Back to Golden Pass

Privacy Policy

Effective Date: February 24, 2026 | Last Updated: February 24, 2026

1. Introduction

Golden Pass ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Apple ID identifier (provided through Sign in with Apple)
  • Username (chosen by you)
  • Display name
  • Email address (optional, if shared via Sign in with Apple)
  • Profile photo (if uploaded)
  • Bio (if provided)

Event and Ticket Information:

  • Event names, dates, times, and descriptions
  • Location information (venue names, addresses, coordinates)
  • Host information
  • Custom messages
  • Guest names and phone numbers
  • Plus-one counts

Communications:

  • Customer support inquiries
  • Feedback and suggestions
  • In-app messages

2.2 Information Collected Automatically

Device Information:

  • Device type and model
  • Operating system version
  • Unique device identifiers
  • Push notification tokens

Usage Information:

  • Features used and actions taken
  • Tickets created, sent, and received
  • QR codes scanned
  • Check-in activity
  • App performance data

Log Data:

  • IP address
  • Access times and dates
  • App crashes and errors
  • Referring URLs

2.3 Information from Third Parties

Sign in with Apple:

  • User identifier
  • Email address (if you choose to share)
  • Name (if you choose to share)

Contacts (with your permission):

  • Names and phone numbers from your device contacts when you choose to import them for guest lists

3. How We Use Your Information

3.1 Provide and Operate the Service

  • Create and manage your account
  • Enable ticket creation and customization
  • Facilitate sending and receiving invitations
  • Process event check-ins via QR scanning
  • Sync data across your devices

3.2 Communicate with You

  • Send push notifications about ticket activity (views, claims, reminders)
  • Respond to customer support requests
  • Send service-related announcements
  • Notify you of changes to our Terms or Privacy Policy

3.3 Improve the Service

  • Analyze usage patterns and trends
  • Debug and fix technical issues
  • Develop new features and functionality
  • Conduct research and analytics

3.4 Ensure Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Enforce our Terms of Service
  • Comply with legal obligations

3.5 Process Payments

  • Verify premium purchases through Apple's App Store
  • Manage subscription status

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Other Users

When you send a ticket or invitation, recipients can see event details, your username, display name, and profile photo. Event hosts can see guest names, check-in status, and viewing activity.

4.2 With Service Providers

We share information with third-party vendors who assist us in operating the Service:

  • Amazon Web Services (AWS): Cloud hosting, file storage — account data, tickets, profile images
  • Firebase (Google): Push notifications — device tokens, notification content
  • Apple: Authentication, payments — Apple ID, purchase receipts
  • PostgreSQL hosting: Database — all app data (encrypted)

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 For Legal Reasons

We may disclose your information if required to comply with applicable laws, respond to lawful requests, protect our rights, enforce our Terms of Service, or respond to an emergency involving danger to any person.

4.4 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

5. Data Storage and Security

5.1 Data Storage

Your information is stored on secure servers provided by Amazon Web Services (AWS) located in the United States. Profile images are stored in AWS S3 and delivered via CloudFront CDN.

5.2 Data Retention

We retain your information for as long as your account is active or as needed to provide the Service:

  • Account data: Retained until you delete your account
  • Tickets: Retained until deleted by the creator or account deletion
  • Check-in logs: Retained for 1 year after the event date
  • Server logs: Retained for 90 days

When you delete your account, your profile and account data are deleted within 30 days. Some data may be retained in backups for up to 90 days.

5.3 Security Measures

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Secure authentication via Sign in with Apple
  • JWT-based session management
  • Regular security assessments
  • Access controls and monitoring
  • Secure cloud infrastructure

Despite our efforts, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Portability

You can access your account information through the App's profile and settings sections. You may request a copy of your data by contacting us at privacy@xavierplatforms.com.

6.2 Correction

You can update your profile information (username, display name, bio, profile photo) directly in the App.

6.3 Deletion

You can delete your account at any time through the App settings. To delete your account: Settings → Account → Delete Account.

6.4 Push Notifications

You can manage push notifications through App Settings → Notifications or your device's system settings.

6.5 Contacts Access

You can revoke contacts access at any time through your device's privacy settings. We only access contacts when you actively use the contact picker feature.

6.6 Marketing Communications

We do not send marketing emails. All communications are service-related.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell personal information as defined by the CCPA. To exercise your rights, contact us at privacy@xavierplatforms.com with the subject line "CCPA Request."

8. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

  • Contract: To provide the Service you requested
  • Consent: For optional features (e.g., push notifications)
  • Legitimate interests: To improve the Service and ensure security
  • Legal obligation: To comply with applicable laws

Your Rights

  • Access: Obtain a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Object: Object to certain processing activities
  • Withdraw consent: Withdraw consent at any time

For GDPR-related requests, contact us at privacy@xavierplatforms.com with the subject line "GDPR Request."

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it promptly.

If you believe we have collected information from a child under 13, please contact us at privacy@xavierplatforms.com.

10. Third-Party Links and Services

The Service may contain links to third-party websites or services, including Apple App Store, Apple Maps, and external event websites. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any information.

11. Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications. Types include:

  • Ticket viewed: Alert when someone views your invitation
  • Ticket claimed: Alert when someone saves your invitation
  • Event reminder: Reminder 1 hour before your events
  • Service updates: Important account or service information

To manage notifications: In-app Settings → Notifications, or Device Settings → Golden Pass → Notifications.

12. Analytics and Crash Reporting

We collect anonymous analytics and crash reports to improve the Service, including app usage patterns, performance metrics, and crash logs. This data is aggregated and does not identify individual users.

13. Cookies and Tracking

The mobile App does not use cookies. Our web ticket preview pages may use essential cookies for functionality. No advertising or tracking cookies are used.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours when feasible, provide details about the nature of the breach, describe steps we are taking to address it, and offer guidance on protecting yourself.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date, posting a notice in the App, and sending a push notification or email for significant changes. Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Golden Pass
Email: privacy@xavierplatforms.com
Support: support@xavierplatforms.com

For specific requests:

  • General inquiries: support@xavierplatforms.com
  • Privacy requests: privacy@xavierplatforms.com
  • Legal matters: legal@xavierplatforms.com
  • CCPA requests: privacy@xavierplatforms.com (subject: "CCPA Request")
  • GDPR requests: privacy@xavierplatforms.com (subject: "GDPR Request")

We will respond to all requests within 30 days.

This Privacy Policy is effective as of February 24, 2026.
By using Golden Pass, you acknowledge that you have read and understood this Privacy Policy.