Loading...
Loading...
Last updated: 22 May 2026
This Privacy Policy explains how Crowdify Pty Ltd (ABN 47 692 719 305) collects, uses, holds, discloses, and protects your personal information when you use our website, mobile applications, and related services (the "Platform"). Crowdify is committed to handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how Crowdify Pty Ltd (ABN 47 692 719 305) ("Crowdify", "we", "us", "our") collects, uses, holds, discloses, and protects your personal information when you use our website, mobile applications, and related services (the "Platform").
We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) in Schedule 1 to that Act. We are committed to handling your personal information in accordance with the Privacy Act, the Notifiable Data Breaches scheme, the Spam Act 2003 (Cth), and other applicable Australian law.
This policy applies whether you use the Platform through the web, our iOS app, or our Android app. By using the Platform, you confirm that you have read and understood this policy.
Account information you provide:
Event and community data:
Payment information:
Location information:
Device and usage information:
Anti-fraud information:
Communications:
Identity information for Organisers:
We use your personal information for the following purposes:
To provide the Platform:
To communicate with you:
To protect the Platform:
To improve the Platform:
Lawful bases for processing under the Privacy Act and APPs:
Where you withdraw a consent, we will stop the corresponding processing as soon as reasonably possible.
We do not sell your personal information. We share personal information only as described below.
With Event Organisers: When you purchase a ticket or contribute to an Event, the Organiser receives your name, email address, and any answers you provided to the Organiser's buyer questions. This is the minimum information they need to manage attendance. Organisers must not use this information for any purpose beyond Event management unless you give them clear, specific consent (for example by ticking the Organiser's own marketing checkbox). The Organiser Agreement binds Organisers to comply with the Privacy Act and Spam Act in respect of any communications they send you.
With other Users (where you choose to interact):
With Service Providers (subprocessors) — listed in section 5.
For legal compliance:
In a business transfer: If Crowdify is involved in a merger, acquisition, sale of assets, or similar transaction, personal information may be transferred as part of that transaction. We will notify you and any relevant regulator if your personal information is involved in such a transfer.
We use the following subprocessors to operate the Platform. Each subprocessor is bound by a written agreement (or its published equivalent) and is required to keep your personal information confidential and to use it only for the purposes for which we disclose it.
Infrastructure and hosting:
Payment processing:
Email:
Anti-fraud and identity:
Analytics:
Mobile push notifications:
Authentication and account-recovery emails:
We maintain a complete and up-to-date list of subprocessors at https://crowdify.com.au/subprocessors. We will notify you of material changes to this list with reasonable notice.
When you make a payment, your full card number, expiry, and CVV are collected directly by Stripe via Stripe Elements / Stripe Checkout running in your browser or app. This card data is never transmitted to or stored by Crowdify.
We receive from Stripe limited transaction metadata:
Stripe is the regulated payment service provider (AFSL #500105) and is PCI-DSS Level 1 certified. Stripe processes payment information both as our processor and as an independent controller for fraud prevention and regulatory reporting under its own privacy policy at https://stripe.com/privacy.
Card statements for Crowdify transactions display a "CROWDIFY" prefixed descriptor. Crowdify is the merchant of record for all paid Event transactions.
For Crowdfunded Events, your card is pre-authorised (a temporary hold) but not charged until the Event reaches its funding goal. The hold typically lasts up to 7 days under card scheme rules. If the goal is not reached, the hold is released automatically. See the Refund Policy for full mechanics.
We use cookies and similar storage technologies to:
Categories:
We do not use third-party advertising cookies and we do not participate in any cross-site advertising network.
A full Cookie Policy is available at https://crowdify.com.au/cookie-policy. Browser settings can be used to refuse cookies, but disabling essential cookies will prevent the Platform from functioning correctly.
We comply with the Spam Act 2003 (Cth) and the Australian Privacy Principles in respect of all marketing communications.
We will only send you marketing communications (event recommendations, newsletters, promotional offers, feature announcements that are not security-related) where:
Every marketing message will:
You may withdraw marketing consent at any time without affecting any other use of the Platform.
Transactional and security-related communications (ticket confirmations, refund notifications, Event updates from Organisers you have a ticket with, payout notifications, password resets, breach notifications, policy changes) are not marketing and cannot be opted out of while you have an active Account.
Crowdify operates a number of anti-fraud and platform-integrity measures, each of which involves processing personal information for a legitimate-interest purpose.
Device fingerprinting (FingerprintJS Pro):
Trust system:
Manual review:
You have the right to request access to the personal information we hold about you in the trust system and to request correction of inaccurate inputs — see section 12.
Our iOS and Android applications collect certain information that is specific to mobile devices:
Push notifications:
iOS Privacy Manifest: The Crowdify iOS application ships with a Privacy Manifest declaring the data types we collect and the required-reason APIs we (or our third-party SDKs) use. The manifest is published as part of the app binary and can be inspected in the App Store privacy nutrition label.
Google Play Data Safety: The Crowdify Android application's Data Safety form on Google Play discloses all data types we collect, the purposes for collection, and whether data is shared with third parties.
Some of our subprocessors are based in jurisdictions outside Australia (see section 5). In particular, personal information may be transferred to or processed in:
Before transferring personal information overseas, we take reasonable steps to ensure the recipient does not breach the Australian Privacy Principles in relation to that information. Where APP 8 applies, we rely on the recipient's published privacy program, contractual commitments, and (where available) certifications such as PCI-DSS, SOC 2, or ISO 27001.
You consent to these international transfers by using the Platform. By using a third-party service that transmits payment data to Stripe (in the United States and Ireland), you also consent to that transfer.
Where we receive a data-rights request from a person ordinarily resident outside Australia (for example a person who has used a VPN to access the Platform), we will respond as a courtesy on the same terms as for Australian residents. The Platform is not held out as compliant with the GDPR, UK GDPR, CCPA/CPRA, or any other non-Australian regime, and Crowdify has not appointed an EU representative under Article 27 of the GDPR.
Under the Privacy Act 1988 and the Australian Privacy Principles, you have the following rights.
Right to access: You may request a copy of the personal information we hold about you. We will normally respond within 30 days. The first such request in any 12-month period is free; we may charge a reasonable cost-recovery fee for repeated or unusually broad requests.
Right to correction: You may request that we correct any inaccurate, incomplete, or out-of-date personal information. Most personal information can be updated directly from your Account settings.
Right to deletion: You may delete your Account at any time through your Account settings or by emailing privacy@crowdify.com.au. When you delete your Account:
Right to withdraw consent: You may withdraw any consent you have given at any time. Withdrawing marketing consent does not affect your active Account; we will continue to send you transactional messages.
Right to complain: You may complain about any aspect of our handling of your personal information by emailing privacy@crowdify.com.au. We will acknowledge your complaint within 2 business days and respond substantively within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au or call 1300 363 992.
Right to data portability: You may request a copy of your personal information in a commonly used electronic format (CSV or JSON). We will provide this within 30 days where reasonably possible.
To exercise any of these rights, email privacy@crowdify.com.au.
Courtesy data-subject rights for users outside Australia: Where you are ordinarily resident in the European Union, United Kingdom, California, or another jurisdiction with statutory data-subject rights, we will respond to lawful access, correction, deletion, restriction, objection, and portability requests on the same terms as Australian residents. This is provided as a courtesy and does not amount to a representation that we are formally compliant with non-Australian privacy regimes.
The Platform is intended for adults aged 18 and over. We do not knowingly collect personal information from any person under the age of 18.
We use a neutral date-of-birth check at signup, and accounts that present a date of birth indicating the holder is under 18 are blocked from completing registration. If we become aware that we have collected personal information from a person under 18 without the consent of a parent or guardian, we will delete that information within 30 days unless retention is required by law.
If you believe we hold personal information about a person under 18, please notify us at privacy@crowdify.com.au.
This service is not directed at users in any jurisdiction that has separate child-online-privacy regimes (including COPPA in the United States and the UK Age Appropriate Design Code), and is not designed for users under 18 in any jurisdiction.
We retain personal information for as long as necessary to provide the Platform, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are:
Active Accounts:
After Account deletion:
Retained for legal and financial purposes:
Anonymised and aggregated data:
Backups:
We take reasonable steps to protect your personal information against loss, unauthorised access, modification, and disclosure. These steps include:
No system is perfectly secure. We cannot guarantee absolute security of any information transmitted to or from the Platform.
Notifiable Data Breaches: If we become aware of a data breach that is likely to result in serious harm to an individual whose personal information is involved, we will notify the individuals and the OAIC as required by Part IIIC of the Privacy Act 1988. We will do so as soon as practicable after the breach is confirmed.
The Platform may contain links to third-party websites, applications, or services (including Stripe Connect onboarding, the websites of Organisers, third-party event venues, social media platforms, and others). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before sharing personal information with them.
Key third-party privacy policies relevant to your Crowdify experience:
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Where the change is material (including a change in the categories of personal information we collect, the purposes for which we use it, or the subprocessors we share it with), we will:
Minor non-material changes (typos, clarifications, link updates) may be made without notice. The "Last Updated" date at the top of this Policy will be revised in either case.
Continuing to use the Platform after a change is published is acceptance of the updated Policy. If you do not agree with a change, you may delete your Account before it takes effect.
For all privacy-related enquiries, data-rights requests, complaints, or notice of a suspected breach:
Crowdify Pty Ltd ABN 47 692 719 305 Email: privacy@crowdify.com.au
For complaints that are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner: