Effective Date: January 6, 2025 | Last Updated: March 12, 2026
This Privacy Policy describes how CS Creative Concepts LLC, doing business as HowlTicket ("Company," "we," "us," or "our"), a New Jersey limited liability company, collects, uses, discloses, and protects your personal information when you use our ticketing platform and related services, including our mobile application HowlTicket Business (available on Google Play and the Apple App Store), our web-based portals, and our embeddable booking widgets (collectively, the "Service").
Our Service is a software-as-a-service (SaaS) platform that enables entertainment venues, escape rooms, haunted attractions, and similar businesses ("Clients") to sell tickets and manage bookings. When you purchase tickets or interact with our platform, you are both our user and a customer of our Client.
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.
Account & Booking Information:
Payment Information:
We do not store complete credit card numbers. All payment processing is handled by Stripe, our PCI-DSS compliant payment processor.
Waiver & Consent Information:
Communications:
Device & Browser Information:
Usage Information:
Location Information:
We collect this information for fraud prevention, security, and service improvement purposes.
When you use the HowlTicket Business mobile app, we may request access to certain device features. Each permission is used only for the specific purpose described below and can be managed through your device's settings at any time.
Camera:
We access your device camera solely for scanning QR codes and barcodes during event check-in. No photos or video are captured, stored, or transmitted. Camera data is processed locally on-device in real time and discarded immediately after the code is read.
Push Notifications (Firebase Cloud Messaging):
With your permission, we send push notifications to your device for booking confirmations, check-in alerts, schedule reminders, and operational updates. To deliver these notifications, we collect a Firebase Cloud Messaging (FCM) device token — a unique identifier assigned to your device by Google's Firebase service. This token is stored on our servers and associated with your staff account. You can disable push notifications at any time through your device settings or the app.
NFC (Near Field Communication):
On supported Android devices, we access NFC hardware for processing contactless Tap-to-Pay card payments via Stripe Terminal. NFC is activated only during a payment transaction and is not used for any other purpose. iOS Tap-to-Pay support is planned for a future release.
Biometric Authentication:
On Android devices, the app may offer fingerprint or face unlock for secure login using the system BiometricPrompt API. Biometric data is processed entirely on your device and never leaves it. We never receive, transmit, or store your biometric data — we receive only a pass/fail authentication result from your device. Biometric login on iOS is planned for a future release.
We may receive information about you from:
Our platform offers optional AI-powered business insights ("Luna") to help Clients analyze operational data such as revenue trends and booking patterns. When a Client opts in to Luna:
Luna features require explicit opt-in from each Client. Customer-facing users (ticket purchasers) are not directly affected by this feature.
If you are located in the European Economic Area (EEA) or United Kingdom (UK), we process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Processing bookings and payments | Performance of contract |
| Sending transactional emails | Performance of contract |
| Fraud prevention and security | Legitimate interests |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
| Service improvement analytics | Legitimate interests |
When you book tickets through our platform, we share your booking information with the venue or event operator (our Client) so they can:
We use third-party service providers to help operate our Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment details |
| SendGrid | Email delivery | Email address, booking details |
| Twilio | SMS messaging | Phone number, message content |
| Google Firebase | Push notifications (FCM) | Device token, notification content |
| Redis Cloud | Caching and session management | Session tokens (encrypted) |
| PostgreSQL hosting | Database storage | All application data (encrypted) |
Our mobile app integrates third-party software development kits (SDKs) from the providers listed above. These SDKs may independently collect diagnostic data, crash reports, and performance metrics as described in their respective privacy policies:
We do not control the data these SDKs collect independently. Their data collection practices are disclosed in our Apple App Store and Google Play Store privacy nutrition labels.
We may disclose your information if required to:
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
We retain your personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.
| Data Type | Retention Period |
|---|---|
| Booking records | 7 years (tax/legal requirements) |
| Payment records | 7 years (financial regulations) |
| Waiver signatures | Duration of legal liability + 3 years |
| Audit logs | 1 year |
| Error logs | 90 days |
| Marketing consent records | Duration of consent + 3 years |
| Push notification device tokens | Until user unregisters or token expires |
If you are in the EEA or UK, you have additional rights:
California residents have the right to:
We do not sell personal information.
To exercise any of these rights, contact us at support@howlticket.com. We will respond within 30 days (or sooner if required by applicable law).
We implement appropriate technical and organizational measures to protect your personal information, including:
Our servers are located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.
For EEA/UK users, we rely on:
Our Service is not directed to children under 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
For ticket purchases that include minors, the adult purchaser is responsible for providing consent and information.
We use cookies and similar technologies for authentication, preferences, and analytics. See our Cookie Policy for details on:
We do not track you across other companies' apps or websites. Specifically:
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.
The HowlTicket Business mobile application is available on the Apple App Store. This section provides additional information specific to Apple's privacy requirements.
HowlTicket Business does not track you across apps or websites owned by other companies. We do not use Apple's App Tracking Transparency framework because we do not engage in any form of tracking as defined by Apple. No ATT permission prompt is displayed because none is required.
Apple requires developers to disclose the types of data their apps collect. The following table summarizes the data HowlTicket Business collects and how it is used, consistent with our App Store privacy labels:
| Data Category | Data Types | Purpose | Linked to Identity |
|---|---|---|---|
| Contact Info | Name, Email, Phone Number, Address | App Functionality | Yes |
| Financial Info | Payment Info (card type, last 4 digits) | App Functionality | Yes |
| Location | Precise Location (during Tap-to-Pay only) | App Functionality | Yes |
| Identifiers | Device ID (FCM token) | App Functionality | Yes |
| Usage Data | Product Interaction | App Functionality, Analytics | Yes |
| Diagnostics | Crash Data, Performance Data | App Functionality | No |
| User Content | Digital Signatures (waivers) | App Functionality | Yes |
Data Not Used to Track You: None of the data collected by HowlTicket Business is used to track you across apps or websites owned by other companies.
In compliance with Apple App Store guidelines, you can request deletion of your account and associated personal data through the HowlTicket Business app or by contacting us at support@howlticket.com. Upon requesting deletion:
The HowlTicket Business iOS app includes third-party SDKs that may collect data independently.
Each SDK includes an Apple-required privacy manifest (PrivacyInfo.xcprivacy) declaring
its data collection practices:
Details of SDK data collection are reflected in our App Store privacy nutrition labels above.
The HowlTicket Business mobile application is also available on Google Play. This section provides additional information specific to Google's privacy requirements.
Google requires developers to disclose data collection, sharing, and security practices in the Data Safety section of the Google Play listing. The following summarizes our declaration, consistent with this Privacy Policy:
| Data Category | Collected | Shared | Purpose |
|---|---|---|---|
| Name, Email, Phone, Address | Yes | With venue operators (Clients) | App functionality, account management |
| Payment info (card type, last 4) | Yes | With Stripe (payment processor) | Purchase transactions |
| Approximate location | Yes (from IP) | No | Fraud prevention |
| Precise location | Yes (Tap-to-Pay only) | With Stripe | Payment regulatory compliance |
| Device identifiers (FCM token) | Yes | With Google Firebase | Push notifications |
| App activity & interactions | Yes | No | Analytics, service improvement |
| Crash logs & diagnostics | Yes | No (processed locally) | App stability |
HowlTicket Business is not directed at children under 13 and does not participate in Google Play's Designed for Families program. See Section 10 (Children's Privacy) for details.
We may update this Privacy Policy from time to time. We will notify you of material changes by:
Your continued use of the Service after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, contact us:
CS Creative Concepts LLC (d/b/a HowlTicket)
support@howlticket.com
Residents of Virginia (VCDPA), Colorado (CPA), and Connecticut (CTDPA) have rights similar to those described for California residents above. Contact us to exercise these rights.
This Privacy Policy is provided in English. Translations may be provided for convenience, but the English version governs.
Here's what our Privacy Policy means in plain English:
This summary is provided for convenience. The full policy above is the legally binding version.