Privacy Policy

Last updated: 24 June 2026 Effective: 24 June 2026 Platform: Event सञ्जाल

1. Who We Are

Event सञ्जाल is operated by AImpact Limited ("AImpact", "we", "us", "our"), a New Zealand limited liability company based in Auckland, Aotearoa NZ.

This Privacy Policy applies to all personal information we collect and process through the Platform — the website at its primary domain and any associated mobile or progressive-web-app surfaces — in connection with account registration, event discovery, ticket purchase, and related services.

We act as the data controller for the personal information we collect directly from you. Event organisers who operate through the Platform are separate data controllers for information they collect in their own right — for example, check-in scan records or event-specific registration form responses.

2. Information We Collect

Account information — when you register: your name, email address, phone number (optional), and a hashed password. Your email is the unique identifier for your account.

Order and ticket data — when you purchase a ticket: the event and ticket type selected, quantity, order total, payment reference (a token from the payment gateway — we never store raw card numbers), and the cryptographically signed QR token linked to your ticket.

Event registration responses — some events ask additional questions (e.g., dietary requirements, T-shirt size). Answers are collected and shared only with the Organiser of that specific event.

Automatically collected data — when you visit the Platform, our server logs record your IP address, browser type and version, pages visited, and timestamps. We also set the session cookie described in Section 5.

Communications — if you contact us by email or through the support form, we retain those messages in order to handle your enquiry.

We do not collect sensitive information (such as health data, ethnicity, or financial account numbers) beyond what is explicitly required and disclosed.

3. How We Use It

  • Providing the service. Creating your account, processing ticket orders, generating and delivering your e-ticket, and enabling event check-in.
  • Transactional communications. Sending order confirmations, e-tickets, and important updates about events you have tickets for (e.g. venue change, cancellation).
  • Customer support. Responding to your enquiries, resolving disputes, and processing refund requests.
  • Security. Detecting and preventing fraud, account takeover, and abuse of the Platform.
  • Service improvement. Analysing aggregated, anonymised usage patterns to improve features. We do not run behavioural advertising or profile individual users for marketing purposes.
  • Legal obligations. Retaining records we are required to keep under New Zealand tax, consumer, and anti-money-laundering laws.

We do not use your personal information to train AI models or for automated decision-making that produces legal or similarly significant effects on you.

4. Who We Share It With

We share your personal information only as necessary to deliver the service. We do not sell, rent, or trade your information to third parties for their own marketing.

  • Payment gateways. BlinkPay (New Zealand bank payments) and Stripe (card payments) receive the information necessary to process your payment. Both operate under their own privacy policies and are PCI-DSS compliant. AImpact receives only a payment reference token — we never see your full card number or banking credentials.
  • SMS provider. Twilio receives your phone number if you have enabled SMS notifications. Messages are sent only for service communications (e.g. OTP codes, ticket confirmation).
  • Cloud infrastructure. Our hosting and database services operate in data centres within New Zealand and the EU (DigitalOcean). These providers access data only to operate the infrastructure and are bound by data-processing agreements.
  • Event organisers. Your name, email, and ticket status are shared with the Organiser of events you have registered for, so they can manage check-in and communicate with attendees. Any additional information you submit in an Organiser's custom registration form is shared with that Organiser only.
  • Legal requirements. We will disclose information if required to do so by New Zealand law, court order, or in response to a valid request from a law-enforcement or regulatory authority.

5. Cookies & Tracking

We use one first-party session cookie, ec_session, to keep you logged in between pages. This cookie:

  • Is set when you log in and expires after a period of inactivity (or at your absolute session limit — whichever comes first).
  • Is HttpOnly and Secure, meaning it cannot be read by page scripts and is transmitted only over HTTPS.
  • Contains no personally identifiable information — it holds only an opaque session identifier.
  • Is deleted when you log out.

We do not set advertising cookies, cross-site tracking pixels, or fingerprinting scripts. We do not use Google Analytics or any third-party analytics SDK on the Platform.

If you block or delete cookies, you will not be able to remain logged in, but you can still browse public event listings.

6. Data Storage & Security

Your data is stored on servers located in New Zealand and the European Union (Frankfurt). Both regions are recognised as providing adequate protection for personal information.

We protect your information using:

  • TLS encryption for all data transmitted between your device and our servers.
  • Bcrypt password hashing — your password is never stored in plain text.
  • Cryptographically signed QR tokens: each ticket contains an HMAC signature that is verified at check-in, making forged or duplicated tickets detectable.
  • Role-based access controls: event organiser staff see only their own events' data; they cannot access other tenants' records.
  • Regular security assessments of the Platform.

No method of transmission or storage is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify the New Zealand Privacy Commissioner and affected individuals as required by the Privacy Act 2020.

7. How Long We Keep It

  • Account data — retained while your account is active and for 3 years after account deletion (to satisfy legal record-keeping obligations and handle late disputes).
  • Order and ticket records — retained for 7 years from the transaction date in compliance with the Tax Administration Act 1994.
  • Support correspondence — retained for 3 years after your enquiry is resolved.
  • Server access logs — retained for 90 days for security monitoring purposes, then deleted.

When the applicable retention period expires, data is permanently deleted or irreversibly anonymised.

8. Your Rights

Under the Privacy Act 2020 (New Zealand) you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct information that is inaccurate, out of date, or misleading.
  • Deletion — request that we delete your account and associated personal data. We will comply unless we are required by law to retain it.
  • Object — object to certain uses of your data (for example, use in aggregate analytics).
  • Portability — request your order history and account data in a portable format (CSV or JSON).

To exercise any of these rights, email us at info@aimpact.co.nz with a clear description of your request. We will respond within 20 working days as required by the Privacy Act 2020.

You can update your account details (name, phone number, email address) directly from your account settings at any time.

9. Children's Privacy

The Platform is intended for users who are 18 years of age or older, or who have the consent of a parent or guardian. We do not knowingly collect personal information from children under 13 without verified parental consent.

If you are a parent or guardian and believe your child has registered without your consent, please contact us at info@aimpact.co.nz and we will delete the account promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or to applicable law. We will post the revised version on this page and update the "Last updated" date.

If we make a material change — one that meaningfully affects how we use your information — we will notify you by email or by a prominent notice on the Platform at least 14 days before the change takes effect.

11. Contact & Complaints

If you have a question about this policy, or wish to exercise your privacy rights, please contact us:

AImpact Limited — Privacy Email: info@aimpact.co.nz Auckland, Aotearoa NZ Platform: Event सञ्जाल — aimpact.co.nz
Done
Event सञ्जाल Events

Session Expired

For your security, your session has timed out due to inactivity. Please sign in again to continue.

Sign In