THEKETE | Privacy Policy

1. Who We Are

Thekete Pty Ltd is a South African event technology platform that provides ticketing, RSVP management, event discovery, organiser dashboards, scanner access, reporting, communication tools, and payment facilitation services.

In this policy, “Thekete”, “we”, “us”, or “our” refers to Thekete Pty Ltd. “You” means any buyer, organiser, scanner user, visitor, account holder, or person whose information is processed through the platform.

Plain meaning: We collect only what we need to run the platform, sell tickets, manage RSVP events, process payments, prevent fraud, support users, and give organisers proper event-management tools.

2. Scope of This Policy

This policy applies when you:

visit Thekete’s website;
create or use a Thekete account;
buy, receive, download, scan, or use a ticket;
submit RSVP information;
create, manage, promote, or report on an event;
use organiser, scanner, buyer, admin, or support tools;
contact Thekete for support, refunds, complaints, or technical assistance;
receive email, SMS, WhatsApp, system notifications, or other communications from Thekete.

Like other ticketing platforms, Thekete may act as a responsible party/controller for its own platform operations and may also process personal information on behalf of organisers so they can manage their events. Quicket uses a similar controller/processor distinction in its privacy policy. :contentReference[oaicite:1]{index=1}

3. Personal Information We Collect

We may collect different categories of personal information depending on how you use Thekete.

Category	Examples	Why We Need It
Account Information	Name, surname, display name, email address, phone number, password hash, role, account status.	To create accounts, authenticate users, secure access, and provide buyer or organiser dashboards.
Buyer Information	Buyer name, town/city, selected ticket, purchase time, ticket number, QR code, scan status.	To issue tickets, verify access, provide reports, and prevent fraud.
Organiser Information	Business name, contact person, business contact details, profile information, documents, verification status.	To verify organisers, manage event listings, process payouts, and provide organiser tools.
Payment and Transaction Information	Order number, payment status, purchase amount, payment reference, refund status, channel, payout details.	To process payments, reconcile sales, manage refunds, handle disputes, and process organiser payouts.
RSVP Information	Guest name, attendance count, dietary choices, accessibility needs, plus-one details, child attendance count.	To help organisers prepare for RSVP events, seating, access control, catering, and accessibility planning.
Location Information	Town/city, province, selected venue address, Google place ID, latitude and longitude for event venues.	To display events, improve event discovery, support maps, and help buyers find relevant events.
Scanner Information	Assigned scanner user, assigned event, access start/end, scan activity, scan timestamps.	To control ticket access, prevent duplicate scans, and create attendance records.
Technical Information	IP address, browser, device type, session data, cookies, log files, error logs, security events.	To secure the platform, troubleshoot errors, prevent fraud, and improve performance.
Support Communications	Messages, attachments, complaints, refund requests, support notes, notification records.	To respond to support queries, resolve disputes, and keep an audit trail.

Howler’s privacy policy also groups the types of personal information it processes, which is a useful structure for a ticketing/event platform. :contentReference[oaicite:2]{index=2}

4. How We Use Personal Information

We use personal information for legitimate platform and event-management purposes, including:

creating and managing user accounts;
registering organisers and verifying organiser profiles;
creating, approving, displaying, and managing events;
processing ticket purchases, RSVP submissions, refunds, and payouts;
issuing tickets, QR codes, ticket numbers, receipts, and confirmations;
sending transactional emails, SMS notifications, system notices, and event updates;
enabling ticket scanning and fraud prevention;
preparing organiser reports and event analytics;
responding to support queries, complaints, disputes, and refund requests;
detecting fraud, duplicate tickets, chargebacks, suspicious accounts, or unauthorised activity;
complying with legal, tax, accounting, audit, and regulatory obligations;
improving platform usability, security, and performance.

5. Legal Basis for Processing

We process personal information only where we have a lawful basis. Depending on the context, this may include:

Contract: to provide tickets, RSVP services, organiser tools, scanner access, and account services.
Consent: where you actively provide information or agree to specific optional processing.
Legal obligation: where we must keep records or comply with applicable law.
Legitimate interest: to prevent fraud, secure the platform, handle disputes, improve services, and protect users.
Operational necessity: to process information needed to deliver ticketing, RSVP, scanning, support, and payout services.

POPIA principle: We aim to collect and use information only for specific, lawful, and necessary purposes.

6. When We Share Personal Information

We do not sell personal information. We may share personal information only where necessary for platform operations, legal compliance, event delivery, payment processing, fraud prevention, or user support.

6.1 Sharing with Organisers

Organisers may receive limited information necessary to manage their events, such as ticket number, buyer display name, scan status, ticket type, town/city, purchase channel, and purchase date/time. We aim not to share unnecessary buyer contact details such as phone numbers or email addresses in default PDF reports unless there is a lawful and necessary reason.

6.2 Sharing with Service Providers

We may share information with service providers who help us operate the platform, including:

payment gateways and banks;
SMS, email, and notification providers;
hosting, database, and cloud infrastructure providers;
map and location services;
analytics and security tools;
professional advisers, auditors, legal representatives, or compliance consultants;
law enforcement or regulators where required by law.

6.3 Payment Providers

Payment providers may process card, bank, reference, refund, chargeback, and transaction information under their own privacy and security frameworks. Thekete does not need to store full card details where a secure payment provider processes them.

7. Organiser Privacy Duties

Organisers who receive personal information through Thekete must use it only for the relevant event and must protect it from misuse, unauthorised access, spam, resale, unrelated marketing, harassment, or unlawful disclosure.

Quicket’s organiser terms require organisers to process personal information obtained through the platform in line with POPIA and applicable South African data-protection laws. Thekete applies the same practical principle. :contentReference[oaicite:3]{index=3}

Strict rule: Organisers must not export, sell, share, publish, or reuse buyer or RSVP information for unrelated purposes. Thekete may restrict organiser access where personal information is misused.

8. Payments, Refunds, Payouts, and Financial Records

We process transaction information to confirm payments, issue tickets, process refunds, handle payment disputes, calculate organiser revenue, apply platform fees, and process payouts.

We may keep financial records for legal, accounting, audit, tax, fraud-prevention, and dispute-resolution purposes.

Buyers may see payment status, ticket status, and refund status.
Organisers may see event-level revenue, tickets sold, net revenue, scan status, and attendance reports.
Admins may access transaction and payout information to manage reconciliation and support.

9. RSVP and Special Event Information

RSVP events may collect information that helps organisers prepare for attendance, seating, catering, accessibility, and venue logistics. This may include dietary preferences, accessibility requirements, plus-one counts, and child attendance counts.

Organisers must use RSVP information only for event-preparation purposes. They must not use it for unrelated profiling, advertising, discrimination, or non-event communication.

10. Ticket Scanning and Attendance Records

Scanner users may validate tickets on behalf of organisers. When a ticket is scanned, we may record scan status, scan time, scanner assignment, event ID, ticket number, and related attendance data.

These records are used for access control, attendance reports, fraud prevention, dispute management, and organiser reconciliation.

11. Location and Maps

Thekete may use location information for event discovery, venue display, Google Maps integration, city/province filtering, and location-based event browsing.

Where users select a town, city, venue, or place suggestion, we may store the selected location text, city, province, country, latitude, longitude, and place ID where necessary to support event discovery and maps.

12. Cookies, Sessions, and Similar Technologies

Thekete may use cookies, sessions, local storage, or similar technologies to keep users logged in, remember preferences, support security, prevent fraud, analyse usage, and improve platform performance.

Essential cookies: needed for login, security, checkout, and platform functionality.
Preference storage: used to remember interface behaviour or user choices.
Analytics and logs: used to understand performance, diagnose errors, and improve the platform.

You may control some cookies through your browser settings, but disabling essential cookies may affect login, checkout, ticket access, or dashboard functionality.

13. Communications and Marketing

We may send transactional communications such as account notices, ticket confirmations, RSVP confirmations, refund updates, event changes, payout updates, scanner assignments, security alerts, and support messages.

Promotional or marketing communications may be sent where permitted by law, where you have opted in, or where there is a lawful basis. You may unsubscribe or opt out where an opt-out mechanism is provided.

14. Security

We use reasonable technical and organisational measures to protect personal information. These may include access controls, authentication, encrypted transport where available, audit trails, role-based access, restricted admin access, secure hosting, backups, and monitoring for suspicious activity.

No system is perfect: No website, database, payment system, or internet transmission can be guaranteed to be completely secure. Users must also protect their own login details.

15. Data Retention

We keep personal information only as long as reasonably necessary for the purpose for which it was collected, unless a longer period is required or permitted by law.

Retention periods may depend on:

account status;
ticket purchase history;
event reporting and reconciliation needs;
refund and chargeback periods;
legal, accounting, audit, or tax obligations;
fraud prevention and security monitoring;
unresolved complaints, disputes, or investigations.

16. Your Privacy Rights

Subject to applicable law, you may have the right to:

ask what personal information we hold about you;
request correction of inaccurate or outdated information;
object to certain processing where legally permitted;
request deletion where retention is no longer legally or operationally necessary;
withdraw consent where processing is based on consent;
complain to the Information Regulator of South Africa.

We may need to verify your identity before acting on a privacy request. We may refuse or limit requests where we are legally required or entitled to keep information, for example for accounting records, fraud prevention, transaction disputes, security, legal claims, or regulatory compliance.

17. Children and Minors

Thekete is not intended to collect unnecessary personal information from children. Where events involve children or minors, organisers and users must ensure that they have the necessary authority, consent, and lawful basis to submit or process such information.

If we become aware that a child’s personal information has been submitted without a lawful basis, we may delete, restrict, or secure the information as appropriate.

18. Cross-Border Processing

Some service providers used by Thekete may store or process information outside South Africa. Where this happens, we will take reasonable steps to ensure that personal information is protected through appropriate safeguards, contractual terms, or lawful transfer mechanisms.

19. Changes to This Policy

Thekete may update this Privacy Policy from time to time. The updated version will be published on this page. Continued use of the platform after updates means you acknowledge the updated policy.

20. Contact and Privacy Requests

For privacy questions, correction requests, deletion requests, account queries, complaints, or POPIA-related requests, contact Thekete through the official support channels displayed on the platform.

Effective date: 15 June 2026