South Coast Conservatory Ticketing Privacy Policy

1. Roles and Scope

• Momentum and SCC control the customer relationship, event operations, ticket sales, refund decisions, and the Stripe account used to process payments.
• Kentington Solutions LLC operates, manages, maintains, deploys, integrates, and supports the platform on behalf of SCC and Momentum, including technical troubleshooting, checkout verification, and limited customer service support through the ticketing process.
• This policy applies to the ticketing site, order pages, manual invite flows, scanner/staff interfaces, and flower or other event add-on purchases offered through the same platform.

2. Information We Collect

• Contact information. The checkout form collects the purchaser's full name and email address. Staff may also enter a customer name, email, and limited internal notes when creating a manual invite, complimentary ticket, or manual checkout session.
• Order and fulfillment data. We store the event purchased, ticket quantities, seat selections, flower or other add-on selections, pricing, discounts, fees, ticket QR codes, order status, and related timestamps. When checkout begins, we also record the time you accepted the Terms & Conditions and the versions of the Terms and Privacy Policy shown to you at that time.
• Payment-related data. Payment card data is entered directly into Stripe. In this application database we store payment intent IDs, Stripe customer IDs, receipt emails, payment status, limited order/payment descriptions, and related identifiers needed to reconcile purchases, investigate fraud, handle refunds, or respond to disputes. We do not store the full card number, CVC, expiration date, or local copies of full payment credentials in this application database.
• Technical identifiers. We use cookies and short-lived request fingerprints to keep carts, seat holds, checkout state, and staff sessions tied to your browser. Abuse-prevention controls may use temporary data derived from IP address and user agent. We do not use advertising pixels or third-party analytics on this site.
• Support and staff access records. Admin and scanner tools may expose order, ticket, event, and limited purchaser information to authorized staff so they can verify entry, resend confirmations, investigate support issues, and maintain event operations.

This ticketing platform does not intentionally collect mailing addresses as part of its own checkout forms. If Stripe or a payment method asks for billing or contact details on its own hosted payment surfaces, those fields are handled under Stripe's systems and terms.

Some customer, payment, and checkout-consent records may be created when checkout is initiated, even if a purchase is not fully completed, when that is necessary to hold inventory, prepare a payment attempt, prevent fraud, or support customer service.

3. How We Use Information

• Process ticket, flower, and other event add-on purchases.
• Reserve seats, prevent overselling, and deliver digital tickets or manual invite links.
• Verify tickets at entry, prevent duplicate redemption, and support front-of-house operations.
• Provide transactional communications such as receipts, sign-in links, invite links, and order confirmations.
• Maintain accounting, tax, security, dispute, refund, and chargeback records.
• Investigate fraud, abuse, technical issues, and customer support requests.

We do not sell personal information and we do not use this ticketing site for cross-context behavioral advertising.

4. How We Share Information

We share information only as needed to run the ticketing service and support event operations.

• SCC and Momentum staff for event management, customer service, reporting, and fulfillment.
• Kentington Solutions LLC as the platform service provider for application management, maintenance, debugging, deployment, integration, technical support, and limited operational assistance.
• Stripe for payment processing, fraud prevention, chargeback handling, and refund support.
• Vercel for application hosting, deployment, and supporting infrastructure services.
• Data storage providers including Upstash and managed PostgreSQL services used in connection with the Vercel-hosted platform to store operational ticketing, cart, checkout, and related application data.
• Banks, card networks, payment method providers, and fraud/authentication partners as needed to authorize, process, settle, secure, or review payment transactions and related disputes.
• Resend for transactional emails such as confirmations, staff sign-in links, and manual checkout communications.
• Hosting and infrastructure providers that run the application, database, and Redis cart or seat-hold services.
• Professional advisers or legal authorities when required for accounting, legal process, fraud investigation, chargebacks, safety, or compliance.

5. Stripe and Payment Processing

• Momentum owns and controls the Stripe account used for this service.
• Kentington Solutions LLC may have developer-level Stripe access for testing, verification, integration support, troubleshooting, and service maintenance.
• Stripe may process certain data under its own privacy terms when you interact with Stripe-hosted services such as the Payment Element or Link. Review Stripe's Privacy Policy for more information about Stripe's own practices.
• In connection with a payment attempt, transaction information may also be transmitted through banks, card networks, payment method providers, or related fraud and authentication services that help authorize and settle the transaction.
• Customer purchase, dispute, cancellation, and refund decisions are handled by SCC and Momentum. Kentington's role is limited to platform operation, technical support, and reasonable assistance through the ticketing workflow.

6. Cookies and Similar Technologies

• cartId cookie. An HTTP-only cookie, typically lasting up to 24 hours, that keeps your cart and seat holds synced between requests.
• checkoutSuccess cookie. A short-lived HTTP-only cookie, typically lasting about 30 minutes, used after Stripe returns you to the site so the order success page can be verified on the same device.
• Stripe cookies and device signals. Stripe may use additional cookies or similar technologies to operate payment forms and reduce fraud.
• Staff authentication cookies. Admin and scanner users receive authentication cookies for protected tools. Purchasers do not receive these cookies unless they sign into a staff area.

These cookies are used for site functionality, security, and fraud prevention. Disabling cookies will prevent carts, seat holds, checkout confirmations, and staff sign-in from working correctly.

7. Data Retention

• Cart snapshots typically remain for up to 24 hours. Seat holds and other reservation holds usually expire within minutes unless they are actively extended.
• The checkoutSuccess cookie expires shortly after checkout, and abuse-prevention fingerprints expire shortly after the applicable rate-limit window.
• Orders, tickets, customer records, manual invite records, payment-related metadata, support notes, and administrative audit records may be retained for as long as needed for event operations, accounting, tax, anti-fraud, dispute, chargeback, or legal obligations.

We do not promise immediate deletion of purchase or payment records. If you request deletion or correction, we will review the request and remove or update information that is no longer required for the operational, accounting, security, anti-fraud, dispute, or legal purposes described above.

8. Security

We use administrative, technical, and physical safeguards appropriate for the limited personal data processed by this service, including TLS encryption, role-based staff access, short-lived cart and checkout cookies, signed customer ticket or order links, production security headers, rate limiting, and reliance on Stripe for cardholder data handling. No system is perfectly secure, but we work to minimize the data collected and to protect what we store.

9. Your Rights and Choices

• You may request access to the order information associated with your purchase, ask us to correct contact information, or request a copy of your ticket record.
• You may request deletion of manual invites, notes, or other data that is no longer needed, subject to retention requirements for accounting, fraud prevention, payment disputes, and legal compliance.
• You may control cookies in your browser, keeping in mind that doing so can release active carts and seat holds, prevent checkout confirmation from loading on return, and sign staff users out of protected areas.

If applicable law gives you privacy rights, including rights of access, correction, deletion, or non-discrimination, you may contact us using the information below and we will respond to the extent required by law.

10. Children's Privacy

This ticketing site is intended for adults and guardians purchasing on behalf of students, family members, or guests. We do not knowingly ask children under 13 to submit personal information directly through this site. If you believe a child provided information directly, contact us and we will review and delete it as appropriate. If an adult or staff member provides a student or child name in a support note or invite context, we use that information only for the related event or fulfillment purpose.

11. Changes to This Policy

We may update this policy as the platform, legal requirements, or business practices change. When we make material updates, we will revise the effective date above and may provide notice on the site or through order-related email communications when appropriate.

12. Contact

Please include the email address used at checkout or your order number so your request can be located quickly. SCC and Momentum may work with Kentington Solutions LLC as the platform service provider to respond to your request.