Privacy Policy.

WeBuildCode Inc.(operating the Jamrats platform) is the data controller for the marketing site, organizer dashboards, and buyer ticket-recovery flows. The event organizer is the data controller for buyer purchases on their event pages (we’re the processor). Reach our privacy contact at hello@jamrats.com.

From organizers: name, email, phone, business address, identity-verification documents needed to set up payouts, and the event content you publish.

From buyers: name and email at checkout, the consents you tick, and the order details (event, ticket type, total). Card details are handled by the payment processor — we do not see or store them.

Automatically: basic technical data needed to operate the service: IP address, browser type, pages visited, scan timestamps. Cookies and similar storage are described in the Cookie Policy.

• To deliver the ticket you bought (name + email).
• To pay out the organizer who sold it to you (identity verification + payout records).
• To prevent fraud and abuse (IP address, basic device fingerprint).
• To send transactional emails: receipts, reminders, refund confirmations.
• To respect your consent: marketing emails go out only if you opted in at checkout.
• To meet our legal obligations: tax records, fraud reporting, and lawful requests from regulators.

We share the minimum needed to operate the platform with carefully chosen third parties:

• Payment processor — handles card data and payouts.
• Authentication provider — handles sign-in.
• Email delivery — sends receipts and ticket emails on the organizer’s behalf.
• Cloud hosting — keeps the platform running.
• Anti-fraud / bot challenge— we use Cloudflare Turnstile (invisible mode) on the checkout form to distinguish humans from automated abuse. Turnstile reads basic browser signals to compute a one-time verification token; we send that token plus your IP address to Cloudflare to verify it, and we do not store the signals themselves. Cloudflare’s handling of this data is governed by its Turnstile Privacy Addendum.

Each vendor is bound by a written data-processing agreement, audited to independent security standards, and limited to processing data only for the purposes we instruct.

We do not sell personal data, and we do not share it with advertisers.

When you buy a ticket, the organizer who sold it sees your name, email, ticket selection, and consent state. They can export this to their own customer list (with your marketing-consent flag preserved). They become an independent controller of that data; their privacy practices apply to anything they do with it after export.

• Order records — at least 7 years, to meet tax retention rules.
• Buyer email + consent state — for as long as the organizer’s account exists; we strip these on request.
• Marketing-site analytics — 12 months.
• Scan logs — 24 months.
• Backups — 30 days rolling.

Primary data lives in Canada (Toronto region). Backups are stored within North America. Vendor processors (payments, email, anti-fraud) may process data in the US or EU under standard contractual protections.

Under Canadian (PIPEDA, Quebec Law 25), US state privacy laws (CCPA/CPRA, VCDPA, etc. where applicable), the UK GDPR + Data Protection Act 2018, and the Australian Privacy Act 1988 + the Australian Privacy Principles, you may:

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (subject to retention obligations like tax law).
• Withdraw marketing consent at any time — by un-ticking the opt-in or replying to any marketing email.
• Request a portable export of your data.
• Object to processing or restrict it in specific cases.
• Lodge a complaint with your local privacy regulator (e.g. the Office of the Privacy Commissioner of Canada).

To exercise these rights, email hello@jamrats.com with the subject “Privacy request”. We respond within 30 days.

Jamrats accounts are for users of legal majority. We don’t knowingly collect data from children under 13 (or the equivalent age in your jurisdiction). If you believe a child’s data has been collected, contact us and we will delete it.

Material changes are notified by email at least 30 days before they take effect. The “last updated” date at the top of this page always reflects the most recent revision.

Questions, complaints, or rights requests: hello@jamrats.com.