Privacy Policy
Version 1.0.0 · Last Updated: November 29, 2025
This policy is governed by Canadian law (PIPEDA). For the formal wording and version record, see the business admin repository.
1. Scope
This Policy applies to clients (bands, venues, promoters), end‑users purchasing tickets or interacting with hosted sites, and visitors to halfstack.ca.
2. Definitions
- Personal Information: Info about an identifiable individual (excluding business contact info where exempt).
- Client Data: Information provided by a client using HalfStack.
- End‑User Data: Information from ticket buyers and site users.
- Subprocessors: Third parties aiding platform delivery.
3. What We Collect
Client Data
- Contact details (name, email, phone)
- Business name, billing address
- Plan selections & transaction history
- Brand assets (logos, colours, media)
- Event & ticket configuration data
End‑User Data
- Name, email (ticket delivery)
- Optional phone (if enabled)
- Order metadata (event, quantity, timestamps)
- Payment tokens (processed via Stripe)
- IP & device fingerprints (fraud/security)
- Optional location (only with consent)
Visitors
- Aggregated usage analytics
- Session cookies (auth, CSRF)
We collect the minimum required for service delivery, legal obligations, or explicit consent features.
4. Purposes
- Ticketing & event publishing
- Transactional emails
- Support & dispute resolution
- Fraud & abuse prevention
- Aggregate performance analytics
- Legal & tax compliance
- Optional marketing (opt‑in)
5. PIPEDA Principles
- Consent
- Identifying Purposes
- Limiting Collection
- Limiting Use/Disclosure/Retention
- Accuracy
- Safeguards
- Openness
- Individual Access
- Challenging Compliance
6. Retention
| Category | Typical Retention | Rationale |
|---|---|---|
| Billing & invoices | 7 years | Tax & accounting |
| Ticket & order records | 7 years | Audit & compliance |
| Support logs | 24 months | Service quality |
| Security/access logs | 90 days | Security monitoring |
| Marketing opt‑in lists | Until withdrawal | Consent basis |
| Demo requests | 30 days | Abuse mitigation |
7. Security
- TLS everywhere
- Role-based access + MFA
- Segregated production network
- Encrypted daily backups
- Continuous intrusion monitoring
- Hashed & salted credentials
- Quarterly access reviews
Report potential issues to [email protected].
8. Storage & Location
Primary storage is in Canada on DigitalOcean. Some subprocessors route data via global infrastructure for performance (e.g., CDN). Cross-border handling uses contractual and technical safeguards.
9. Subprocessors
| Provider | Purpose | Region | Notes |
|---|---|---|---|
| Stripe | Payments | Canada / US | PCI-DSS; no full card storage |
| Cloudflare | CDN & DDoS | Global | Edge routing & security |
| AWS SES | Email delivery | Canada | DKIM/SPF configured |
| DigitalOcean | Core hosting & compute | Canada | Encrypted backups |
10. Cookies
- Essential (auth, CSRF)
- Functional (preferences)
- Analytics (aggregated)
Disable non-essential cookies in your browser; essential cookies are required.
11. Individual Rights
- Access & obtain a copy
- Correct inaccuracies
- Withdraw consent (future use)
- Request deletion post-retention
- Opt-out of marketing
Email [email protected] — responses within 30 days.
12. Withdrawal of Consent
Use unsubscribe links or contact [email protected]. Transactional communications remain while your account is active.
13. Third-Party Links
Client pages may link externally. External privacy practices are outside our control.
14. Automated Decision Making
No automated decisions with significant effects; segmentation is rule-based.
15. Children’s Privacy
Not directed to children under 13; contact [email protected] for removal requests.
16. Incident Response
We maintain detection, containment, recovery and review procedures. Breaches posing real risk of significant harm trigger notification.
17. Changes
Material changes posted with 30 days’ notice. See version history below.
18. Contact
Email: [email protected]
Security Reports: [email protected]
Mail: HalfStack Privacy Officer, Edmonton, Alberta, Canada
19. Version History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 2025-11-29 | Initial Canada-focused comprehensive policy |
NOTE: Informational only; not legal advice.