Home Privacy Policy

Privacy Policy

Version 1.0 Last updated January 2026

Plain-English summary: jumpin. collects only the information it genuinely needs to run an event ticketing service. We do not sell your data. We do not share it with advertisers beyond what Google AdSense requires to serve ads on public pages. You can request deletion of your account and data at any time.

1. Who we are

jumpin. is an online event ticketing platform serving Ghana, operated under the domain jumpin.today (and any future custom domain). When this policy refers to "jumpin.", "we", "us", or "our", it means the operators of this platform.

We process personal data in two roles depending on context:

  • As a controller — for data we collect directly from you when you create an account, buy tickets, or use the platform.
  • As a processor — when an event organiser uses jumpin. to manage their event, the organiser is the controller of their attendees' data, and we process it on their behalf.

If you have questions about this policy, contact us at privacy@jumpin.today.

2. What information we collect

2.1 Information you give us directly

When you create an account or buy tickets, we collect:

  • Identity information: full name, display name, username
  • Contact information: email address
  • Profile information: bio, city, social media links, profile photo (optional)
  • Payment-related information: your name and email address for booking confirmation. We do not store card numbers, mobile money PINs, or any raw payment credentials — those are handled entirely by Paystack (see Section 5).
  • Event information (organisers): event name, description, venue, dates, cover images, ticket tier details

2.2 Information we collect automatically

When you use jumpin., our servers and third-party services automatically record:

  • Usage data: pages visited, features used, time spent, clicks
  • Device data: browser type, operating system, screen size, language
  • Connection data: IP address, approximate location (country/city level derived from IP)
  • Booking data: ticket purchase history, check-in records

2.3 Information from third parties

If you sign in with Google, we receive your name, email address, and profile picture from Google, subject to the permissions you grant. We do not receive your Google password or access to your Google account beyond the information you explicitly share.

3. How we use your information

We use your information only for the following purposes:

Purpose Legal basis
Creating and managing your account Contract performance
Processing ticket purchases and sending booking confirmations Contract performance
Delivering digital tickets and QR codes Contract performance
Enabling event organisers to verify tickets at the door Contract performance
Sending transactional emails (booking confirmations, event reminders) Contract performance
Showing you events relevant to your city Legitimate interests
Detecting and preventing fraud or abuse Legitimate interests
Improving the platform through anonymised analytics Legitimate interests
Serving Google AdSense advertisements on public pages Legitimate interests / your consent where required
Complying with legal obligations Legal obligation

We do not use your data for automated decision-making that produces legal or similarly significant effects, and we do not build profiles for the purpose of selling advertising targeted at you individually.

4. Who we share your information with

We do not sell your personal data. We share it only in these circumstances:

4.1 Event organisers

When you purchase a ticket, the event organiser receives your name, email address, ticket tier, and booking reference. This is necessary for them to manage attendance, send event updates, and verify your entry at the door. Organisers are bound by these terms and may not use your data for unrelated marketing.

4.2 Service providers

We use the following third-party services that process data on our behalf:

Provider Purpose Data shared
Supabase Database and authentication infrastructure All account and transaction data
Paystack Payment processing Name, email, payment amount
Cloudinary Image hosting and transformation Profile photos, event cover images
Resend Transactional email delivery Name, email, booking details
Netlify Web hosting and serverless functions Server logs including IP addresses
Google Sign-in (OAuth) and advertising (AdSense) See Section 6

Each of these providers has their own privacy policy and data processing agreements. We choose providers that maintain appropriate data protection standards.

4.3 Legal requirements

We may disclose your data if required to do so by Ghanaian law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of jumpin., our users, or the public.

4.4 Business transfers

If jumpin. is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

5. Payment processing

All payments are processed by Paystack (a PCI-DSS compliant payment processor). When you pay by card or mobile money:

  • Your payment credentials (card number, mobile money PIN) are entered directly on Paystack's secure page or popup — they are never transmitted to or stored on jumpin. servers.
  • jumpin. receives only a payment reference and confirmation of success or failure.
  • Your booking reference, name, email, and ticket amount are stored by jumpin. for record-keeping and ticket generation.

Paystack's privacy policy is available at paystack.com/gh/privacy.

We do not store your mobile money number beyond the current session unless you explicitly save it in your profile.

6. Advertising and cookies

6.1 Google AdSense

jumpin. displays advertisements served by Google AdSense on public discovery pages (home, events browse, organiser marketing page). Ads are never shown during the checkout process, on ticket pages, in the dashboard, or in the scanner.

Google uses cookies and similar tracking technologies to serve ads based on your prior visits to websites, not based on personal data we provide to them. Google may combine information about your visit to jumpin. with information from other websites to personalise ads.

You can opt out of interest-based advertising by visiting Google's Ad Settings or by installing the Google Analytics Opt-out Browser Add-on.

Google's privacy policy is available at policies.google.com/privacy.

6.2 Cookies we set

jumpin. itself sets only functional cookies and browser storage entries necessary to operate the service:

Name / key Type Purpose Duration
jmp-auth-token localStorage Keeps you signed in (Supabase session) Until sign-out or token expiry
jmp-theme localStorage Remembers your preferred colour theme Indefinite (preference)
jmp-city localStorage Remembers your preferred city filter Indefinite (preference)
jmp-ticket-[ref] localStorage Offline cache of your ticket data Indefinite (deleted when you clear browser data)
jmp-scanner-session-[id] localStorage Scanner check-in counter for organisers Indefinite (manual reset available)
jmp-checkout sessionStorage Temporary checkout state (cleared after purchase) Session only

None of these entries are used for tracking or advertising. They are strictly necessary for the platform to function. Clearing your browser's local storage removes all of them.

6.3 Third-party cookies

Google AdSense and Google Sign-in may set their own cookies. These are governed by Google's cookie policy and are subject to your browser's cookie settings and Google's privacy controls.

7. How long we keep your data

We retain your data for as long as necessary to provide the service and comply with our legal obligations:

  • Account data — retained until you delete your account
  • Ticket and booking records — retained for 7 years from the transaction date for financial record-keeping purposes, even if you delete your account (the records are anonymised after account deletion)
  • Event data (organisers) — retained until you delete the event or your account
  • Anonymised usage analytics — retained indefinitely (cannot be linked back to you)
  • Server logs — retained for 90 days by Netlify

When you delete your account, your name, email, username, bio, and profile photo are permanently deleted. Your booking references are retained in anonymised form to maintain the integrity of attendance records.

8. Your rights

You have the following rights over your personal data. To exercise any of them, contact us at privacy@jumpin.today.

Right to access

You can request a copy of all personal data we hold about you. We will respond within 30 days.

Right to correction

You can update most of your data directly in Settings. If something is incorrect and you cannot change it, contact us.

Right to deletion

You can delete your account from Settings → Danger Zone, or by emailing us. Financial records are retained in anonymised form as required by law.

Right to portability

You can request an export of your data in a machine-readable format (JSON or CSV).

Right to object

You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.

Right to restrict

You can ask us to restrict processing of your data in certain circumstances, for example while a dispute is being investigated.

You also have the right to lodge a complaint with the Data Protection Commission of Ghana if you believe we have not handled your data lawfully. The Commission can be reached at dataprotection.org.gh.

9. Security

We implement reasonable technical and organisational measures to protect your data:

  • All data is transmitted over HTTPS (TLS encryption)
  • Passwords are hashed and never stored in plain text (handled by Supabase Auth)
  • Database access is controlled by Row-Level Security policies — your data is only accessible by your own account and platform administrators
  • Payment credentials never touch our servers — Paystack handles all card and MoMo processing in their PCI-DSS compliant environment
  • API keys and secrets are stored as environment variables, never in source code

No security system is infallible. If you discover a vulnerability, please report it responsibly to security@jumpin.today before public disclosure.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities within 72 hours of becoming aware of the breach, as required by the Data Protection Act of Ghana.

10. Children

jumpin. is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at privacy@jumpin.today and we will delete the account and associated data.

Some events on jumpin. are age-restricted (for example, 18+ events). Age restrictions are set by event organisers and enforced at the venue. jumpin. is not responsible for verifying attendee age at the door.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send an email notification to registered users
  • Show a notice on the platform for at least 14 days

Your continued use of jumpin. after the effective date of any change constitutes your acceptance of the updated policy. If you do not agree with the changes, you may delete your account.

Minor changes (for example, fixing a typo or clarifying existing language without changing the substance) will be made without notification.

12. Contact us

For privacy-related questions, data requests, or complaints:

jumpin.
Ghana's Event Platform
privacy@jumpin.today

We aim to respond to all privacy requests within 5 business days and to complete them within 30 days.

Terms of Service Back to jumpin.