Privacy Policy

cogniFX Technologies, Inc. ("cogniFX," "we," "us," or "our") operates Haunt Passport, a multi-tenant ticketing platform that enables event venues ("Venues") to sell tickets to their customers ("Ticket Buyers"). This Privacy Policy explains how we collect, use, and protect personal information across two groups:

• Venues — businesses that create accounts on the Haunt Passport platform to manage events and process payments
• Ticket Buyers — individuals who purchase tickets through a Venue's Haunt Passport-powered storefront

By using the Haunt Passport platform — whether as a Venue or a Ticket Buyer — you agree to the practices described in this policy.

Payment processing on Haunt Passport is provided by Stripe. When you submit payment information on a Haunt Passport storefront, that information is transmitted directly to Stripe and is governed by Stripe's Privacy Policy. cogniFX does not store credit card numbers, CVV codes, or full payment card data.

Stripe may collect certain information from your device and browser — including IP address, language settings, and behavioral signals such as pages visited and mouse movements — through Stripe.js scripts operating on our storefronts. This collection occurs as part of Stripe's fraud detection and payment verification services. For full details, see Stripe's Privacy Center.

3a. From Ticket Buyers

When you purchase a ticket through a Haunt Passport storefront, we collect:

• Identity information: Full name, email address, and phone number
• Transaction information: Tickets purchased, event details, purchase date, and order amount
• Device and usage information: IP address, browser type, device identifiers, and pages visited on the storefront

Abandoned cart tracking: If you begin the checkout process and enter your email address before completing a purchase, we may retain that email address to send you a reminder about your incomplete order. You may opt out of these communications at any time by clicking the unsubscribe link in any such email.

Analytics and advertising pixels: Our storefronts use the following third-party tracking technologies:

• Google Analytics 4 (GA4) — for site usage analytics
• Meta Pixel — for advertising measurement and audience targeting on Meta platforms
• TikTok Pixel — for advertising measurement and audience targeting on TikTok
• Snapchat Pixel — for advertising measurement and audience targeting on Snapchat

These technologies may collect information about your activity on the storefront and associate it with profiles maintained by those third-party platforms. Their use is governed by their respective privacy policies. You may manage your preferences through your browser settings or the relevant platform's ad preference tools.

3b. From Venues

When a Venue creates an account on Haunt Passport, we collect:

• Business information: Business name, contact name, email address, phone number, and website
• Payment and banking information: Collected and managed by Stripe on our behalf through Stripe Connect. See Stripe's Connected Account Agreement
• Event and sales data: Events created, ticket configurations, pricing, and transaction records generated through the platform

Ticket Buyers

• Process and fulfill your ticket purchase
• Send order confirmation and event-related communications
• Send abandoned cart reminders where applicable
• Detect and prevent fraudulent transactions
• Measure and improve platform performance through analytics
• Comply with legal obligations

Venues

• Provide platform access and account management
• Process payouts through Stripe Connect
• Provide sales analytics, reporting, and AI-powered insights
• Communicate platform updates, billing notices, and support
• Comply with legal and financial obligations

We do not sell your personal information. We share information only in the following circumstances:

• Stripe: Payment processing, identity verification, fraud prevention, and payout disbursement. Stripe operates as an independent data controller for its own services
• Analytics providers: Google, Meta, TikTok, and Snapchat receive data through pixel and tag integrations as described in Section 3a
• Venues: Ticket Buyer order information (name, email, phone, tickets purchased) is accessible to the Venue that sold the tickets, for the purpose of event management and customer service
• Legal compliance: We may disclose information where required by law, court order, or to protect the rights and safety of cogniFX, our Venues, or Ticket Buyers
• Business transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction

We retain Ticket Buyer transaction records for a minimum of seven (7) years to comply with financial recordkeeping requirements. Venue account data is retained for the duration of the account and for a reasonable period thereafter. You may request deletion of your personal data by contacting us at the address below, subject to our legal retention obligations.

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your personal information (subject to retention obligations)
• Opt out of marketing communications at any time
• For California residents: request disclosure of what personal information is sold or shared, and opt out of such sharing (we do not sell personal information)

To exercise any of these rights, contact us at support@hauntpassport.io.

We implement industry-standard security measures to protect personal information, including HTTPS encryption on all storefronts and platform pages, access controls, and secure credential management. Payment card data is handled exclusively by Stripe, which is certified PCI DSS Level 1 — the highest level of certification available in the payments industry.

The Haunt Passport platform and its storefronts are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Venue storefronts may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of the platform after changes are posted constitutes acceptance of the updated policy. Material changes affecting Venues will be communicated by email.

For questions about this Privacy Policy or to exercise your data rights:

cogniFX Technologies, Inc.

Email: support@hauntpassport.io