Privacy Policy

ticket.aadtech.ng is operated by AADTECH.NG, a Nigerian technology company. For the purposes of the Nigeria Data Protection Act 2023 (NDPA), AADTECH.NG is the Data Controller for personal data collected through this platform.

AADTECH.NG is in the process of completing registration with the Nigeria Data Protection Commission (NDPC) as required by Section 40 of the NDPA. Until registration is confirmed, we are operating in full compliance with the substantive obligations of the NDPA even while the formal registration process is ongoing.

Event organisers who access buyer data through this platform are independent Data Controllers for that data. They are bound by a Data Processing Agreement that limits how they may use buyer information. However, once data is in an organiser's possession, AADTECH.NG cannot control how they use it beyond the contractual obligations they have agreed to. We recommend purchasing tickets only from organisers you have reason to trust.

We collect the minimum data necessary to operate the platform.

From ticket buyers:
— Full name: Required. Printed on your ticket and used for gate verification.
— Email address: Required. Used to deliver your ticket and send event communications.
— Phone number: Optional at purchase. Used where WhatsApp ticket delivery is available.
— Payment reference: Required. The transaction ID from our payment processor. We do not store card numbers, CVVs, expiry dates, or bank PINs — ever.
— IP address and device type: Collected automatically for fraud detection and platform security.

From event organisers, in addition to buyer data above:
— Business name, phone number, and account type (individual or business).
— Bank account details for payout processing — bank name, account number, account name, bank code.
— Government-issued ID documents and selfie for KYC (identity) verification.
— CAC registration documents, TIN, company type, and proof of address for KYB (business) verification — required for Tier 2 Business status only.

From organisers purchasing featured placements:
— Payment reference and transaction details for sponsored placement bookings.
— The event being promoted and the placement duration selected.

We do not collect BVN, biometric templates, NIN beyond what KYC requires, religious affiliation, marital status, or political views.

For organisers applying for Tier 2 Business status, we use Prembly — a Nigerian identity verification service — to verify CAC registration numbers against the Corporate Affairs Commission database and TIN numbers against the Federal Inland Revenue Service (FIRS) database.

When you submit a CAC number or TIN for verification, that number is transmitted to Prembly's API for verification. Prembly charges a fee per verification call (currently ₦150 for CAC, ₦100 for TIN). Prembly is a Nigerian-licensed data processor operating under Nigerian law.

By submitting your CAC or TIN number for Tier 2 verification, you consent to AADTECH.NG transmitting that information to Prembly for the sole purpose of identity verification. We do not share any other personal data with Prembly beyond what is required for each specific verification call.

We store the verification result — whether your CAC was verified, your company name as returned by the CAC database, your company status, and the name match score between your CAC company name and your bank account name. We do not store raw Prembly API responses beyond what is needed for your account record.

Under the NDPA 2023, we must have a lawful basis for processing your personal data. Our bases are:

— Contract performance: We need your name, email, and payment reference to issue your ticket and provide the ticketing service. Without this data, we cannot fulfil the contract.
— Legitimate interest: We process IP address and device data to detect fraud and protect other users. Our interest in platform security is balanced against your privacy interests — we do not use this data for profiling or advertising.
— Legal obligation: We retain transaction records for a minimum of 5 years as required by Nigerian financial regulations. We cannot delete these records on individual request during this mandatory retention period.
— Consent: If you opt in to marketing communications, we will send you event recommendations and platform updates. You may withdraw consent at any time by emailing support@ticket.aadtech.ng with the subject "Unsubscribe".

We share your data only where necessary and only with the following parties:

— Flutterwave: Our payment processor. They receive only what is required to process your transaction. Their privacy policy governs how they handle payment data.
— Event organisers: The organiser of any event you purchase a ticket for will receive your name, email address, phone number (if provided), ticket type, and order reference. This is a necessary and unavoidable part of the ticketing relationship. Organisers sign a Data Processing Agreement limiting their use of this data to event management purposes only.
— Prembly: For CAC and TIN verification of Tier 2 applicants only — as described in Section 3.
— Nigerian regulatory authorities: We will disclose data if required by a valid court order, regulatory demand, or legitimate law enforcement request from a recognised Nigerian authority. We will not voluntarily disclose data to foreign governments or entities without a valid legal basis under Nigerian law.

We do not sell data. We do not share data with advertisers. We do not use third-party analytics tools that transmit your personal data outside Nigeria without your consent.

We retain data for the following periods, after which it is permanently deleted from our systems:

— Transaction and ticket records: 5 years minimum, as required by Nigerian financial regulations. This is a legal obligation and cannot be waived on individual request during this period.
— KYC documents (government ID, selfies): 5 years from submission or account closure, whichever is later.
— KYB documents (CAC, TIN, proof of address): 5 years from submission or account closure, whichever is later.
— Prembly verification results: Stored as part of the organiser profile record — retained for the same period as KYB documents.
— Event attendance records: 2 years after the event date.
— Featured placement booking records: 3 years after the placement ends.
— Account data for inactive accounts: We will notify you after 3 years of inactivity before initiating deletion.
— Marketing consent records: Until consent is withdrawn, plus 12 months.

Where data is subject to a mandatory legal retention obligation, we will tell you this honestly rather than pretend otherwise when you request deletion.

You have the following rights under the Nigeria Data Protection Act 2023:

— Access: Request a copy of personal data we hold about you.
— Correction: Ask us to correct inaccurate or incomplete data.
— Erasure: Ask us to delete your data. We will comply except where legal retention obligations apply — in which case we will explain precisely what we can and cannot delete and why.
— Portability: Request your data in a structured, machine-readable format.
— Objection: Object to processing based on our legitimate interest.
— Withdraw consent: Withdraw marketing consent at any time without affecting the lawfulness of prior processing.

To exercise any right, email support@ticket.aadtech.ng with the subject line "Data Rights Request", your full name, and your order reference or account email. We will acknowledge within 5 business days and respond substantively within 30 days. Complex requests may take up to 60 days — we will tell you if that applies to your request.

We take the following technical and organisational measures to protect your data:

— HTTPS encryption on all pages and API endpoints.
— HMAC-SHA256 signed ticket QR codes — mathematically impossible to forge without our private key.
— Hashed and salted passwords using bcrypt — we never store passwords in readable form.
— Role-based access controls limiting staff and system access to personal data.
— Redis-based session management with encrypted session tokens.
— Queued email delivery via database queue workers — reducing direct exposure of email infrastructure.

No system is perfectly secure. We cannot guarantee that our platform will never be breached. What we can guarantee is that we will handle any breach responsibly — notifying the NDPC as required by law, and notifying affected users promptly and honestly. We will not hide breaches or minimise their impact.

If a data breach occurs that may affect your personal data:

— We will assess the breach within 24 hours of discovery.
— We will notify the NDPC within 72 hours if the breach poses a risk to your rights and freedoms, as required by the NDPA.
— We will notify affected users by email within a reasonable period following NDPC notification.
— We will tell you what data was affected, what action we have taken, and what you can do to protect yourself.

We will not make notification promises we cannot keep at scale. What we commit to is honest, prompt communication without spin.

This platform is not directed at children under 18. We do not knowingly collect personal data from minors without verified parental consent.

For events that may involve minors as attendees, organisers are solely responsible for including appropriate age verification or parental consent mechanisms in their event process. AADTECH.NG is not responsible for an organiser's failure to comply with applicable child protection obligations under Nigerian law.

If you believe a child under 18 has submitted personal data through this platform without appropriate consent, contact support@ticket.aadtech.ng and we will investigate promptly and delete the data if no legitimate legal basis for retention exists.

We use only the essential cookies required for the platform to function:

— Session cookies: Keep you logged in during your visit. Expire when you close your browser or after 120 minutes of inactivity.
— CSRF tokens: Protect form submissions from cross-site request forgery attacks.

We do not use advertising cookies, tracking pixels, Google Analytics, Google Tag Manager, Facebook Pixel, Meta Pixel, or any third-party tracking tool that transmits your personal data to foreign servers without your consent.

If we introduce non-essential cookies in the future — for example, analytics to understand platform usage — we will update this policy, display a consent banner, and request your explicit permission before placing any non-essential cookie.

Your data is processed and stored on servers hosted in Nigeria. We do not intentionally transfer personal data to countries without adequate data protection frameworks without appropriate safeguards.

Flutterwave, as a Nigerian-licensed payment processor regulated by the Central Bank of Nigeria and subject to NDPC oversight, handles payment data under Nigerian law. Their international data handling is governed by their own privacy policy and applicable Nigerian regulations.

Prembly, as a Nigerian-registered identity verification provider, processes CAC and TIN data within Nigeria through official government database integrations.

We will update this Privacy Policy as our platform grows and as Nigerian data protection law evolves. For material changes — changes that affect how your data is collected, used, or shared — we will notify registered users by email at least 7 days before the change takes effect.

The "Last updated" date at the top of this page always reflects the most recent version. Continued use of the platform after a policy change takes effect constitutes acceptance of the updated policy.

For privacy queries:

Email: support@ticket.aadtech.ng
Subject: "Privacy Query"

We respond to all privacy queries within 5 business days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng. We would genuinely prefer to resolve your concern directly first — give us the opportunity.