At Humanitix, your privacy and data security are central to how we operate. We are a not-for-profit ticketing platform committed to responsible data practices — both to meet our legal obligations and to honour the trust of our hosts, attendees, and partners. We aim to be the best we can be — dedicating all profits to impactful charities to create a better, more equitable world, and keeping all user data safe and secure.
Our commitment to all Event hosts and Attendees
We’re proud to support the communities that make events happen — from event hosts facilitating human connections to attendees chasing moments of joy. What don’t we support? Tech companies misusing your data for profit.
We will never sell your data. Period.
Your data will never be exploited for monetary gain, and we'll never sell it to third parties and strangers on the Internet, no matter how much they might love your quirky, one-of-a-kind workshop.
We only email you if you ask us to.
Our newsletters are full of heart and surprises. But if you choose not to subscribe, that's totally fine (but please note that there will be tears).
You own your data.
Like a well-made chopping board, consider all your data on Humanitix a prized possession that’ll last you a lifetime. You have full control over it, so manipulate it as you will.
Your data is secure.
Humanitix is a secure Software As A Service (SaaS) platform backed by philanthropy (not venture capital) and built to change the world, not harvest your data. All personal information is stored using industry-standard encryption and security protocols, and our infrastructure is hosted in secure environments that comply with global data standards.
For more, see our full Privacy and cookies notice.
Privacy and security FAQs
🔐 Privacy policy
Humanitix complies with the Australian Privacy Principles (APPs) and we're continuing to review, update and implement practices across our operations per applicable data privacy laws. We have appropriate technical and organisational measures in place to protect personal information.
Our privacy and cookies notice outlines the rights of individuals (data subjects) regarding how we collect, store, and use their personal and sensitive information. This includes:
The right to access the personal data we hold
The right to request corrections
The right to opt out
The right to request deletion (erasure)
All privacy-related requests are handled via [email protected].
We never use your data for secondary purposes beyond what’s clearly explained in our Privacy and cookies notice — and this is binding on our team, partners, and users.
☁️ Data storage & security
All application data is stored securely in MongoDB Atlas, hosted on AWS (Amazon Web Services - Sydney region).
We maintain real-time backups for 30 days and take complete database snapshots every two hours, stored in AWS Australian data centres.
You own the data you collect through Humanitix. We act as a steward, ensuring it’s protected and handled ethically. Data subjects have the right to request actions with respect to that data.
Only authorised staff can personal data, and we provide regular security training to prevent accidental breaches.
Incomplete orders are archived after two months. Upon request, we can delete or anonymise data (unless it’s required for legal or financial auditing).
📋 Compliance standards
SOC compliance
We host Humanitix on Amazon Web Services (AWS), which is independently audited and provides SOC 1, SOC 2, and SOC 3 compliance reports (System and Organisation Controls). View the SOC Reports here.
PCI DSS compliance
Our payment processing is fully PCI DSS certified.
Credit card information is never stored or handled by Humanitix.
We meet the standards of a PCI-DSS SAQ-A equivalent solution.
A copy of our PCI DSS compliance certificate can be found here.
ISO compliance
While we are not currently ISO 27001 certified, we follow internal security policies and best-practice controls to safeguard platform data.
🚨Data breach & incident response
We have a clear Data Breach Response Plan to uphold data subjects’ rights in the event of an actual or suspected breach, including:
Prompt notification where required
Remediation steps to prevent recurrence
Full alignment with applicable privacy laws.
We also conduct regular penetration testing, with support from Atlassian and Vertex, to stay ahead of potential vulnerabilities.
🗝️ Authentication & access
Humanitix supports email and password-based authentication for hosts. Ticket buyers do not maintain a logged-in account with Humanitix.
Humanitix supports two-factor authentication. Hosts can connect an authenticator app of their choice, whereby a code is required during each login, in addition to their email and password.
Humanitix currently does not support SSO.
Documentation and agreements
Below are the links to our official IT assessment documentation and terms of use:
GDPR compliance
We have recently updated our privacy and cookies notice and event host terms of use to align with the UK data protection requirements, including the General Data Protection Regulation (GDPR).
We're continuing to review, update and implement practices across our operations in accordance with applicable data privacy laws. We have appropriate technical and organisational measures in place to protect personal information.
GDPR compliance is not a one-off task — it’s an ongoing commitment to data protection, transparency, and accountability. It’s a responsibility we take seriously.