Privacy Policy

At Mepass, we believe transparency is non-negotiable. This policy explains what data we collect, why we collect it, and exactly how it is used across all our platforms.

Effective Date: 1 May 2026

1. Overview

This Privacy Policy applies to all products and services operated by Mepass ("Mepass", "we", "our", or "us"), including:

  • Mepass Website — mepass.in and all subdomains
  • Mepass Mobile App — iOS and Android applications
  • Event Ticketing Platform — ticket discovery, purchase, and management
  • Event Manager SaaS — tools for organisers to manage events and attendees
  • Brand Activation & Sponsorship Platform — tools for brands and sponsors
  • Creator Campaign Platform — influencer and creator collaboration tools

By using any Mepass platform, you agree to the practices described in this Privacy Policy.

If you do not agree, please discontinue use of our services. We recommend reading this in full — it's written in plain language, not legalese.

2. Who We Are

Mepass is the data controller responsible for your personal information. We are registered in India and operate as India's ticketing marketplace, event SaaS provider, and brand activation platform for the live events industry.

DATA CONTROLLER

Mepass

Email: support@mepass.in

Website: mepass.in

For users in the European Union or EEA, Mepass acts as the data controller under the General Data Protection Regulation (GDPR). For users in India, we comply with the Information Technology Act, 2000, its rules, and the Digital Personal Data Protection Act, 2023 (DPDP Act).

3. Data We Collect

We collect only what is necessary to provide our services. Here is a complete breakdown by category:

A. INFORMATION YOU PROVIDE DIRECTLY

DATA TYPEEXAMPLESWHEN COLLECTED
IdentityFull name, date of birth, genderRegistration, ticket purchase
ContactEmail address, phone numberAccount creation, checkout
PaymentCard details (tokenised), UPI ID, billing addressTicket or service purchase
ProfileProfile photo, preferences, event interestsAccount settings
Business InfoCompany name, GST number, event detailsOrganiser / brand onboarding
Creator InfoSocial handles, audience metrics, content samplesCreator platform onboarding
CommunicationsSupport messages, feedback, survey responsesCustomer support interactions

B. INFORMATION COLLECTED AUTOMATICALLY

DATA TYPEDETAILS
Device DataDevice type, OS, browser, screen resolution, unique device identifiers
Usage DataPages visited, features used, time on page, click paths, session duration
Location DataCity/region-level location (derived from IP); precise GPS only with explicit consent
Transaction DataTickets purchased, events attended, promo codes used, referral sources
Log DataIP address, timestamps, error logs, access records

C. INFORMATION FROM THIRD PARTIES

  • Social login providers (Google, Facebook) — name, email, profile photo
  • Payment processors — transaction status and reference IDs (not full card numbers)
  • Event organisers — attendee data shared for event management purposes
  • Analytics partners — aggregated audience and behaviour data

4. How We Use Your Data

We use your personal data only for legitimate purposes with an appropriate legal basis under applicable law.

PURPOSELEGAL BASIS (GDPR)LEGAL BASIS (DPDP)
Create and manage your accountContractConsent / Contract
Process ticket purchases and paymentsContractContract
Send booking confirmations and e-ticketsContractContract
Provide event organiser SaaS toolsContractContract
Enable brand/sponsorship activationsContract / Legitimate InterestConsent
Creator campaign tracking and payoutsContractConsent
Send marketing communicationsConsentConsent
Personalise your event recommendationsLegitimate InterestConsent
Fraud prevention and securityLegitimate InterestLegitimate Use
Comply with legal obligationsLegal ObligationLegal Obligation
Improve platform and servicesLegitimate InterestLegitimate Use
Resolve disputes and enforce termsLegal ObligationLegal Obligation

We never sell your personal data to third parties.

We do not allow advertisers to purchase your data or target you without your consent.

5. Data Sharing

We share your data only in the following circumstances:

SERVICE PROVIDERS & PARTNERS

  • Payment Gateways — Razorpay, Stripe, or similar processors to handle transactions securely
  • Cloud Infrastructure — Hosting and storage providers (data stored in India or GDPR-compliant regions)
  • Communication Tools — Email and SMS providers for transactional and marketing messages
  • Analytics Platforms — Aggregated, anonymised usage data for platform improvement
  • Event Organisers — Attendee name and contact details shared for event check-in and management only
  • Brand Partners (with consent) — Sponsor visibility data shared in aggregated, non-identifiable form

LEGAL REQUIREMENTS

We may disclose your data if required by law, court order, or government authority, or if necessary to protect the rights, property, or safety of Mepass, our users, or the public.

BUSINESS TRANSFERS

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified in advance of any such transfer and your choices will be respected.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, or as required by applicable law.

DATA CATEGORYDETAILS
Account dataDuration of account + 2 years after deletion request
Transaction records7 years (GST and financial compliance)
Event attendance data3 years from event date
Marketing preferencesUntil opt-out or account deletion
Creator campaign dataDuration of campaign + 1 year
Support communications3 years from last interaction
Log and security data12 months rolling

After the retention period expires, data is securely deleted or anonymised so it can no longer be linked to you.

7. Your Rights

Depending on your location, you have the following rights over your personal data. We honor all valid requests within 30 days.

ACCESS

Request a copy of all personal data we hold about you.

CORRECTION

Request correction of inaccurate or incomplete data.

DELETION

Request deletion of your personal data ("Right to be Forgotten"). Subject to legal retention obligations.

PORTABILITY

Receive your data in a structured, machine-readable format.

WITHDRAW CONSENT

Withdraw consent for marketing or non-essential data processing at any time.

OBJECT

Object to processing based on legitimate interest, including profiling.

RESTRICT PROCESSING

Request that we limit how we use your data in certain circumstances.

GRIEVANCE REDRESSAL

Under DPDP Act 2023, raise a grievance with our designated Data Protection Officer.

To exercise any of these rights, email us at support@mepass.in with the subject line "Privacy Request". We will verify your identity before processing the request.

If you are in the EU/EEA and believe we have not addressed your concern, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

8. Cookies & Tracking

We use cookies and similar technologies to operate our platform, remember your preferences, and understand how users interact with our services.

Essential

Required for core functions — login sessions, payment security, cart management. Cannot be disabled.

Analytics

Help us understand usage patterns and improve the platform. Anonymised. Disabled if you opt out.

Marketing

Used to deliver relevant ads and measure campaign performance. Requires your consent.

Preferences

Remember your settings, language, and display preferences across sessions.

You can manage cookie preferences through your browser settings or our cookie banner on first visit. Note that disabling essential cookies may affect platform functionality.

9. Data Security

We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure.

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Payment data tokenisation via PCI-DSS compliant processors
  • Role-based access controls — data accessible only to authorised personnel
  • Regular security audits and vulnerability assessments
  • Incident response plan with mandatory breach notification within 72 hours (GDPR) and as required under DPDP Act

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to support@mepass.in.

10. Children's Privacy

Mepass services are not directed at individuals under the age of 18 years. We do not knowingly collect personal data from minors.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at support@mepass.in. We will promptly delete such data upon verification.

For events that permit entry to minors, parental consent and guardian supervision requirements will be communicated separately at the time of ticket purchase.

11. International Data Transfers

Mepass is headquartered in India. If you access our services from outside India, your data may be transferred to and processed in India or other countries where our service providers operate.

For users in the European Economic Area (EEA), we ensure that any transfer of your personal data to countries outside the EEA is protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Data Processing Agreements with all sub-processors

Under India's DPDP Act 2023, cross-border data transfers are conducted in accordance with government-notified provisions and restrictions.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:

Emailsupport@mepass.in
Websitemepass.in
Phone+91 72289 30704

Subject Line for Privacy Requests
Please use: "Privacy Request — [Your Name]"

We respond to all privacy-related requests within 30 days of receipt. For GDPR requests, the response period is 30 days extendable to 90 days for complex requests.

POLICY UPDATES

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on our platform at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

This Policy is published and enforced by Mepass.

© 2025 Mepass. All Rights Reserved.