homelogin

Privacy Policy

Last updated: March 2026

1. General Provisions

This Privacy Policy applies to the personal data of users of the Wafian platform, collected and processed by Spawn Solutions LLC, 167 Madison Ave #205 505, New York, NY 10016, USA (hereinafter: "Wafian" or "we").

We respect and value your privacy and take the protection of your personal data very seriously. This Privacy Policy has been created to explain in a transparent and understandable manner how we collect, use, and share your data, and how you may exercise your rights as a data subject.

This Privacy Policy is important so that you can determine in advance the scope and consequences of data processing and understand how you can maintain control over your personal data. We encourage you to read it carefully.

2. Definitions

Personal Data – any information relating to an identified or identifiable natural person, directly or indirectly, including name, identification number, location data, online identifiers, or physical, physiological, genetic, mental, economic, cultural, or social identity.

Data Subject – a natural person whose personal data is being processed.

Processing – any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, dissemination, restriction, erasure, or destruction.

Pseudonymization – processing personal data in a manner that it can no longer be attributed to a specific individual without additional information, provided such information is kept separately with appropriate technical safeguards.

Controller – the natural or legal person that determines the purposes and means of processing personal data.

Processor – a natural or legal person that processes personal data on behalf of the Controller.

Recipient – a natural or legal person to whom personal data is disclosed.

Third Party – any person other than the data subject, controller, processor, or persons authorized to process personal data.

Consent – any freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their personal data.

Cookies – small text files stored on your device when you visit a website.

Digital Collectible – a non-transferable digital item awarded to users as a memento of attending an event, with no monetary value and not redeemable or transferable outside the Wafian platform.

3. Scope of Data Processing

This Privacy Policy applies to all individuals who:

  1. Access our platform at wafian.io or via the Wafian mobile application
  2. Contact us via email at support@wafian.io
  3. Subscribe to receive our newsletter
  4. Purchase tickets or attend events through the Wafian platform

We process only the data necessary for the purposes described below. In particular:

  • We do not sell your personal data
  • We do not disclose your data to marketing agencies
  • We do not share your personal data with third parties except as required by contract or law, or as described in this Policy

4. Data We Collect, Purpose, Legal Basis, and Retention

Wafian collects the following categories of data:

4.1 Registration and Identification Data

Includes: name, surname, username, email address, phone number, postal address, date of birth, profile photo (where required for verification).

  • Purpose: Creating user accounts, enabling platform access, identity verification.
  • Legal basis: Performance of contract; legitimate interest (account security).
  • Retention: Duration of account + 3 years after account closure.

4.2 Login and Security Data

Includes: encrypted passwords, access logs, IP addresses, device and browser information.

  • Purpose: Securing accounts, protecting against misuse, fraud prevention.
  • Legal basis: Legitimate interest of the Controller.
  • Retention: Logs and IP addresses retained for 6–12 months; longer in the event of investigations or security incidents.

4.3 Transactional Data

Includes: purchase details (amount, currency, date, transaction status). Wafian does not process card numbers directly — this is handled by external payment processors.

  • Purpose: Processing payments, accounting, and tax records.
  • Legal basis: Performance of contract; legal obligation.
  • Retention: Minimum 7 years (accounting and tax requirements under applicable US and EU law).

4.4 Digital Collectible Data

Includes: data associated with event collectibles awarded upon venue entry.

  • Purpose: Recording ownership and enabling display of collectibles within the platform.
  • Legal basis: Performance of contract.
  • Retention: Duration of account + 3 years after closure.

4.5 KYC / AML Data (if and where legally required)

Includes: government-issued ID, address, business documentation. This data is only collected where explicitly required by applicable law or regulation. Wafian does not currently require KYC verification for standard ticket purchases.

  • Purpose: Compliance with anti-money laundering and counter-terrorism financing obligations.
  • Legal basis: Legal obligation.
  • Retention: Minimum 5 years from end of business relationship, or longer if required by law.

4.6 Communication Data

Includes: emails, support requests, and attachments sent by the user.

  • Purpose: Resolving user queries, complaints, and support requests.
  • Legal basis: Performance of contract; legitimate interest.
  • Retention: 3 years, unless longer retention is required to resolve a dispute.

4.7 Marketing and Analytics Data

Includes: IP address, cookies, browsing data, newsletter subscriptions.

  • Purpose: Monitoring platform usage, improving services, sending newsletters and offers.
  • Legal basis: User consent (for newsletter and marketing cookies); legitimate interest (for essential analytics).
  • Retention: Until consent is withdrawn (newsletter/marketing); technical cookies and logs up to 12 months.

5. Cookies and Newsletter

Cookies

  • Essential cookies enable core platform functionality (login, security).
  • Analytics cookies (e.g., Google Analytics) are used to analyze traffic and improve our services.
  • Marketing cookies are used only with your consent to personalize offers.

You can manage your cookie preferences at any time through our cookie consent banner or your device/browser settings.

Newsletter

If you subscribe to our newsletter, we process your email address to inform you about:

  1. New features and platform updates
  2. News in event technology and digital ticketing
  3. Educational resources (articles, guides, webinars)
  4. Upcoming events and promotions
  5. User stories and best practices

You may withdraw your newsletter consent at any time by clicking "Unsubscribe" in any email we send you.

6. Digital Collectible and Custodial System

The Wafian platform uses a custodial model for digital collectibles. This means that collectibles and associated data are stored within the technical infrastructure managed by Wafian, without issuing private keys to users.

Personal data is not written directly to any public blockchain network. All blockchain records are pseudonymized and contain only technical transaction data.

Digital collectibles on the Wafian platform have no monetary value and cannot be transferred, sold, or redeemed outside of the Wafian ecosystem. They serve solely as digital mementos of event attendance.

Wafian does not provide third parties with access to private keys and does not share them with users or other entities.

7. Data Security

We implement appropriate administrative, technical, and organizational measures to ensure a suitable level of protection for the personal data we collect and process.

Security measures include:

  • Encrypted communications (TLS/HTTPS)
  • Password hashing
  • Access controls and role-based permissions
  • Data retention policies
  • Server and infrastructure protection

Access to personal data is restricted to authorized personnel only.

8. Data Processors and Third Parties

To perform certain processing activities, we engage external processors. We only use processors that provide sufficient guarantees of appropriate technical and organizational safeguards.

We may share data with the following categories of recipients:

  • External payment processors (e.g., Stripe, WSPay) — for payment processing. These services are governed by their own privacy policies. Wafian does not store card numbers.
  • Hosting and cloud infrastructure providers — for database and service hosting.
  • Email and newsletter service providers — for communications.
  • Event organizers — limited to information necessary for entry validation or event-related communication (e.g., name and email of ticket purchaser).
  • Legal, tax, and regulatory authorities — where required by applicable law.
  • Google LLC (USA) — for analytics services.

Where data is shared with providers outside the United States or the European Economic Area, Wafian will implement appropriate legal safeguards such as Standard Contractual Clauses or rely on applicable adequacy decisions.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.
  • Right of access — to know whether we process your data and to receive a copy.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to erasure — to request deletion where data is no longer necessary, consent is withdrawn, or processing is unlawful.
  • Right to restriction — to limit processing in certain circumstances.
  • Right to data portability — to receive your data in a structured, commonly used format, where applicable.
  • Right to object — to processing for direct marketing or based on legitimate interests.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights (applicable to California residents under CCPA).

To exercise any of these rights, please contact us at privacy@wafian.io. We will respond within 30 days. This period may be extended by an additional 60 days in complex cases.

You are not required to pay any fee to exercise your rights.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete personal information we have collected
  • The right to opt out of the sale or sharing of personal information
  • The right to correct inaccurate personal information
  • The right to limit use of sensitive personal information

We do not sell your personal information. To submit a CCPA request, contact us at privacy@wafian.io.

11. Apple App Store – Data Practices

In connection with our iOS application, we disclose the following data practices as required by Apple:

Data Used to Track You

We do not use data from the Wafian app to track you across third-party apps or websites.

Data Linked to You

The following data types may be collected and linked to your identity:

  • Contact information (name, email address, phone number)
  • Identifiers (user ID, device ID)
  • Purchases (transaction history)
  • Usage data (app interactions)

Data Not Linked to You

The following data may be collected but is not linked to your identity:

  • Diagnostics (crash data, performance data)
  • Analytics (aggregated usage statistics)

12. Security Incidents

In the event of a personal data breach that may result in risk to users' rights and freedoms, Wafian will notify the relevant regulatory authority without undue delay and, where required, notify affected individuals with a description of the incident and the measures taken. For US users, the relevant authority may include the Federal Trade Commission (FTC) or applicable state regulators. For EU and Serbian users, this refers to the competent data protection supervisory authority in your jurisdiction.

13. Minors

Our platform is not intended for persons under the age of 13 without parental or guardian consent.

If we discover that data has been collected without appropriate consent, we will immediately delete it and disable access to the account.

Parents and guardians have the right to request access, correction, or deletion of their child's data.

We may verify age to protect minors; however, we are not liable if a minor provides false age information.

14. Automated Decisions and Profiling

Wafian does not currently make automated decisions or conduct profiling that produces legal or similarly significant effects on users. If such processing is introduced in the future, users will be clearly informed and, where required, asked for their consent.

15. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technical developments.

All changes take effect upon publication on our website and within the application. We will notify you of material changes via email or in-app notification where required by applicable law.

If you do not agree with our Privacy Policy, please stop using the platform and deactivate your account.

This Privacy Policy forms an integral part of the Wafian Terms of Service. In the event of conflict between the Privacy Policy and the Terms of Service on matters relating to personal data, this Privacy Policy shall prevail.

16. Contact

For all questions, requests, and complaints regarding your personal data, please contact us:

  • Privacy inquiries: privacy@wafian.io
  • General support: support@wafian.io
  • Data deletion requests: privacy@wafian.io (subject: "Data Deletion Request")
  • Postal address: Spawn Solutions LLC, 167 Madison Ave #205 505, New York, NY 10016, USA

You may also submit a data deletion request directly through the account settings in the Wafian app.

For users in the European Union or Serbia, you also have the right to lodge a complaint with your local data protection authority.