Privacy Policy

01

Introduction

This Privacy Policy explains how Mingo Technologies Ltd ("MINGO", "we", "us", or "our") collects, uses, shares, and protects your personal data when you use our platform, website, or services. We are committed to handling your information responsibly and in accordance with applicable data protection legislation, including the UK GDPR and the Gibraltar Data Protection Act 2004.

By using MINGO, you acknowledge that you have read and understood this policy. If you do not agree, please do not use our services.

02

Who We Are

The data controller responsible for your personal information is:

Registered company

Mingo Technologies Ltd
Suite 4, 2nd Floor, The West Wing
Montarik House, 3 Bedlam Court
GX11 1AA, Gibraltar

If you have any questions about this policy or your data, you can contact us at [email protected].

03

Scope

This policy applies to all personal data we collect and process through:

Our website at mingo.com and any associated subdomains
Our mobile applications
Our ticketing and event management platform
Any communications between you and MINGO

04

What Data We Collect

4.1 Account Data

When you create an account, we collect your name, email address, and password (stored in hashed form). We may also collect your phone number if you choose to add it for two-factor authentication.

4.2 Transaction Data

When you purchase or transfer tickets, we collect details of those transactions including ticket type, price, event details, timestamps, and the identity of other parties to a transfer.

4.3 Payment Data

Payment processing is handled by our payment provider. We do not store your full card number or CVV. We may receive and store limited payment metadata such as the last four digits of your card and the payment method type for your records.

4.4 Device and Usage Data

We may collect technical data including your IP address, browser type, device identifiers, pages visited, and how you interact with our platform. This helps us maintain security and improve our service.

4.5 Communications

If you contact us directly, we will collect and store the content of those communications and any information you provide within them.

05

Blockchain Data

MINGO uses the Hedera network to record ticket states and transactions. Data written to the Hedera ledger is permanent and cannot be deleted — this is a fundamental property of distributed ledger technology.

We design our ledger integration to avoid writing directly identifiable personal data to the blockchain. Ticket records are written using internal identifiers. Wallet addresses used on Hedera are system-generated and not directly linked to your identity in the public record.

You should be aware that the existence of on-chain transactions and ticket state records will persist indefinitely. Where we are required to honour a right to erasure request, we will anonymise your account data in our systems to the extent technically possible, but cannot remove data already committed to the ledger.

06

How We Use Your Data

6.1 To provide our services

Managing your account, processing ticket purchases and transfers, facilitating entry verification at events.

6.2 To communicate with you

Sending transactional emails (purchase confirmations, transfer notifications, ticket reminders). Marketing communications only if you have opted in.

6.3 To ensure security and prevent fraud

Monitoring for suspicious activity, verifying identities, protecting against ticket duplication and unauthorised transfers.

6.4 To comply with legal obligations

Meeting our regulatory and legal obligations, including record-keeping, tax reporting, and responding to lawful requests from authorities.

6.5 To improve our platform

Analysing aggregated usage data to understand how our platform is used and to improve functionality. We do not sell your personal data.

6.6 To support event organisers

Providing organisers with data about their own events, including attendee counts, sales data, and entry records. Organisers do not receive other users' personal contact details without consent.

07

Legal Basis for Processing

We process your data under the following legal bases:

Contract performance — to fulfil your ticket purchases and transfers.
Legal obligation — to comply with applicable laws and regulations.
Legitimate interests — to protect our platform, prevent fraud, and improve our services.
Consent — for marketing communications and any processing we do not otherwise have a legal basis for.

08

Sharing Your Data

8.1 Service providers

We share data with trusted third-party service providers who help us operate our platform, including payment processors, cloud infrastructure providers, and analytics services. These providers process data on our behalf and under our instructions.

8.2 Event organisers

Organisers of events you attend may receive your name and ticket information for entry verification purposes.

8.3 Legal requirements

We may disclose your information where required by law, court order, or regulatory authority.

8.4 Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

09

Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter, or as required by law. Specifically:

Account data is retained while your account exists and for up to 7 years after deletion, for legal compliance purposes.
Transaction records are retained for 7 years for financial and regulatory compliance.
Support communications are retained for 3 years.

10

Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews.

No method of transmission or storage is 100% secure. If you become aware of any security issue, please report it to [email protected].

11

International Transfers

Your data may be processed in countries outside your own, including countries that may not have equivalent data protection laws. Where this occurs, we use appropriate safeguards such as standard contractual clauses or rely on adequacy decisions to ensure your data is protected.

12

Your Rights

Depending on your jurisdiction, you may have the following rights:

Access — to request a copy of the personal data we hold about you.
Rectification — to request correction of inaccurate data.
Erasure — to request deletion of your data, subject to legal obligations and the blockchain limitations described above.
Restriction — to request that we limit our processing in certain circumstances.
Portability — to receive your data in a structured, machine-readable format.
Objection — to object to processing based on legitimate interests.
Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected].

13

Third-Party Services

Our platform may contain links to third-party services or integrate with external providers. This policy does not cover those services. We encourage you to review the privacy policies of any third-party services you use in connection with MINGO.

14

Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top. For material changes, we will notify you by email or by a prominent notice on our platform.

15

Contact Us

For any data protection queries or to exercise your rights:

Data controller

[email protected]
Mingo Technologies Ltd, Suite 4, 2nd Floor, The West Wing, Montarik House, 3 Bedlam Court, GX11 1AA, Gibraltar