Staadly
Privacy Policy

Privacy Policy

Last updated: June 2026

1. Data controller

Staadly. Email: support@staadly.com.

2. Data we collect

  • Account data: name, email address, profile picture (via Google OAuth).
  • Payment data: card last 4 digits, card brand, expiry (full card details are never stored — processed by Stripe).
  • Seller data: verified payment card via Stripe, bank account or PayPal details for payouts, payout history.
  • Transaction data: order ID, event, tickets purchased, amount paid, date.
  • Usage data: pages visited, search terms, seat map interactions, device type, browser, IP address.
  • Communication data: support emails, contact form submissions.
  • Cookie data: session cookies, preference cookies, analytics cookies.

3. How we use your data

  • To process ticket purchases and payouts.
  • To verify seller identity and prevent fraud.
  • To send transactional emails (order confirmation, payout notifications, listing updates).
  • To provide customer support.
  • To improve the platform via analytics.
  • To comply with legal obligations.

4. Payment data

All payment processing is handled by Stripe. Staadly never stores full card numbers, CVV codes or sensitive payment details. Stripe's privacy policy applies to payment data: stripe.com/privacy.

5. Seller KYC data

Sellers must provide a verified payment card. Staadly stores the Stripe payment method ID, card last 4 digits, brand and expiry. Full card details are held by Stripe and never accessible to Staadly. Bank account or PayPal details for payouts are stored securely and used solely for payout processing.

6. Cookies

  • Essential cookies: required for login sessions and checkout.
  • Analytics cookies: Google Analytics 4 to understand site usage (anonymised).
  • Preference cookies: language and currency preferences.

You can manage cookies in your browser settings. Disabling essential cookies will affect site functionality.

7. Data sharing

Staadly shares data with Stripe (payment processing), Supabase (secure database hosting), Resend (transactional email) and Google Analytics (anonymised analytics). Staadly does not sell personal data to third parties.

8. Data retention

  • Account data: retained while your account is active and for 2 years after deletion.
  • Transaction data: retained for 7 years for legal and tax compliance.
  • Support communications: retained for 2 years.

9. Your rights

Under GDPR and applicable UAE data protection law you may access, correct, delete or port your data, and object to processing. Email support@staadly.com to exercise these rights.

10. GDPR compliance

Staadly processes data of EU and UK residents in compliance with GDPR and UK GDPR. Legal bases include contract performance, legitimate interests and consent where required.

11. UAE compliance

Staadly complies with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection.

12. Security

Staadly uses industry-standard security including SSL encryption, secure database hosting via Supabase, and Stripe for payment security. Access to personal data is restricted to authorised personnel only.

13. Contact

For privacy enquiries email support@staadly.com.