Skip to main content

Privacy and data security

Updated yesterday

We aim to be the best we can be, a world-class event ticketing platform that gives away all its profits to children’s charities and a world-class event ticketing platform that keeps all user data safe and secure.

Our commitment to all event hosts and attendees

We love all our event hosts and everyone who attends events on Humanitix, but we don’t love it when Internet companies abuse data privacy for their own gain.

We will never sell your data to third parties. Period.

We’ll never tell the internet salespeople about your quirky, one-of-a-kind workshop - but we’re sure they’d love to attend it!

We will only send you emails if you opt-in for them.

Our newsletters are a joy to read, so we hope you opt in for them! Nevertheless, if you don’t, we’ll understand, but please note that there will be tears.

We don’t own your data; you do.

Like a well-made chopping board, consider all your data on Humanitix a prized possession that’ll last you a lifetime. You have full control over it, so manipulate it as you will.

Is my information secure? Yes. We care about your data and your security.

Humanitix is a Software As A Service (SaaS) product that provides a self-service ticketing platform for event organisers. Funded by the Atlassian Foundation and a range of other philanthropists, Humanitix funds education programs for disadvantaged children.

We’re here to change the world, not sell your data.

Privacy and Security FAQs

Privacy policy

  • Our official privacy policy can be viewed here

  • Humanitix is compliant with the Australian Privacy Principles (APPs). We are
    pretty close to being GDPR compliant and expect to be so in the next 24
    months.

  • Our Privacy Promise and Privacy (and Cookie) Policy set out the rights of
    data subjects with respect to our processing and storing of their personal and
    sensitive personal information. This includes the Australian Privacy Principles, such as the right to erasure, the ability to opt out of services, the right to request corrections and to access the information we hold about them. All these requests are centralised through [email protected].

  • Our privacy policy clearly states that we do not use data for secondary
    purposes other than as described in our privacy policy. Our privacy policy is
    binding upon Humanitix, our agents, employees, directors and users.

Data storage and security

  • Our application data is stored in MongoDB Atlas in the AWS (Amazon Web
    Services) Sydney region.

  • Our back-up data is stored in AWS servers in Australia – we have automatic real time backups for the last 30 days and complete snapshots of the database is taken every 2 hours.

  • You own the data you collect using our software. Data subjects have the right
    to request actions with respect to that data. Humanitix is the steward
    responsible for maintaining privacy and security of the data.

  • We have access controls to ensure only authorised staff to access data, and
    we conduct regular security training for all staff to prevent inadvertent
    disclosures.

  • Incomplete orders are archived after two months. We can delete certain records and anonymise others if they need to be kept in relation to financial
    auditing.

SOC Compliance

  • Our cloud services provider Amazon Web Services has System and Organization Controls (SOC) Reports that are conducted independently by a third-party which demonstrate how AWS achieves key compliance controls and objectives.

  • The SOC Reports can be viewed here.

PCI Compliance

  • Humanitix’s payment gateway is PCI DSS Certified

  • Credit card information is never transmitted, captured or stored with Humanitix allowing us to maintain a PCI-DSS SAQ-A equivalent solution.

  • A copy of our PCI DSS compliance certificate can be found here

ISO Compliance

  • Humanitix does not currently maintain ISO27001 compliance.

  • We maintain mitigating controls and policies to ensure the security of our platform data.

Data breaches and incident responses

  • Our Data Breach Response Plan contains clear steps as to how the rights of
    data subjects are upheld in the event of a potential or actual privacy breach,
    including notification and consultation.

  • The rights of data subjects are also prescribed in Australian Law and apply to Humanitix.

  • We conduct regular penetration testing with the help of Atlassian and Vertex.

Authentication Methods

  • Humanitix supports email and password-based authentication for hosts. Ticket buyers do not maintain a logged-in account with Humanitix.

  • Humanitix supports two factor authentication. Hosts can connect an authenticator app of their choice whereby a code is required during each login, in addition to their email and password.

  • Humanitix currently does not support SSO.

Documentation and agreements

Below are the key things you need to know about our privacy policy and promoter agreements. If you need to read them all in-depth, here are the links to our official IT Assessment Documentation and promoter agreements:

GDPR compliance

Please note Humanitix is not currently GDPR compliant but is actively working towards meeting our requirements.


Related Articles
How to delete your Humanitix account
Add or edit accessibility information for your event
Upload a banner image with Canva
How to change your account email address
Promote your events on TikTok
Did this answer your question?