5.0% FIXEDPlatform rate

yourboxoffice.net

Privacy Policy for yourboxoffice.net

Effective Date: May 29, 2026

This Privacy Policy describes how yourboxoffice.net (operated by the platform provider) processes data when you use our platform as an organizer ("Venue") or a ticket buyer ("Patron").

We operate under a core commandment: Absolute Data Sovereignty. We do not sell data, we do not pool data, and we do not perform cross-venue profiling.

1. Data Processing Roles

  • Venues (Organizers): We act as a Data Processor regarding Patron information collected during checkout. The local Venue organizing your event is the primary Data Controller. Your information belongs entirely to that Venue.
  • Patrons (Ticket Buyers): We process your information strictly to fulfill transactions, generate admission tickets, prevent fraud, and route operational transaction states.

2. Information We Collect and Purpose Limitation

We strictly limit data collection to the minimum required for immediate transaction utility:

  • Transaction & Checkout Data: First Name, Last Name, Email Address, ticket quantity, and transaction value. This data is utilized solely to process purchases via our gateway partner, verify your identity via secure One-Time Passwords (OTP), and route admission credentials.
  • Infrastructure Operations & Security: IP addresses, browser agent headers, and request routing metadata are processed temporarily at our edge layer to prevent high-concurrency bot abuse, malicious scalping actions, and financial transaction fraud.

3. Payment Processing and PCI-DSS Boundary Enforcement

Your credit card account numbers, expirations, and secure CVV codes never enter or touch our core database infrastructure. All cardholder details are captured and tokenized directly inside an isolated iframe environment provided exclusively by our payment processor, Stripe. This configuration ensures our system remains entirely outside the Cardholder Data Environment (CDE) under PCI-DSS SAQ-A parameters.

4. Third-Party Subprocessors

We minimize external network data routing. We use only the following essential subprocessors to maintain platform operations:

  • Stripe, Inc. — Payment gateway processing, financial multi-party split-routing, and fraud risk analysis.
  • Resend Inc. — High-throughput transactional email delivery (tickets, verification codes, and receipt payloads).
  • Cloudflare, Inc. — Edge network ingress, DNS management, and bot-mitigation rate limits.
  • Neon, Inc. — Isolated, serverless relational database storage engine.
  • Upstash, Inc. — In-memory caching layers utilized exclusively for holding temporary event tickets during checkout sessions.

5. No Third-Party Tracking or Ads

This platform contains zero external advertising tracking pixels, cross-site analytics web scripts, or retargeting network cookies. Your checkout journey remains an isolated environment protected from commercial tracking exploitation.

6. Transactional Communications

We use your contact details exclusively for critical transaction notifications, including:

  • Security validation verification codes (email_verification_code).
  • Order confirmation notifications containing secure admission QR stubs.
  • Secure single-use verification links (guest_order_magic_link) to locate previously purchased credentials.

7. Contact and Data Rights

Patrons seeking erasure or access to order data should contact the venue that sold their tickets first—the venue is the Data Controller for your purchase. Venues seeking venue account teardown or platform-level deletion should contact support@yourboxoffice.net. For regulatory inquiries or other platform data-rights requests, contact legal@yourboxoffice.net.