Legal

Privacy Policy

Last updated: March 2026

Gilded ("we", "us", or "our") is committed to protecting your privacy. This policy explains what personal information we collect when you use the Gilded mobile application and website, how we use it, and what rights you have.

Contents

1. Information We Collect

Account Information

When you create a Gilded account, we collect your email address, display name, and phone number. Your email is collected through our authentication provider, Supabase, and is used to send you a one-time password (OTP) to sign in.

Profile Information

You may optionally upload a profile photo, add a short bio, and provide your Ghana phone number. This information is visible to other users in the context of organiser profiles.

Payment Information

Ticket purchases are processed by Paystack, a third-party payment provider. Gilded does not store your full card number or Mobile Money PIN. We only store a Paystack transaction reference and the amount paid for record-keeping and dispute resolution.

Booking & Ticket Data

We store records of your bookings, including the event, ticket tier, quantity, price paid, and the unique QR payload associated with each ticket.

Device & Push Notification Token

If you grant notification permissions, we store your Expo push notification token to send you booking confirmations, event reminders, and other relevant alerts.

Organiser Verification Documents

If you apply to become a verified organiser, you will be asked to upload a Ghana National Identification Card (Ghana Card) and, optionally, a business registration certificate. These documents are stored in a private, access-controlled Supabase Storage bucket and are only accessible to Gilded administrators during the review process.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Process ticket purchases and issue QR-coded tickets
  • Send booking confirmations and event notifications
  • Enable event organisers to check in attendees at the gate
  • Verify organiser applications and maintain platform integrity
  • Provide customer support
  • Detect and prevent fraud or abuse
  • Comply with applicable Ghanaian laws and regulations

3. Information Sharing

With Event Organisers

When you purchase a ticket, the event organiser can see your name and ticket details through their organiser dashboard. This is necessary for them to manage attendance and process check-ins.

With Paystack

Your payment information is shared with Paystack to process transactions. Paystack's privacy policy governs how they handle your data. We encourage you to review it at paystack.com.

With Supabase

Our platform is hosted on Supabase infrastructure. Your data is stored in Supabase's managed PostgreSQL database and Storage. Supabase acts as a data processor on our behalf.

Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Gilded, our users, or the public.

No Sale of Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or preventing fraud). Booking and transaction records may be retained for up to 7 years for financial compliance purposes.

5. Data Security

We take reasonable technical and organisational measures to protect your data:

  • All data is transmitted over HTTPS/TLS
  • Row Level Security (RLS) is enforced at the database level — users can only access their own data
  • QR ticket payloads are cryptographically signed with HMAC-SHA256 to prevent forgery
  • Organiser verification documents are stored in a private bucket inaccessible to the public
  • Authentication uses one-time passwords (OTP) — no passwords are stored

Despite these measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we are committed to addressing any breach promptly.

6. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete data through your profile settings
  • Request deletion of your account and personal data
  • Withdraw consent for push notifications at any time via your device settings
  • Receive a copy of your data in a portable format

To exercise any of these rights, please contact us at privacy@gilded.app.

7. Cookies & Analytics

The Gilded mobile app does not use web cookies. Our landing website may use minimal, essential cookies for functionality. We do not use third-party advertising cookies or tracking pixels. If we introduce analytics in the future, we will update this policy and notify users accordingly.

8. Children's Privacy

Gilded is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via in-app notification or email at least 14 days before the changes take effect. Continued use of Gilded after the effective date constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact:

Gilded Privacy Team
privacy@gilded.app
Accra, Ghana