Role-based access controls limiting who can view personal data
- PCI DSS compliant payment processing (via Stripe; we never store card data)
While we strive to protect your information using commercially reasonable measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at support@janix.ai.
8. Data Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Investigate and contain the breach promptly
- Notify affected individuals by email without unreasonable delay, and no later than sixty (60) days after discovery, as required by Texas law (Tex. Bus. & Com. Code § 521.053)
- Notify the Texas Attorney General if the breach affects 250 or more Texas residents
- Provide details about the nature of the breach, the types of data affected, and steps you can take to protect yourself
- Notify applicable regulatory authorities as required by law (e.g., EU supervisory authorities within 72 hours for GDPR-covered breaches)
9. Your Privacy Rights
Depending on your location, you have the following rights regarding your personal information:
For All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal data, subject to legal retention requirements
- Opt-out of marketing: Unsubscribe from non-transactional communications at any time
- Opt-out of enrichment: Request that we stop supplementing your profile with third-party data
- Opt-out of ad sharing: Request that we stop sharing your data with advertising platforms
Texas Residents (TDPSA)
Under the Texas Data Privacy and Security Act (effective July 1, 2024), Texas residents have the right to:
- Confirm whether we are processing your personal data
- Access your personal data
- Correct inaccuracies in your personal data
- Delete personal data you have provided or that we have obtained
- Obtain a portable copy of your data in a readily usable format
- Opt out of: targeted advertising, the sale of personal data (we don't sell data), and profiling that produces legal or similarly significant effects
We will respond to verified requests within forty-five (45) days. We will not discriminate against you for exercising your TDPSA rights. To appeal a denial of a rights request, email privacy@janix.ai with the subject line "TDPSA Appeal."
California Residents (CCPA/CPRA)
California residents have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
- Right to know what personal information is collected, used, shared, and sold
- Right to delete personal information
- Right to correct inaccurate personal information
- Right to opt out of the sale or sharing of personal information. While we do not sell data for monetary consideration, our server-side advertising conversion tracking may constitute "sharing" under CCPA. You may opt out by emailing us.
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising privacy rights
European Residents (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights including:
- Right to data portability in a structured, machine-readable format
- Right to restrict processing in certain circumstances
- Right to object to processing based on legitimate interest
- Right to withdraw consent at any time (without affecting lawfulness of prior processing)
- Right to lodge a complaint with a supervisory authority
How to Exercise Your Rights
To exercise any privacy right, contact us at privacy@janix.ai. We will verify your identity by confirming ownership of the email address associated with your account. We will respond within the timeframe required by applicable law (generally 30-45 days).
If your request relates to data controlled by an Event Organizer (e.g., how they use your attendance information for their own marketing), you should contact the Event Organizer directly. We will assist in forwarding requests where appropriate.
10. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until you request deletion, or 36 months after last activity | Service provision |
| Transaction records | 7 years after transaction date | Tax and legal compliance (IRS requirements) |
| Usage analytics | 26 months (aggregated and anonymized) | Platform improvement |
| Support communications | 2 years after resolution | Service quality, dispute resolution |
| Authentication logs | 12 months | Security and fraud prevention |
| Enriched CRM data | Until opt-out or account deletion | Event Organizer audience development |
When data reaches the end of its retention period, it is permanently deleted or irreversibly anonymized. Transaction records required for legal compliance cannot be deleted prior to the retention period even upon user request.
11. Children's Privacy
Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@janix.ai and we will delete the information promptly.
Users between the ages of 13 and 17 may browse the Platform and create an account, but must have a parent or legal guardian complete any ticket purchases on their behalf. See our Terms of Service for eligibility requirements.
12. Cookies and Tracking Technologies
We use the following types of cookies and similar technologies:
| Type | Purpose | Duration |
|---|---|---|
| Essential / Authentication | Login sessions (JWT tokens stored in localStorage), CSRF protection | Session / 30 minutes |
| Functional | Remember your preferences, organization context, selected language | Up to 12 months |
| Analytics | Understand how the Platform is used, identify technical issues | Up to 26 months |
| Marketing (when enabled by Event Organizer) | Meta Pixel, Google Ads conversion tags for campaign attribution | Varies by provider |
You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in or purchasing tickets. Marketing cookies are loaded only when an Event Organizer has enabled advertising integrations for their events.
13. International Data Transfers
Our servers are located in the United States (AWS US regions). If you access the Platform from outside the United States, your personal information will be transferred to and processed in the United States.
For users in the European Economic Area, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for cross-border data transfers. Our sub-processors (AWS, Stripe, etc.) maintain their own data transfer mechanisms including SCCs and adequacy decisions.
14. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, we do not currently alter our data collection practices in response to DNT signals. However, you can use the opt-out rights described in Section 9 to control how your data is used for advertising purposes.
15. Changes to This Policy
We may update this Privacy Policy periodically. The version date at the top indicates when the policy was last revised. For material changes that affect how we process your personal information, we will provide notice by email to the address associated with your account at least thirty (30) days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.
We will maintain an archive of previous versions of this policy available upon request.
16. Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have a concern about how your data is handled:
Privacy inquiries and rights requests:
Email: privacy@janix.ai
General support:
Email: support@janix.ai
Mailing address:
Janix, Inc.
Austin, Texas
For TDPSA appeals, email privacy@janix.ai with the subject line "TDPSA Appeal." We will respond within sixty (60) days.