What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: The policy explicitly engages GDPR and UK GDPR for EU and UK residents (referencing legal bases including consent, legitimate interests, and contractual necessity), CCPA/CPRA for California residents (including opt-out of sale and sharing rights and required disclosures), and acknowledges additional US state privacy laws including those of Virginia, Colorado, and Connecticut. The FTC has general jurisdiction over deceptive or unfair data practices for US consumers, and …

How does Eventbrite's Eventbrite Privacy Policy affect users?

The policy establishes that personal data is transferred to event organizers at the point of registration, placing data handling of that information under the organizer's independent privacy policy rather than Eventbrite's framework. Eventbrite collects payment details, location data, device identifiers, and event attendance history, which may be shared with advertising partners whose practices are subject to their own policies. Users may submit opt-out requests through Eventbrite's account pri…

How often is Eventbrite's Eventbrite Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Eventbrite updates this document?

Yes. Monitor subscribers ($19/month) can add Eventbrite to their watchlist and receive same-day email alerts whenever this document or any other Eventbrite document changes.

CA-D-000286

Eventbrite Privacy Policy

Eventbrite

Last change detected June 2, 2026 Privacy policy

SHA-256: 78b07e0c3a80c0e2176… 3 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Eventbrite ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

2 High severity

4 Medium severity

1 Low severity

Summary

This document establishes Eventbrite's practices for collecting, using, and sharing personal data from users who browse events, purchase tickets, or organize events on the platform. The policy authorizes Eventbrite to collect name, email, payment information, location data, and browsing behavior, and requires that personal data provided during event registration—including name, email, and ticket details—be shared with event organizers, whose data handling is governed by their own privacy policies. Users may submit requests through Eventbrite's privacy portal to opt out of the sale or sharing of personal data for targeted advertising purposes.

Technical / Legal Breakdown

This document is Eventbrite's Privacy Policy (last updated January 13, 2026), governing the collection, use, disclosure, and retention of personal data across Eventbrite's platform, including its event discovery, ticketing, and organizer tools, with the stated legal bases varying by jurisdiction (consent, legitimate interests, and contractual necessity under GDPR frameworks; and compliance with CCPA/CPRA for California residents). The policy states that Eventbrite collects a broad range of personal data including names, contact information, payment data, location data, device identifiers, browsing behavior, and event attendance history, and the terms authorize sharing this data with event organizers, advertising partners, analytics providers, and other third parties for purposes including targeted advertising and cross-context behavioral advertising. The policy's authorization of sharing attendee personal data directly with event organizers is operationally significant because it means individual organizers, who are independent third parties with their own privacy practices, receive attendee data that is then governed by those organizers' own policies rather than Eventbrite's, creating a data exposure path that may not be fully apparent to attendees at the point of ticket purchase. The policy engages GDPR and UK GDPR for EU and UK residents, CCPA/CPRA for California residents, and references additional state privacy laws (Virginia, Colorado, Connecticut, and others); it includes a dedicated section on individual rights including access, deletion, correction, portability, and opt-out of sale or sharing of personal data for targeted advertising. Material compliance considerations include the adequacy of consent mechanisms for behavioral advertising, the lawfulness of international data transfers (including Standard Contractual Clauses), and the delineation of controller and processor roles between Eventbrite and event organizers.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

3 versions captured · Last updated: June 2026

June 2, 2026

low

What changed Eventbrite added two sentences to their privacy policy header on June 2, 2026, informing users that Support representatives are temporarily unavailable and providing an alternative email contact (contactsupport@eventbrite.com) for urgent issues. The policy's substantive content and last-updated date remain unchanged. This is a procedural notice, not a change to privacy rights, data practices, or user obligations.

Why this matters This change does not alter Eventbrite's privacy practices, data collection, or user rights. It adds a temporary notice stating that Support representatives are unavailable and directs users to email contactsupport@eventbrite.com for urgent issues. The privacy policy's substantive terms remain as previously published.

View full change record →

Recent Provision Changes Jun 2, 2026

Added (1)

Broad Personal Data Collection Scope Medium

This new provision explicitly enumerates the broad scope of personal data collection (including payment information and automated tracking), which expands transparency about data practices beyond what was previously disclosed.

Removed (3)

AI and Machine Learning Data Use

Removal of this provision eliminates explicit disclosure about AI/ML use cases, making it unclear whether the policy still permits these practices or simply chose not to highlight them.

Cookie and Behavioral Tracking Technologies

Removal of specific cookie/tracking technology provisions reduces transparency, though cookie practices may now be covered implicitly under 'Broad Personal Data Collection Scope' and third-party integrations.

Third-Party Analytics and Advertising Integrations

Elimination of this standalone provision reduces specificity about which third-party vendors process data, though some coverage may exist under behavioral advertising opt-out language.

Modified (6)

Attendee Data Shared With Event Organizers

Previous version had empty excerpt; current version now provides specific details about event organizer data sharing and policy differences.

Behavioral Advertising and Data Sale Opt-Out

Previous version had empty excerpt; current version now clarifies mechanisms for opting out (account settings and privacy portal) and explicitly defines data sharing as potential 'sale' or 'sharing' under privacy laws.

Children's Privacy Restriction

Previous version had empty excerpt; current version now specifies age threshold as under 16 (more restrictive than typical 13-year-old COPPA standard) and outlines deletion procedures.

International Data Transfers

Previous version had empty excerpt; current version now explicitly mentions Standard Contractual Clauses and EU data protection mechanisms.

User Privacy Rights (Access, Deletion, Portability, Correction)

Previous version had empty excerpt; current version now provides specific contact methods (privacy portal and privacy@eventbrite.com) and clarifies location-dependent rights application.

View full change record →

High — 2 provisions

Attendee Data Shared With Event Organizers Compare →

When you sign up for an event on Eventbrite, your name, email, and registration details are sent directly to the person or company running that event, and they can use your data under their own privacy rules, not Eventbrite's.

Added May 10, 2026 Standard Seen across 252 platforms
Behavioral Advertising and Data Sale Opt-Out Compare →

Eventbrite may share your personal data with advertising companies to show you targeted ads, and under California law this may count as a 'sale' of your data, but you can opt out through your account settings.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 4 provisions

Broad Personal Data Collection Scope Compare →

Eventbrite automatically collects a wide range of technical and behavioral data every time you use the platform, in addition to any personal details you enter directly, including your IP address, device information, and everything you click or view.

Added May 10, 2026 Standard Seen across 284 platforms
Children's Privacy Restriction Compare →

Eventbrite does not allow children under 16 to use its services and will delete data from under-16 users if discovered, but relies on users self-identifying rather than actively verifying age.

Added May 10, 2026 Standard Seen across 284 platforms
International Data Transfers Compare →

If you are based in the EU, UK, or another country, your personal data is transferred to and stored in the United States, where different privacy laws apply, though Eventbrite states it uses EU-approved Standard Contractual Clauses to make these transfers lawful.

Added May 10, 2026 Standard Seen across 284 platforms
User Privacy Rights (Access, Deletion, Portability, Correction) Compare →

Depending on where you live, you may be able to ask Eventbrite to show you, correct, delete, or transfer your personal data, and you can submit these requests through their privacy portal or by emailing privacy@eventbrite.com.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

Data Retention Compare →

Eventbrite keeps your personal data for as long as it considers necessary for its business purposes, legal obligations, or dispute resolution, without specifying exact timeframes for most data categories.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Eventbrite has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Attendee Data Shared With Event Organizers and similar clauses.

Compare across platforms →