ShowRockers

Help Center

Your guide to making the most of ShowRockers.

Legal & Privacy

Terms of Service

By using ShowRockers you agree to our Terms of Service, which cover acceptable use, ticket purchase policies, host obligations, payment terms, and liability limitations.

Read the full Terms of Service

Privacy & data we collect

We collect only what's needed to run the platform:

  • Account: name, email, phone (optional), profile picture (optional), password (hashed with bcrypt — never stored in plain text).
  • Orders: what you bought, when, the price paid, and the host. Receipts are linked to your account so you can look them up.
  • Payment: handled by Stripe and PayPal — we never receive or store full card numbers.
  • Analytics: anonymous visitor IDs (random UUID stored locally), page views, click events. Read more below.

We never sell your personal information to third parties.

Cookies & first-party analytics

ShowRockers uses first-party cookies only — no third-party trackers, no ad networks, no data sharing. The cookie banner on your first visit offers two choices:

  • Mandatory Only — essentials (login, checkout, session) plus anonymous first-party analytics. Visitor IDs are random UUIDs stored in your browser; no IP address is stored (only the country, derived from a local GeoIP lookup, and the truncated IP prefix kept for 30 days for fraud detection).
  • Accept All — opt-in cookies for future personalization features.

To change your preference at any time, clear the cookieConsent entry in your browser's site data — the banner reappears on next visit.

Data retention

  • Account data: retained while your account is active. You can request deletion via support.
  • Order history & receipts: retained for the legally required tax / financial-records window.
  • Event images: auto-deleted 30 days after the event ends.
  • Raw analytics events: 90 days. After that, only aggregated rollups (counts, averages — no per-visitor records) are kept.
  • Truncated IP prefix: 30 days for fraud detection, then purged.

Security practices

  • All traffic is encrypted with HTTPS / TLS.
  • Passwords are hashed with bcrypt before storage.
  • Sign-in attempts are rate-limited; repeated failures temporarily lock the account.
  • Sensitive forms are protected by Google reCAPTCHA.
  • Card details go directly to Stripe — they never touch our servers.
  • Inactive sessions expire automatically (default 30 minutes, configurable by the platform admin).

Your rights

You can:

  • Access the personal data we hold about you — most of it is visible in your profile.
  • Correct inaccurate data via your profile.
  • Request account deletion via support — we'll honour it within a reasonable timeframe, retaining only what we're legally required to keep.
  • Opt out of marketing emails using the unsubscribe link in any promotional email or the Subscriptions page in your profile.

Contacting us

For privacy inquiries, account deletion requests, or any other support, use the Contact page or the support email shown in the footer.