PENDING ATTORNEY REVIEW · Working draft — formal legal review scheduled prior to first commercial transaction.
Legal
Privacy Policy
Last updated: April 2026 · Effective immediately upon account creation
Data controller: Token Events, Inc. · privacy@revolution.fan
1. Introduction and Scope
Token Events, Inc. (“Company,” “we,” “our,” or “us”) operates the revolution.fan platform, including our website, mobile application, artist portal, venue portal, and data marketplace (collectively, the “Services”). This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you interact with our Services. It applies to all users: fans, artists, venue operators, and marketplace participants.
By creating an account or using the Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, you may not use the Services.
2. Information We Collect
2.1 Information You Provide Directly
— Account registration: name, email address, username, and password or OAuth credentials
— Payment information: processed by Stripe; we store only the last four digits, card type, and expiration date
— Profile information: artist or venue name, biography, genre, location, social handles, and profile images
— Communications: messages, support tickets, and feedback you send to us
— Content: set lists, tour dates, autograph images, shoutout recordings uploaded by artists and venues
2.2 Information Generated by Your Activity
— Event attendance: which shows you attend, check-in timestamps, and venue location
— Platform engagement: artists followed, signals viewed, autographs requested, tips sent
— $FAN transaction ledger: every earn and spend event tied to your account
— On-chain records: wallet address and NFE (Non-Fungible Experience) attendance proofs on the SKALE network
— Streaming activity: live sessions watched, tips sent during streams
2.3 Information Collected Automatically
— Device identifiers, IP address, browser type and version, operating system
— Usage logs: pages viewed, features clicked, session duration, referral source
— Mobile app: device model, push notification token (if granted), approximate location (if granted for venue detection)
— Cookies and local storage: authentication tokens, preferences, and session state (see Section 7)
3. How We Use Your Information
We use collected information for the following purposes:
— Service delivery: process ticket purchases, distribute $FAN rewards, deliver autographs, and fulfill shoutout requests
— Authentication: verify identity via Firebase Authentication for all protected routes
— Payments: facilitate transactions between fans, artists, and venues through Stripe
— Communications: send transactional emails (receipts, verification, fulfillment confirmations) and, where you opt in, marketing communications
— Data Marketplace (opt-in only): package anonymized behavioral attributes for sale to approved B2B buyers (see Section 5)
— Safety and integrity: detect fraud, prevent ticket scalping, and enforce our anti-abuse policies
— Analytics: understand aggregate platform usage to improve the Services
— Legal compliance: meet obligations under applicable law and respond to lawful requests
4. How We Share Your Information
We do not sell your personal information. We share data only as follows:
— Service providers: Stripe (payments), Firebase / Google (authentication and storage), Mux (video), SendGrid (email), Sentry (error monitoring), Vercel (hosting), Railway (infrastructure). Each is bound by a data processing agreement limiting their use of your data.
— Artists and venues: when you purchase a ticket or request a shoutout or autograph, the relevant artist or venue receives your display name, email address, and transaction details to fulfill your order.
— Data Marketplace buyers: only anonymized, aggregated behavioral attributes you have explicitly opted into sharing. Raw personal identifiers are never shared with buyers (see Section 5).
— Business transfers: in connection with a merger, acquisition, or sale of assets, provided the successor entity agrees to honor this policy.
— Legal process: when required by law, court order, or valid governmental request, or to protect the rights, property, or safety of the Company, our users, or the public.
— With your explicit consent: for any other purpose you authorize.
5. Data Marketplace and Fan Data Monetization
The revolution.fan Data Marketplace (Patent ZW26-001USP) enables approved B2B buyers — including record labels, venue operators, talent agencies, and brand sponsors — to purchase access to anonymized, aggregated fan behavioral segments derived from platform activity.
Participation is always opt-in. You will be presented with a clear consent flow before any of your attributes are made available to buyers. You may withdraw consent at any time from your account settings. Upon withdrawal, your attributes will be removed from all active provisioned buyer views within 24 hours and from all prospective queries immediately.
What buyers receive: Aggregated statistical segments only (e.g., “attended 10+ country shows in Nashville in the past 12 months”). Buyers never receive your name, email address, device identifier, or any direct personal identifier. All data is anonymized and aggregated before delivery; no individual is singled out in any buyer query result.
Revenue sharing: A portion of marketplace revenue is distributed to participating fans as $FAN rewards. The current rate schedule is published in your account settings and may be updated with 30 days’ notice.
6. $FAN Token and Blockchain Records
Certain platform activity generates on-chain records on the SKALE Ethereum-compatible network, a zero-gas-fee sidechain. These records include attendance proofs (“Non-Fungible Experiences”) and autograph mints.
Blockchain transactions are public and permanent by nature and cannot be deleted. Your on-chain wallet address is pseudonymous and is not publicly linked to your real name or email without your explicit consent. We do not publish or sell the mapping between wallet addresses and user accounts.
7. Cookies and Tracking Technologies
— Strictly necessary: Authentication tokens, CSRF protection, and session management. Cannot be disabled without breaking platform functionality.
— Functional: User preferences (region, theme), recently viewed content, and notification settings.
— First-party analytics only: Aggregate usage statistics to improve the Services. We do not use Google Analytics or any third-party analytics that tracks you across other websites.
— No advertising trackers: We do not deploy advertising pixels, retargeting cookies, or cross-site tracking of any kind.
You may clear cookies through your browser settings. Clearing authentication cookies will sign you out.
8. Data Retention
— Active accounts: Personal data retained for the lifetime of your account.
— Deleted accounts: Personal identifiers (name, email, payment info) purged within 30 days. Anonymized usage records may be retained up to 7 years for fraud prevention and legal compliance.
— Financial records: Transaction records retained for 7 years to comply with tax and accounting obligations.
— On-chain records: NFE mints and attendance proofs on the SKALE blockchain are permanent and cannot be deleted.
— Marketing suppression: Unsubscribe records retained indefinitely to prevent re-subscription without consent.
9. Your Privacy Rights
All users: access, correction, deletion, data portability, and withdrawal of consent for any consent-based processing.
California residents (CCPA/CPRA): right to know what personal information is collected and how it is used; right to delete personal information (subject to exceptions); right to correct inaccurate information; right to opt out of the sale or sharing of personal information (we do not sell personal information); right to non-discrimination for exercising privacy rights. To submit a verifiable consumer request, contact us at privacy@revolution.fan.
EEA / UK residents (GDPR / UK GDPR): in addition to the rights above, you have the right to object to processing based on legitimate interests, the right to restrict processing, and the right to lodge a complaint with your local supervisory authority. Our legal bases for processing are: performance of a contract (account operation and order fulfillment), legitimate interests (fraud prevention, security, analytics), and consent (marketing, marketplace participation).
To exercise any right, contact privacy@revolution.fan. We will respond within 30 days (45 days where permitted by law).
10. Data Security
We implement industry-standard safeguards including TLS 1.2+ encryption in transit, AES-256 encryption at rest for sensitive fields, SHA-256 hashed storage of all secret keys (scanner keys and API keys are never stored in plaintext), role-based access controls with principle of least privilege, and regular security review processes. No system is perfectly secure. In the event of a breach affecting your rights, we will notify you as required by applicable law, and no later than 72 hours after we become aware for EEA users.
11. Children's Privacy
The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware we have done so, we will delete it promptly. Contact privacy@revolution.fan if you believe a child under 13 has provided us information.
12. International Data Transfers
The Services are operated from the United States. If you access from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. For transfers from the EEA and UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent mechanisms.
13. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by email and in-app notice at least 30 days before they take effect. Continued use after the effective date constitutes acceptance. The date at the top of this page reflects the most recent update.
14. Contact
Token Events, Inc.
Privacy: privacy@revolution.fan
Legal: legal@revolution.fan
EEA users: if unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.