Privacy Policy

1. Who we are

Rebellion Artists, LLC, a Delaware limited liability company (“Rebellion Artists,” “we,” “us,” “our”), operates a software platform (“RAA,” the “Platform”) that connects live-music event organizers with performing artists, bands, and vendors, facilitates bookings and payments between them, and supports the operation of live festivals and events, including ticketing, venue entry, attendee safety, and on-site experiences. Our principal place of business is in Los Angeles, California, USA. Questions about this policy, or to exercise your rights: legal@rebellionartists.com.

2. Scope

This policy explains what personal information we collect, how we use and share it, and the rights you have. It applies to our website, the Platform, and to personal information we process about attendees at live festivals and events that RAA operates or supports, including at the event site.

This policy does not cover personal information we collect from RAA’s own employees, job applicants, internal staff, or independently contracted personnel acting in their workforce capacity. That information is governed by a separate Personnel/Workforce Privacy Notice provided directly to those individuals.

Your use of the Platform is also governed by our Terms of Service, including its dispute-resolution and governing-law provisions, which are incorporated here by reference.

3. Information we collect

• Account information: name, email, phone, company/role, password.
• Artist/performer profile: stage or act name, genre, bio, photos, audio and video samples, and performance history.
• Identity & verification (KYC) — sensitive personal information: government identification, date of birth, address, and verification results, collected via our verification providers where required to onboard sellers and meet legal and fraud-prevention obligations.
• Payment information — includes sensitive personal information: processed by our payment provider, Stripe; we do not store full card numbers. We receive limited transaction and payout details, including financial-account information.
• Booking & transaction data: events, offers, contracts, payouts, fees.
• Ticketing & attendee data: ticket purchases, ticket-holder name, order and entitlement records, VIP and hospitality package selections, and entry-scan or access-credential records.
• Event media: photographs, video, audio, and livestream recordings captured at or submitted in connection with events, and associated metadata (time, location, device).
• On-site & safety data: CCTV and crowd-monitoring footage at event venues, access-point scan logs, and information submitted through on-site SOS or safety-alert channels.
• Biometric data (event entry, where offered): where an event uses facial-recognition or fingerprint entry or credentialing, a biometric identifier or template derived from your face or fingerprint, collected only after separate written notice and opt-in consent. Biometric entry is always optional; a non-biometric entry alternative is available at every gate.
• Communications: messages, support requests, and consent records (including SMS opt-in).
• Technical data: device, log, and usage information, IP address, and fraud/security signals.

4. Sensitive personal information (California)

Some of the information above — government identification, certain financial-account information, account log-in credentials, and any biometric identifier collected for event entry — is “sensitive personal information” under the CCPA/CPRA. We use it only for the purposes permitted under California law: to verify identity, onboard sellers, process payments and payouts, prevent fraud, provide the service you request, and comply with legal obligations. We do not use sensitive personal information to infer characteristics about you, and we do not sell or “share” it for cross-context behavioral advertising. Where required, California residents may direct us to limit the use of their sensitive personal information by submitting a request as described in Section 12.

5. How we use information

To provide and operate the Platform; create and manage bookings; process payments and delayed payouts; verify identity and prevent fraud; capture, record, livestream, and publish event media for event documentation, promotion, and platform content; send service communications (including opt-in SMS); where you have separately opted in, send marketing and promotional communications; provide support; maintain security; comply with legal obligations; and improve the Platform.

We do not use artists’ names, images, likenesses, voices, or uploaded performance content — or any attendee’s likeness or voice — to train or fine-tune AI models, or to generate synthetic or AI-replicated performances, without separate, opt-in consent.

6. Automated processing and AI agents

We use autonomous AI agents and automated processing — including agents that act without real-time human input — to operate booking, communications, payment, and compliance workflows (including identity verification and fraud screening).

Where an automated process is used to make a significant decision about you — such as a fraud or verification outcome, payout hold, or account restriction that affects onboarding, payment, or access to the Platform — you may request human review of that decision by contacting legal@rebellionartists.com, and a qualified person will review the relevant information and the decision.

Pre-use notice (automated decision-making). Where required by California law, we conduct risk assessments for automated decision-making technology (ADMT), and we provide the pre-use notice, opt-out, and access-to-logic rights afforded under the CPPA’s ADMT regulations. We may decline an opt-out for processing necessary to prevent fraud or maintain the security of the Platform, and where we do, we will tell you which exception we rely on.

AI-interaction disclosure. When you interact directly with an AI agent (for example, automated chat or support), we will disclose that you are interacting with AI.

Training data. We do not use your personal information to train or fine-tune our AI models except where we have a lawful basis and, where required, your consent; identity-verification and biometric data are never used for model training.

7. Legal bases (EEA/UK/Switzerland users)

We process personal data where necessary to perform a contract with you, to comply with legal obligations, for our legitimate interests (e.g., security, fraud prevention, service operation), to protect the vital interests, life, or physical safety of attendees, staff, or the public, in the public interest in connection with event safety, and/or with your consent (e.g., marketing or certain SMS). You may withdraw consent at any time. Where we make a solely automated decision producing legal or similarly significant effects, you have the right not to be subject to such a decision except where permitted under Article 22 GDPR, and the rights to obtain human intervention, express your point of view, and contest the decision, as described in Section 6.

8. How we share information

• Payment processing: Stripe and related Stripe services (Stripe Identity, Stripe Radar), as our payment processor.
• Service providers (subprocessors): cloud hosting and infrastructure, identity and fraud-screening, communications (SMS/email/push), marketing-campaign and email-service providers, e-signature, and analytics providers, each under contract and only to deliver our services.
• Other platform participants: limited profile and booking details — such as performer or act name, contact, rate, availability, and performance materials — shared with organizers, artists, and vendors as needed to negotiate and complete a booking. We do not transfer ownership of an artist’s name, image, likeness, voice, or performance content to organizers; organizers receive only a limited license to use such materials to promote the specific booked event, and may not use them to train AI models or generate synthetic replicas.
• Sponsors and promotional partners: where you enter a co-branded sweepstakes, promotion, or sponsor activation, we share only the entry data you provide for that promotion (e.g., name and contact details) with the named sponsor, as disclosed in the applicable official rules, and only with your consent at point of entry.
• Affiliates: we may share personal information with our parent, subsidiaries, and corporate affiliates under common ownership or control, for the purposes described in this policy and consistent with it.
• Business transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your personal information may be transferred or disclosed as part of that transaction or due-diligence process, subject to the recipient’s obligation to honor commitments materially consistent with this policy or to provide notice and choice as required by law.
• Legal, safety & public-safety authorities: where required by law; to enforce our terms; to protect the vital interests, life, or physical safety of attendees, staff, or the public; and to coordinate with law enforcement, fire, EMS, venue security, and unified event-command personnel before, during, and after live events.

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising. We do not share or sell your mobile opt-in or SMS consent information with third parties or lead generators for any purpose, other than messaging-service vendors acting on our behalf under contract, who are prohibited from using the information for any other purpose.

9. International data transfers

We are US-based and store and process personal data in the United States. Where we transfer personal data from the EEA, the UK, or Switzerland to the United States, we rely on a valid transfer mechanism: the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework, where and to the extent Rebellion Artists maintains an active self-certification; and, in all other cases and as a standing fallback, the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Agreement or Addendum and Swiss-recognized SCCs, as applicable), supported by a transfer impact assessment and supplementary technical and organizational measures. Our service providers and subprocessors may process limited personal data outside the United States; where they do, the same transfer mechanisms apply to those onward transfers. You may request a copy of the relevant safeguards by contacting legal@rebellionartists.com.

10. Data retention

We keep personal data only as long as needed for the purposes above and to meet legal, tax, accounting, and dispute-resolution obligations, then delete or anonymize it. Retention periods vary by data type and legal requirement. KYC, identity-verification, and financial transaction and payout records are retained for the minimum periods required by applicable tax, accounting, anti-money-laundering, and anti-fraud law — generally a minimum of five years after the end of the relationship or transaction, and longer where a specific tax, regulatory, or litigation-hold obligation requires. Biometric identifiers, where collected, are retained no longer than necessary for the entry purpose and are permanently destroyed within the period required by applicable biometric law, and no later than the earlier of satisfaction of that purpose or three years from your last event interaction. We may retain personal data beyond standard periods where necessary to comply with a legal hold, ongoing investigation, or tax audit, or to establish, exercise, or defend legal claims.

11. Security

We use administrative, technical, and organizational measures designed to protect personal data. No method of transmission or storage is 100% secure. In the event of a security breach affecting your personal data, we will notify affected individuals and regulators within the timeframes required by applicable law, including within 30 days where California law applies.

12. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal data, to limit the use of sensitive personal information, and to object to or withdraw consent.

• California (CCPA/CPRA): rights to know, access, correct, and delete; to opt out of sale or “sharing” (we do not sell or share); and to limit the use of sensitive personal information. We will not discriminate against you for exercising these rights. Although we do not sell or “share” personal information, you may submit a “Do Not Sell or Share My Personal Information” request at any time as described below.
• Other U.S. states: residents of states with comprehensive privacy laws (including, as applicable, Colorado, Connecticut, Indiana, Kentucky, Rhode Island, Texas, Utah, Virginia, and others) have rights to access, correct, delete, and port their data and to opt out of targeted advertising, sale, and certain profiling.
• EEA/UK (GDPR): the rights above plus the right to lodge a complaint with a supervisory authority.
• Switzerland (revFADP): equivalent access, correction, and deletion rights and the right to contact the Swiss Federal Data Protection and Information Commissioner.
• Other jurisdictions: where local data-protection law grants you rights, we honor those rights to the extent they apply to our processing.

To exercise any right, contact legal@rebellionartists.com. We verify requests before responding and, when confirming a sensitive-information request, will not disclose the underlying sensitive data itself.

13. SMS / text messaging

If you opt in to SMS, we send transactional messages such as event logistics, confirmations, account and security notices, and emergency, evacuation, weather, and safety (SOS) alerts. By opting in, you consent to receive autodialed or automated text messages from us at the number provided; consent is not a condition of any purchase. Message and data rates may apply. Message frequency varies. Reply STOP to unsubscribe from non-emergency messaging and HELP for help.

If you separately opt in to marketing SMS, we may also send promotional messages; consent to marketing texts is not a condition of any purchase or entry, and you may reply STOP at any time.

You cannot opt out of safety-critical and emergency alerts while you are a ticket holder for, or present at, an event, even if you have replied STOP to non-emergency messaging.

Your mobile opt-in information and consent are never shared or sold to third parties or lead generators for any purpose, except messaging-service vendors who deliver the messaging service to you and are prohibited from using the information for any other purpose.

14. Marketing communications and your choices

Where you have opted in or as otherwise permitted by law, we send marketing communications about festivals, sponsor offers, and promotions. Email marketing includes an unsubscribe link in every message (CAN-SPAM); marketing SMS requires separate express opt-in (Section 13). You may opt out of marketing at any time; opting out of marketing does not stop transactional or service messages.

15. Promotions, sweepstakes, and contests

When you enter a sweepstakes, contest, or giveaway, the data you submit is governed by that promotion’s Official Rules, which control eligibility, data use, winner publicity, and any sponsor data-sharing. Entry data may be used to administer the promotion, contact winners, and fulfill prizes.

16. Event recording, photography, and livestreaming

Our events are photographed, recorded, and may be livestreamed, and attendees and performers may appear in captured media. We use and publish event media for event documentation, promotion, and platform content. To request removal of media in which you appear, contact legal@rebellionartists.com. The appearance of performers, vendors, and identifiable attendees on camera is governed by separate talent and appearance releases, not by this policy. We do not create or reuse a digital replica of any performer’s or attendee’s face, voice, or likeness without documented, production-specific consent. Where we collect data about how Platform video content is viewed and that data is tied to an identifiable user, we do not disclose it except with consent that complies with the Video Privacy Protection Act or as otherwise permitted by law.

17. On-site surveillance and crowd-safety monitoring

We use CCTV and crowd-density monitoring at event sites to prevent crowd-crush, monitor egress, and investigate incidents, consistent with our public-safety obligations. Signage is posted at venue entry. Footage is retained for a defined period and may be shared with public-safety authorities and produced in litigation or incident investigations. We may process attendee data, including location or proximity and SOS submissions, to protect vital interests and discharge public-safety duties; this safety processing may continue notwithstanding a marketing opt-out where necessary to protect life or physical safety.

18. VIP and hospitality programs

Where you participate in a VIP or hospitality program, we collect premium-experience preferences, hospitality, dietary, and access-accommodation information, and any age or ID verification required for restricted areas or alcohol service.

19. User-submitted and event content

When you, an organizer, or an artist upload content (photos, video, profile media), you represent that you have the necessary rights and consents from all identifiable individuals. For privacy purposes, such content is processed under this policy; ownership and licensing are governed by the Terms of Service. Any use of a performer’s name, image, likeness, or voice — and any AI, synthetic, or digital-replica use — is governed by separate, jurisdiction-specific consent in the artist agreement, not by this policy.

20. Cookies and similar technologies

Our website uses cookies and similar technologies for functionality, security, analytics, and — where you consent — advertising and measurement (including conversion and campaign measurement). We, and our analytics and advertising partners, may use cookies, pixels, SDKs, and similar technologies. You can control cookies through your browser settings and, where offered, through our cookie-preferences control. We honor recognized opt-out preference signals (such as Global Privacy Control) for analytics and advertising cookies.

21. Children

Our online Platform’s account-based services are intended for business users 18 and over, and our online services are not directed to children under 13. We do not knowingly collect personal data online from a child under 13 without verifiable parental consent. Minors do, however, attend our live events. Where an event collects data from attendees under 13 — including app accounts, wristband or credential scans, or biometric entry — we obtain verifiable parental consent before collection, limit collection to what is necessary, do not use children’s data for targeted advertising, do not disclose it to third parties without separate verifiable parental consent, and honor parental requests to review or delete it. Biometric entry is never used for an attendee under 13 absent separate verifiable parental consent. The capture or publication of event media that may depict minors is addressed in our event and artist agreements and applicable consent processes.

22. Other terms

Terms of Service. Use of the Platform is also governed by our Terms of Service, including its dispute-resolution and governing-law provisions, incorporated here by reference.

Severability. If any provision of this policy is held unenforceable, the remaining provisions remain in full effect.

No separate contract. This policy does not create contractual obligations or rights enforceable against us except as required by applicable law.

23. Changes

We may update this policy and will post the new effective date here; we will provide additional notice of material changes as required by law.

24. Contact

Rebellion Artists, LLC, a Delaware limited liability company · Los Angeles, California · legal@rebellionartists.com