Privacy Policy

1. Introduction

Ticketee.io ("Platform," "we," "our," or "us") is operated by Sudo127 Technology Sdn Bhd (Company Registration No. 202501016168 (1617582-D)), a company duly incorporated under the laws of Malaysia ("Company"). This Privacy Policy governs the collection, processing, storage, and disclosure of personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applicable international data protection frameworks.

By accessing, registering for, or utilizing the Platform and its associated services, you expressly acknowledge that you have read, understood, and unconditionally agree to be bound by this Privacy Policy. Your continued use of the Platform constitutes ongoing consent to the data practices herein described. If you do not agree with any provision of this Privacy Policy, you must immediately discontinue use of the Platform.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

• Register for an account (name, email address, password, profile photo)
• Create an organization profile (organization name, logo, location, industry)
• Create or manage events (event details, organizer information, contact details)
• Add attendees (attendee names, email addresses, phone numbers)
• Purchase credits (payment information processed by Billplz)
• Contact our support team (name, email, message content)
• Invite team members (email addresses of invitees)

2.2 Information Collected Automatically

Upon accessing the Platform, we automatically collect technical and usage information through various means, including but not limited to:

• Device identifiers, network addresses, and system configurations
• Usage patterns, navigation behavior, and interaction metrics
• Authentication credentials and session data
• Communication delivery status and engagement metrics
• Any other data necessary for Platform functionality and security

2.3 Information from Third Parties

We may receive information from authorized third-party service providers and partners, including but not limited to:

• Payment processors for transaction verification and processing
• Cloud infrastructure providers for hosting and delivery services
• Integration partners and API service providers
• Any other third parties necessary for Platform operations

3. How We Use Your Information

We process your personal data for the following purposes under the PDPA 2010:

3.1 Service Provision

• Create and manage your user account
• Enable event creation, attendee management, and QR code generation
• Process email and WhatsApp notifications to attendees
• Facilitate team collaboration and member invitations
• Generate real-time analytics and attendance reports
• Process check-ins via QR code scanning

3.2 Payment Processing

• Process credit purchases through Billplz payment gateway
• Maintain point transaction records and balances
• Issue refunds for failed campaigns
• Generate invoices and payment receipts

3.3 Communication

• Send transactional emails (OTP verification, password reset, member invitations)
• Deliver event-related notifications to attendees on behalf of organizers
• Respond to your inquiries and provide customer support
• Send important service updates and security alerts

3.4 Platform Improvement

• Analyze usage patterns to improve features and user experience
• Monitor platform performance and troubleshoot technical issues
• Conduct internal research and development
• Aggregate anonymized data for statistical purposes

3.5 Legal Compliance

• Comply with Malaysian laws and regulations
• Prevent fraud, unauthorized access, and illegal activities
• Enforce our Terms of Service
• Respond to legal requests from authorities

4. Legal Basis for Processing (PDPA Compliance)

Under Malaysian PDPA 2010, we process your personal data based on:

• Consent: You have provided explicit consent when creating an account or using our services
• Contract Performance: Processing is necessary to fulfill our service agreement with you
• Legal Obligation: We must comply with Malaysian tax, accounting, and regulatory requirements
• Legitimate Interests: Processing is necessary for fraud prevention, security, and service improvement

5. Data Sharing and Disclosure

The Company reserves the right to disclose, transfer, or share your personal data with third parties as deemed necessary for Platform operations and business purposes, including but not limited to:

5.1 Service Providers and Partners

We may engage third-party service providers, contractors, agents, and partners to perform functions on our behalf, including payment processing, cloud infrastructure, data storage, communications delivery, analytics, and technical support. Such third parties may have access to your personal data to the extent necessary to perform their designated functions, subject to contractual confidentiality obligations.

5.2 Organizational Sharing

Personal data of event attendees and organizational users may be accessible to authorized members within your organization as necessary to facilitate Platform functionality. You acknowledge and consent to such internal sharing for operational purposes.

5.3 Legal and Regulatory Disclosure

We reserve the right to disclose your information without prior notice if required or permitted by law, regulation, legal process, governmental request, court order, or to:

• Protect and defend the Company's rights, property, or interests
• Enforce our Terms of Service or other agreements
• Prevent, investigate, or address fraud, security issues, or illegal activities
• Comply with tax, accounting, audit, or regulatory obligations
• Respond to claims or protect the rights, safety, or property of the Company, users, or the public

5.4 Business Transfers and Restructuring

In the event of a merger, acquisition, reorganization, dissolution, bankruptcy, sale of assets, or similar transaction or proceeding involving the Company, your personal data may be disclosed, transferred, or sold to successor entities or third parties. You hereby consent to such transfer and acknowledge that the successor entity may continue to process your data under this Privacy Policy or a successor policy.

6. Data Storage and Security

6.1 Data Location and Processing

Personal data may be stored, processed, and transferred across multiple jurisdictions and server locations as determined by the Company to optimize Platform performance, reliability, and operational efficiency. You hereby consent to such cross-border data transfers and acknowledge that data protection standards may vary by jurisdiction.

6.2 Security Measures

While the Company endeavors to implement commercially reasonable administrative, technical, and physical safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction, no method of electronic storage or transmission is absolutely secure. The Company does not warrant or guarantee the security of any information transmitted to or stored on the Platform and shall not be liable for any breach of security or unauthorized access to your data.

You acknowledge and accept the inherent risks of electronic data transmission and storage. You are solely responsible for maintaining the confidentiality of your account credentials and for all activities conducted under your account.

6.3 Data Breach Notification

In the event of a data breach affecting personal data, the Company will assess the incident and determine the appropriate response in accordance with applicable legal obligations. Notification to affected users and regulatory authorities shall be provided at the Company's sole discretion and as required by law, subject to law enforcement, national security, or other legal considerations that may delay or prohibit notification.

7. Data Retention

The Company retains personal data for such periods as are necessary to fulfill the purposes set forth in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, enforce agreements, and protect the Company's legitimate business interests. Retention periods are determined at the Company's sole discretion and may include, without limitation:

• Active and Inactive Accounts: Data retained for the duration of account activity and for a reasonable period thereafter as determined by the Company
• Financial and Transaction Records: Retained for periods required by applicable tax, accounting, and financial regulations, including up to seven (7) years or longer as legally mandated
• Communications and Logs: Retained for such periods as necessary for operational, security, and audit purposes
• Legal and Compliance Holds: Data subject to legal proceedings, investigations, audits, or regulatory requests retained indefinitely until resolution or clearance
• Backup and Archival Data: Data stored in backup systems or archives may persist beyond standard retention periods due to technical and operational requirements

Upon expiration of applicable retention periods, personal data may be deleted, anonymized, or archived in accordance with the Company's data management procedures. However, the Company does not guarantee complete or immediate deletion and disclaims liability for residual data remaining in backups, archives, or third-party systems.

8. Your Rights Under Malaysian PDPA 2010

Subject to the limitations, exceptions, and conditions prescribed by applicable law, you may exercise the following rights with respect to your personal data:

8.1 Right to Access

You may submit a written request to access your personal data held by the Company. Upon verification of your identity and validation of your request, the Company shall endeavor to provide such information within twenty-one (21) days, or such extended period as permitted by law. The Company reserves the right to charge a reasonable administrative fee for processing data access requests, particularly for voluminous or complex requests requiring substantial manual effort. Fee schedules are determined at the Company's sole discretion based on the scope and complexity of the request.

8.2 Right to Correction

You may request correction of inaccurate or incomplete personal data through the Platform's self-service account settings where such functionality is provided. For corrections requiring manual intervention or technical assistance, you may submit a written request. The Company reserves the right to charge administrative fees for manual correction requests that require significant processing effort, verification, or system modifications. The Company shall assess correction requests and determine, at its sole discretion, whether correction is warranted and technically feasible.

8.3 Right to Withdraw Consent

You may withdraw consent to optional data processing activities by providing written notice to the Company. However, withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. Furthermore, withdrawal may result in the inability to access or utilize certain Platform features, services, or functionality. The Company may continue to process data where required for contract performance, legal compliance, or legitimate business interests notwithstanding withdrawal of consent.

8.4 Right to Data Portability

Where technically feasible and legally required, you may request personal data in a structured, commonly used, and machine-readable format. The Company shall determine, at its sole discretion, the format, scope, and delivery method of such data. Portability requests involving complex data structures, integrated systems, or proprietary formats may be subject to additional processing fees and extended fulfillment periods commensurate with the technical complexity and manual effort required.

8.5 Right to Deletion

You may request deletion of your account and associated personal data, subject to the Company's legal and contractual retention obligations. Deletion requests are processed in accordance with the Company's data retention policies and applicable legal requirements. The Company does not guarantee immediate or complete deletion, as data may persist in backup systems, archives, logs, or third-party systems for operational, technical, or legal reasons. Data subject to financial, tax, audit, legal proceedings, or regulatory obligations shall be retained notwithstanding deletion requests.

8.6 Processing Fees for Manual Requests

While the Company provides self-service tools for certain data management functions, requests requiring manual processing, technical intervention, data retrieval from archival systems, or complex data compilation may be subject to administrative fees. Such fees are calculated based on the actual costs incurred by the Company, including labor, technical resources, and third-party expenses. The Company shall provide fee estimates prior to processing and reserves the right to decline requests where fees are not prepaid. Fees are non-refundable regardless of request outcome.

To exercise any of these rights, you must submit a written request to the Company's Data Protection Officer with sufficient detail and verification of identity. The Company reserves the right to request additional information or documentation to verify requests and prevent fraudulent or malicious submissions. Requests may be declined where legally permissible or where they interfere with the Company's operations, security, or legal obligations.

Contact: Data Protection Officer at dpo@sudo127.com

9. Cookies and Tracking Technologies

The Platform utilizes cookies, web beacons, local storage, and similar tracking technologies to facilitate functionality, enhance user experience, maintain security, and gather usage analytics. By accessing or using the Platform, you consent to the deployment of such technologies on your device.

9.1 Essential Cookies

The Platform employs strictly necessary cookies and similar technologies essential for authentication, session management, security, and core Platform functionality. These technologies cannot be disabled without impairing Platform operations. Essential cookies may persist on your device for extended periods as determined by the Company to maintain session continuity and user convenience.

9.2 Analytics and Performance

The Company may utilize analytics tools, monitoring services, and performance tracking technologies to analyze Platform usage, identify technical issues, and improve service quality. Such technologies may collect usage patterns, navigation behavior, feature interactions, and device information. The Company reserves the right to implement additional tracking mechanisms as deemed necessary for business operations.

9.3 Third-Party Technologies

Third-party service providers engaged by the Company may deploy their own cookies, tracking pixels, or similar technologies in connection with services rendered. The Company does not control third-party technologies and disclaims responsibility for their data collection practices. Users are advised to review third-party privacy policies independently.

10. Children's Privacy

Ticketee.io is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately at support@sudo127.com, and we will delete such information promptly.

11. International Data Transfers

Personal data collected through the Platform may be transferred to, stored in, processed in, or accessed from countries or jurisdictions outside Malaysia, including jurisdictions that may not provide equivalent levels of data protection. By using the Platform, you expressly consent to such international data transfers and acknowledge that data protection laws in recipient jurisdictions may differ from those in Malaysia.

The Company endeavors to implement appropriate safeguards for international transfers where required by law, which may include standard contractual clauses, data processing agreements, or other mechanisms deemed sufficient by the Company. However, the Company does not warrant or guarantee the adequacy of data protection in foreign jurisdictions and disclaims liability for any deficiencies in foreign data protection regimes.

12. Amendments and Modifications

The Company reserves the right to modify, amend, supplement, or replace this Privacy Policy at any time and for any reason, at its sole discretion, without prior notice or consent. Such changes may include, without limitation, modifications to data collection practices, processing purposes, retention periods, disclosure practices, user rights, or any other provision herein.

Notification of material changes may be provided through one or more of the following methods, as determined by the Company in its sole discretion:

• Posting the revised Privacy Policy on the Platform with an updated "Last Updated" date
• Email notification to your registered email address
• In-Platform notification or dashboard alert
• Any other method deemed reasonable by the Company

Your continued access to or use of the Platform following the posting of any Privacy Policy changes constitutes your binding acceptance of such changes. It is your responsibility to review this Privacy Policy periodically. If you do not agree to any modifications, you must immediately cease using the Platform and request account termination. The Company shall not be liable for any failure by users to review updated policies.

13. Limitation of Liability and Disclaimers

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE SECURITY, ACCURACY, RELIABILITY, OR COMPLETENESS OF PERSONAL DATA PROCESSING. THE PLATFORM AND ALL DATA PROCESSING SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND.

THE COMPANY SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING FROM OR RELATED TO:

• Unauthorized access to, alteration of, or disclosure of personal data
• Data breaches, security incidents, or cyberattacks
• Errors, omissions, or inaccuracies in data processing
• Delays, failures, or interruptions in data access or retrieval
• Third-party conduct, including service provider negligence or misconduct
• Loss of data due to technical failures, force majeure, or other causes beyond the Company's reasonable control
• Any other matter relating to the collection, use, storage, or disclosure of personal data

Users acknowledge and agree that the Company's total aggregate liability arising from or related to this Privacy Policy or data processing activities, regardless of the legal theory or basis of claim, shall not exceed the amount of fees paid by the user to the Company in the twelve (12) months preceding the claim, or Malaysian Ringgit One Hundred (RM 100.00), whichever is lesser.

Nothing in this Privacy Policy shall exclude or limit liability for fraud, gross negligence, willful misconduct, death, or personal injury to the extent such limitation is prohibited by applicable law.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

You also have the right to lodge a complaint with the Personal Data Protection Department of Malaysia if you believe we have not complied with PDPA 2010 requirements: