Cigar & Bourbon Tickets Privacy Policy
Welcome to the Cigar & Bourbon Tickets ticketing, registration, and membership platform (“Platform”). This Privacy Policy (“Policy”) explains how your personal information is collected, used, and disclosed when you access or use our Platform, which is owned and operated by Cigar & Bourbon Tickets LLC (“Company”, “we”, “us”, or “our”). By using our Platform, you consent to the practices described in this Policy. To learn more about Cigar & Bourbon Tickets Legal Terms, click here.
1. Information We Collect
(a) Personal Information: When you create an account, purchase tickets or memberships, or pay an invoice through our Platform, we collect personal information such as your name, email address, phone number, billing address, and payment information.
(b) Account Information: If you register as an Organizer, we collect additional information including your business name, business address, tax identification information (as required by Stripe or PayPal), and bank account or PayPal account details (collected and stored by the respective payment processor, not by Company).
(c) Social Login Information: If you choose to register or sign in using a social authentication provider (Facebook, Google, X/Twitter, or Apple), we receive certain profile information from that provider, which may include your name, email address, profile photo, and unique account identifier. We do not receive or store your social media account password. The specific information shared depends on your privacy settings with the respective provider.
(d) Event and Membership Data: When you purchase tickets or memberships through online checkout, the Door Management web app, the CBT Organizer App, or by scanning a Platform-generated QR Code Payment, we collect transaction details including the event or membership selected, purchase amount, date and time of purchase, ticket type, and payment method used (Stripe, PayPal, Tap to Pay, Stripe Terminal card reader, QR Code Payment, cash, or comp). For at-the-door cash and comp sales, your name and email are optional and are collected only with your consent. Card data is never stored on the Organizer’s device or on the Platform.
(e) Location Information: We collect location information in the following ways: location you provide when searching for events (city name or zip code); geolocation data from your device if you enable “Current Location” features (with your permission); and location data from Google Maps and Google Places APIs when you search for events or venues.
(f) Usage Information: We collect information about your interactions with our Platform, including your IP address, browser type, operating system, device information, pages visited, links clicked, and browsing activities. We may also use cookies and similar technologies to collect this information. See our Cookie Statement for details.
(g) Social Features Data: We collect information about your use of social features on the Platform, including events you save to favorites, Organizers you follow, reviews or ratings you submit, your name as displayed on event guest lists (if you opt in), and photos you upload to event photo walls including any metadata contained in the image files.
(h) Communication Data: We collect information from communications you send to us, including emails, support requests, and feedback.
(i) AI-Processed Data: When you use our Smart Chat feature, we collect the content of your questions and the AI-generated responses. When Organizers use the AI Event Description Generator, we collect the event details submitted (title, category, venue, city, date, tone preference, and additional notes) and the generated description. When Organizers use the AI Event Planning Assistant, we collect the conversation messages exchanged with the assistant; the assistant also accesses the Organizer’s event data (event names, dates, venues, ticket tiers, pricing, attendee counts, and event descriptions) to provide personalized recommendations. AI Assistant conversations are stored in our database and associated with the Organizer’s vendor account. This data is transmitted to our AI service provider (Anthropic) for the purpose of generating responses and descriptions. We do not use AI interactions for advertising purposes. Chat interactions and description generation requests are not linked to your personally identifiable information when transmitted to the AI provider unless your query or event details contain personal information.
(j) Promotional Analytics Data: When you view or interact with promoted event listings, we collect analytics data including page impressions, click events, referring URLs, referrer source categories (e.g., search engine, social media, direct), and the pages on which promoted content was displayed. This data is collected in aggregate and is used to measure the performance of paid promotional placements and to provide performance reports to Organizers who have purchased promotions.
(k) SMS Communications Data: If you opt in to receive SMS notifications from the Platform or an event Organizer, we collect your phone number, mobile carrier information, and a record of your consent for the purpose of delivering text messages. Consent is captured at checkout or at the point of opt-in and is logged with a timestamp.
SMS messages may be delivered through one of three paths, in priority order based on Organizer configuration:
- Organizer’s own Twilio account (BYOT): If the Organizer has connected their own Twilio account, your phone number and message content are transmitted to that Organizer’s Twilio sub-account.
- Platform Toll-Free SMS: Where available, transactional messages such as ticket delivery and order confirmations may be sent from the Platform’s registered toll-free number, (888) 623-8399, via Twilio under our A2P 10DLC registration.
- Carrier Email Gateway: As a legacy fallback, messages may be delivered to your carrier’s email-to-SMS gateway. Deliverability through this method varies by carrier and is being phased out in favor of registered messaging.
Message frequency varies based on event activity, typically one to four messages per event. Standard message and data rates may apply. Reply STOP at any time to opt out, or HELP for help. Opt-out is honored within all three delivery paths and applies to subsequent transactional and marketing SMS from the affected sender. Marketing SMS requires separate express written consent in addition to any consent provided for transactional messages.
(l) Invoice Recipient Data: When an Organizer sends an invoice through the Platform’s Marketing Services feature, we collect information about the invoice recipient, including business name, contact name, and email address. This information is provided by the Organizer and is used to deliver invoice notifications, process payments, and send payment confirmations. Invoice recipients may or may not have a registered account on the Platform. If you receive an invoice through the Platform and make a payment, your payment information is processed by Stripe and is not stored by Company.
(m) Mobile Application (CBT Organizer): When you use the CBT Organizer mobile application, we collect the following additional information:
- Authentication: Your email address is used to authenticate your identity via a secure scanner link. Your session is stored locally on your device and expires automatically.
- Camera: The app uses your device’s camera solely for scanning QR codes on tickets and membership cards at event check-in. No photos or videos are captured or stored.
- NFC (Near Field Communication): The app uses NFC solely for Tap to Pay contactless payment processing via Stripe Terminal. No NFC data is stored on the device. Card information is processed directly by Stripe and is never stored on your device or our servers.
- Customer Data: When organizers process transactions through the app, customer data (names, email addresses, phone numbers, guest counts) may be collected on behalf of the event organizer and stored securely on our servers.
- Usage Data: We may collect basic usage data such as app crashes and error logs to improve the app experience. This data is not linked to your identity.
(n) Rewards & Loyalty Data: When you participate in an Organizer’s rewards program, we collect and process information related to your loyalty membership, including your phone number (used as your rewards identifier), purchase history and total spend with that Organizer, points earned and redeemed, reward tier status, visit count, and tier upgrade history. This information is used to calculate your reward tier, apply automatic discounts at checkout, send tier upgrade notifications, and display your rewards dashboard in your account. Each Organizer operates an independent rewards program; your loyalty data with one Organizer is not shared with other Organizers. We may also maintain platform-level aggregate data about your cross-Organizer activity for the purpose of platform-level benefits.
(o) Digital Wallet Pass Data: When you save a ticket or membership card to Apple Wallet or Google Wallet, we generate a digital pass file containing your name, ticket or membership identifiers, event or membership details, organizer logo and branding, and a unique serial number. Passes are signed with our authorized signing certificate (Apple WWDR for Apple Wallet, Google Wallet API key for Google Wallet) and delivered to the respective wallet platform. The pass also embeds a callback URL that enables the wallet platform to retrieve updated pass content from our servers when event details change. We log when a pass is generated and when it is updated, but we do not receive notification when you add or remove the pass from your wallet.
(p) Third-Party Tracking Pixels (Organizer-Configured): Event Organizers may choose to install third-party tracking pixels on their event pages and checkout completion pages to measure advertising performance, build retargeting audiences, and report on conversions. The Platform supports the following tracking pixels: Meta Pixel (Facebook/Instagram), TikTok Pixel, Google Analytics 4 (GA4), and Google Ads Conversion Tracking. When an Organizer enables one or more of these pixels, the relevant pixel script is loaded on the public event page and on the order confirmation page following a completed purchase. The pixel may collect information including your IP address, browser type and device information, the page URL, referring URL, and event/order metadata such as event identifier, ticket quantity, order total, and currency. This information is transmitted directly from your browser to the third-party pixel provider (Meta, TikTok, or Google) and is governed by that provider’s privacy policy. The pixel scripts may also read or set cookies on your device. Pixel firing is controlled by the Organizer, not by Company; if no Organizer-level or event-level pixel ID is configured, no pixel scripts are loaded. You can manage or block tracking pixels through your browser’s privacy controls, ad-blocker extensions, or the opt-out mechanisms provided by the respective ad networks (see Section 3 below for links).
2. Use of Information
(a) Providing Services: We use your personal information to process ticket purchases, membership enrollments, event registrations, invoice payments, and related transactions. This includes communicating with you regarding your transactions, sending order confirmations, delivering tickets (including QR codes), sending invoice notifications and payment confirmations, and providing event-related information and updates.
(b) Membership Management: For memberships, we use your information to process recurring payments, send billing reminders and renewal notices, and facilitate communication between you and the Organizer.
(c) Account Authentication: We use information received from social login providers to create and authenticate your account, link your social account to your Platform account, and pre-populate your profile with information you have authorized the provider to share.
(d) Personalization: We use your information to personalize your experience on our Platform, such as suggesting events based on your location, displaying events from Organizers you follow, and tailoring recommendations based on your browsing and purchase history.
(e) Platform Improvement: We analyze usage patterns, trends, and user engagement to improve the functionality, performance, and user experience of our Platform.
(f) Marketing Communications: With your consent, we may send you promotional emails about upcoming events, new Organizers, or special offers. You can opt-out at any time by following the unsubscribe instructions in the emails or contacting us directly.
(g) Safety and Security: We use your information to detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
(h) Legal Compliance: We may use your information to comply with applicable laws, regulations, legal processes, or governmental requests.
(i) Promotional Services: We use promotional analytics data to deliver and optimize paid promotional placements, provide performance reports (impressions, clicks, referrer sources) to Organizers who have purchased promotions, enforce fairness limits on promotional placements, and improve the overall effectiveness of the promotional system.
3. Information Sharing
(a) Event Organizers: When you purchase a ticket or membership, or pay an invoice, we share your name, email address, and other relevant transaction information with the Organizer to facilitate event check-in, membership management, invoice fulfillment, and event-related communication. Organizers are required to handle your personal information in compliance with applicable data protection laws and their own privacy policies.
(b) Payment Processors: Payments are processed through Stripe (via Stripe Connect) or PayPal (via PayPal Commerce Platform), depending on the Organizer’s configuration and your selected payment method. When you make a purchase, your payment information is transmitted directly to the respective payment processor and the Organizer’s connected payment account. Company does not store your full payment card information or PayPal account credentials. Your data is governed by the Stripe Privacy Policy or the PayPal Privacy Policy, as applicable.
(c) Social Login Providers: When you use social login, we exchange authentication data with the respective provider (Facebook, Google, X/Twitter, or Apple). We receive only the profile information you have authorized the provider to share. We do not share your Platform activity or purchase history back to social login providers. Your use of social login is also governed by the respective provider’s privacy policy.
(d) Service Providers: We engage third-party service providers to perform functions on our behalf, such as web hosting (Hostinger), content delivery, security, and media storage (Cloudflare CDN and Cloudflare R2), transactional email delivery (Brevo), email marketing campaigns (Mailchimp), mapping and location services (Google Maps), and analytics (Google Analytics). These service providers have access to your personal information only to the extent necessary to perform their services and are obligated to protect your information. See our Sub-Processors page for a complete list.
(e) AI Service Provider: When you use Smart Chat or the AI Event Description Generator, the content of your queries or event details is transmitted to Anthropic, our AI service provider, for the purpose of generating responses or event descriptions. Anthropic processes this data in accordance with their privacy policy and data processing agreements with Company. We do not share your account information, purchase history, or other personal data with Anthropic beyond the content of your Smart Chat queries and the event details submitted for description generation.
(f) SMS Service Provider: If you opt in to receive SMS notifications from an event Organizer and the Organizer has configured Twilio as their SMS provider, your phone number and carrier information are transmitted to Twilio for the purpose of delivering text messages. Twilio processes this data in accordance with their privacy policy. SMS data is only shared when you have explicitly opted in to receive SMS communications.
(g) Social Media Auto-Posting (Meta): When an Organizer connects their Facebook Page and/or Instagram Business account and enables auto-posting, event information (title, date, time, venue, city, state, price, featured image, and event URL) is transmitted to Meta Platforms, Inc. via the Meta Graph API for the purpose of publishing posts to the Organizer’s connected social media accounts. This data sharing occurs only when the Organizer has explicitly authorized the connection and enabled auto-posting. Attendee personal information is not shared with Meta through this feature. Organizers may disconnect their social media accounts at any time.
(h) Legal Compliance: We may disclose your personal information if required by law, court order, or governmental authority, or if we believe that such disclosure is necessary to comply with a legal obligation, protect our rights or the rights of others, prevent fraud, or ensure the safety of our users.
(i) Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information.
(j) Wallet Platforms: When you save a digital pass to Apple Wallet, Apple Inc. receives the pass data and synchronizes it across your Apple devices via iCloud. Updates to the pass (such as changes to event time or venue) are delivered through the Apple Push Notification Service. Apple’s processing of your wallet data is governed by the Apple Privacy Policy. When you save a digital pass to Google Wallet, Google LLC receives the pass data via the Google Wallet API and synchronizes it to your Google Account. Updates to the pass are delivered through Google’s notification systems. Google’s processing of your wallet data is governed by the Google Privacy Policy.
(k) Third-Party Advertising and Analytics Providers (Organizer-Configured): When an Event Organizer has enabled tracking pixels on their event pages, browser-side tracking scripts transmit limited data directly to the following third parties for advertising measurement, retargeting, and conversion reporting:
- Meta Platforms, Inc. (Meta Pixel) — for Facebook and Instagram ad measurement and audience building. Governed by the Meta Privacy Policy. You can manage Meta ad preferences and opt out at facebook.com/adpreferences/ad_settings.
- TikTok Inc. (TikTok Pixel) — for TikTok ad measurement and retargeting. Governed by the TikTok Privacy Policy. You can manage TikTok ad personalization in your TikTok account settings.
- Google LLC (Google Analytics 4 and Google Ads Conversion Tracking) — for site analytics and Google Ads measurement. Governed by the Google Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on and manage Google ad personalization at adssettings.google.com.
The information shared with these providers is described in Section 1(p) above. We do not share your name, email address, phone number, or payment information with these providers. Pixel firing depends entirely on whether an Organizer has configured a pixel ID; you may also block or limit pixel tracking through browser-level Do Not Track settings, ad-blocker extensions, the opt-out tools linked above, or the industry opt-out mechanisms maintained by the Network Advertising Initiative and the Digital Advertising Alliance.
4. Data Security
We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit (SSL/TLS), secure hosting infrastructure, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
Account Change Notifications and Recovery: When your password or email address is changed, we send a notification to the email address on file. For email address changes, we generate a secure, one-time-use recovery token that allows you to revert the change within 48 hours. This token is stored in hashed form and automatically expires. If used, all active sessions are terminated and a password reset is initiated to help you regain control of your account. We log security events (such as email reverts) including IP addresses for fraud prevention purposes.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our services. We may also retain your information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes. After the applicable retention period, we will securely delete or anonymize your personal information.
6. Children’s and Minors’ Privacy
Our Platform is intended exclusively for individuals who are at least 21 years of age. We do not knowingly collect personal information from anyone under the age of 21. If we become aware that we have collected personal information from an individual under 21, we will take steps to promptly remove that information from our systems. If you believe a minor has provided us with personal information, please contact us at [email protected].
7. Your Rights
(a) Access: You have the right to request a copy of the personal information we hold about you.
(b) Correction: You have the right to request correction of inaccurate or incomplete personal information.
(c) Deletion: You have the right to request deletion of your personal information, subject to certain exceptions (such as legal obligations or ongoing transactions). This includes the right to request disconnection and deletion of data associated with social login accounts linked to your profile.
(d) Portability: You have the right to request a copy of your data in a commonly used, machine-readable format.
(e) Opt-Out: You have the right to opt out of marketing communications at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 45 days.
8. Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
(a) Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.
(b) Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions provided by law.
(c) Right to Correct: You have the right to request that we correct inaccurate personal information.
(d) Right to Opt-Out of Sale or Sharing: We do not sell your personal information for monetary consideration. Some Event Organizers configure third-party tracking pixels (Meta, TikTok, Google) on their event pages, which may constitute “sharing” for cross-context behavioral advertising under the CPRA. You can opt out of this sharing by enabling Global Privacy Control (GPC) in your browser, using the opt-out mechanisms identified in Section 3(k), installing an ad-blocker, or contacting us at [email protected] with the subject line “Do Not Sell or Share My Personal Information.”
(e) Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. You will not receive different pricing, a different quality of service, or be denied service for exercising your rights.
(f) Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information: Identifiers (name, email address, IP address, account name, social login identifiers); Financial information (payment card details processed by Stripe, PayPal account details processed by PayPal); Commercial information (purchase history, tickets, memberships); Internet or electronic network activity (browsing history, search history, interactions with Platform); and Geolocation data (approximate location from IP address, precise location if you enable it).
(g) How to Submit a Request: California residents may submit a verifiable consumer request by emailing [email protected] with the subject line “California Privacy Request.” You may also designate an authorized agent to make a request on your behalf. We will verify your identity before processing any request.
(h) Response Timing: We will respond to verifiable consumer requests within 45 days of receipt. If additional time is needed, we will notify you of the extension and the reason.
9. Third-Party Links
Our Platform may contain links to third-party websites or services that are not owned or controlled by Company, including Organizer websites, Stripe, PayPal, social login providers, and social media platforms. This Policy does not apply to those third-party websites or services. We encourage you to review the privacy policies of those third parties before providing any personal information.
10. Changes to the Privacy Policy
We may update this Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated Policy on our Platform and, for registered users, by email notification. Your continued use of our Platform after the effective date of the revised Policy constitutes your acceptance of the changes.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Cigar & Bourbon Tickets LLC
8821 Aviation Blvd Unit 88271
Los Angeles, CA 90009 USA
Email: [email protected]