Privacy Policy

SherehePass is a product of Nexora Creative Solutions. This policy applies to SherehePass websites, applications, organizer dashboards, scanner tools, ticket pages, communication systems, and related services.

Depending on the activity, Nexora Creative Solutions may act as a data controller, while an event organizer may separately control attendee information connected to its event.

We may process:

• Identity details such as name and account ID.
• Contact information such as email address and telephone number.
• Account credentials and verification status.
• Event orders, ticket categories, ticket codes, attendance, transfers, cancellations, and refund information.
• Payment references, amounts, status, currency, and provider responses.
• Organizer, promoter, scanner, and workspace role information.
• Technical information including IP address, device details, browser, timestamps, logs, and security events.
• Livestream telemetry and engagement data: for virtual and hybrid events, we process viewer session activity, device identifiers, hashed IP addresses, user-agent details, playback errors, live chat messages, and Q&A submissions.
• Communications, support requests, feedback, and marketing preferences.

Information may be provided directly when you register, publish an event, buy a ticket, join an organizer team, contact support, scan a ticket, or update your profile.

We may also receive information from organizers, promoters, payment providers, communication providers, authentication services, hosting services, and fraud-prevention systems.

Technical information may be collected automatically through logs, cookies, local storage, analytics tools, and security monitoring.

Personal data may be used to:

• Create and administer user and organizer accounts.
• Process event orders and confirm payment outcomes.
• Issue, deliver, recover, validate, cancel, or refund tickets.
• Operate scanner terminals and attendance records.
• Calculate organizer, promoter, platform, and settlement information.
• Detect duplicate tickets, fraud, unauthorized access, and platform abuse.
• Send transactional messages and requested support.
• Improve performance, reliability, usability, and product features.
• Deliver virtual event livestreams and replays, authenticate viewer entitlements, enforce concurrent device limit controls, and operate chat and Q&A services.
• Comply with legal, regulatory, tax, audit, dispute, and law-enforcement obligations.

Depending on the context, processing may be necessary to perform a contract, take steps requested before entering a contract, comply with a legal obligation, pursue a legitimate business or security interest, protect vital interests, or act with consent.

Where processing relies on consent, you may withdraw consent for future processing, subject to any lawful reason requiring continued retention or processing.

Payment transactions may be processed by providers such as Paystack. SherehePass may receive transaction references, amounts, currency, payment status, timestamps, payer contact details, and provider event data.

Where a hosted payment page is used, SherehePass generally does not receive or store complete payment-card credentials.

Payment providers process information under their own privacy notices and legal obligations.

An organizer may access information relating to people who purchase, receive, or use tickets for its events. The organizer must use that information only for lawful event, communication, safety, support, reporting, or related purposes.

Organizers must not export, sell, disclose, or use attendee information for unrelated marketing without an appropriate legal basis.

Questions about an organizer’s independent use of attendee information may need to be directed to that organizer.

Personal information may be shared with:

• The organizer responsible for the relevant event.
• Payment, email, SMS, hosting, storage, authentication, analytics, livestreaming CDNs (e.g., Cloudflare Stream), and infrastructure providers.
• Authorized event staff, scanners, promoters, or workspace members.
• Professional advisers, auditors, insurers, or prospective business partners subject to appropriate confidentiality.
• Government, regulatory, judicial, or law-enforcement bodies where disclosure is required or legally permitted.

We do not sell personal information as a standalone commercial product.

Some service providers may process information outside Kenya. Where cross-border processing occurs, we seek to use appropriate contractual, technical, organizational, and legal safeguards.

The location and safeguards may depend on the relevant hosting, communication, analytics, or payment provider.

Information is retained only for as long as reasonably necessary for ticket delivery, event operations, account management, settlements, security, audit, dispute resolution, statutory obligations, and legitimate business records.

Different categories may have different retention periods. Information may be anonymized or securely deleted when it is no longer required.

We use measures intended to protect personal data against unauthorized access, alteration, disclosure, loss, and misuse. These may include access controls, hashed credentials, encrypted transport, audit logs, restricted staff access, monitoring, backups, and incident-response procedures.

No internet-based system is completely immune from risk. Users must protect their passwords, devices, ticket QR codes, and account sessions.

Subject to applicable law and relevant exemptions, you may have the right to:

• Be informed about the use of your personal data.
• Request access to personal data held about you.
• Request correction of inaccurate or misleading information.
• Object to or request restriction of certain processing.
• Request deletion where the information is no longer lawfully required.
• Request portability where applicable.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the Office of the Data Protection Commissioner.

We may need to verify your identity before completing a request.

SherehePass may use strictly necessary cookies or similar storage for authentication, security, session management, preferences, and checkout continuity.

Analytics or marketing technologies should be used in accordance with applicable consent and transparency requirements.

SherehePass is not intended to independently collect personal data from children who cannot lawfully provide consent. Events with minors must establish appropriate age restrictions, guardian arrangements, and lawful data-handling procedures.

Promotional messages should be sent only where permitted. You may unsubscribe using the link provided in a marketing message or by contacting us.

Transactional communications relating to orders, tickets, payments, security, event changes, or account administration may still be sent where necessary.

This policy may be updated when our services, providers, security practices, or legal obligations change. The latest version and update date will be published here.

Privacy requests may be submitted to privacy@sherehepass.co.ke.

General support requests may be submitted to support@sherehepass.co.ke.

You may also review our Terms of Service.