Privacy Policy
Effective Date: 2 May 2022
Last Updated: 11 June 2025
Introduction
Global Lines Co Pty Ltd ("Lines", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use:
Our website https://linesapp.co (formerly https://www.linesapp.co)
Our mobile application "Lines" (formerly known as "Bondi Lines") (the "App")
Any related services, communications, or offerings
This Privacy Policy complies with:
The Australian Privacy Act 1988
The General Data Protection Regulation (GDPR)
The UK Data Protection Act 2018 (UK GDPR)
The Brazilian General Data Protection Law (LGPD)
The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)
Other applicable data protection laws
By using our services, you agree to this Privacy Policy.
Scope
This Privacy Policy applies to:
Visitors to our website
Users of our App
Any individual who interacts with Lines services
Information We Collect
Personal Information You Provide
We collect personal data you voluntarily provide, such as:
Name
Address
Email address
Phone number
Instagram handle
Profile picture (uploaded manually or provided via social login such as Google)
Payment information (processed securely via third-party payment processors - Lines does not store credit card details)
Presale signup data (email, phone number, full name, event interests where applicable)
Interaction data and search history (including pages visited related to events, venues, artists, event brands, promoters, and search terms entered; used to personalize recommendations and understand user interests)
Spotify Integration
If you connect your Spotify account to Lines, we collect:
Liked genres
Top artists
Playlists and listening preferences
We use this data to personalize event recommendations. This integration is optional and subject to your explicit consent.
Device and Usage Information
We automatically collect device and usage information through cookies and tracking technologies, including:
IP address
Device type, operating system, and version
Browser type and version
Pages viewed and time spent
Referring URLs
App usage data and interactions
Event attendance history (tracked via Mixpanel)
Device Identifiers
We may store a device-specific identifier (UUID) to help personalize your experience and maintain App functionality across sessions. UUIDs are regenerated if the App is reinstalled.
Location Data
Website: We collect approximate location via IP address to determine your closest city. We store this in a cookie (closest city and proximity flag). We do not store exact location on our servers from the website.
App: We request your GPS location (with your permission) to provide location-based services. Location data is processed locally or session-based unless otherwise required for service functionality.
Cookies and Tracking Technologies
We use cookies and similar technologies to:
Remember preferences (such as closest city)
Analyze website and App usage
Improve functionality
Support marketing efforts (retargeting)
Provide essential site functionality
Improve the performance and user experience of our services
Deliver personalized content and recommendations
Enable embedded third-party content (Spotify Player, Google Maps)
Analytics, Monitoring, and Personalization Tools
We use various analytics, monitoring, and personalization tools to understand how users interact with our services and to improve the user experience. We track the pages you visit (such as events, venues, artists, brands, and promoters), your searches, and your interactions with content to continuously improve our recommendation system. We do this to offer more relevant and personalized recommendations and content.
We use:
Google Analytics (implemented either directly or via Cloudflare Zaraz)
Mixpanel (includes event attendance and user interaction tracking)
Sentry (app and website error monitoring)
Firebase (Authentication, Functions, Firestore, Storage, Remote Config, Dynamic Links, Invites)
Crashlytics (crash reporting and app stability monitoring)
New Relic (application performance monitoring)
Hotjar Heat Maps & Recordings (user behavior analysis)
Smartlook (user session recordings and analytics)
Typeform (surveys and user feedback collection)
AWS (custom backend infrastructure)
Vercel (website hosting and performance analytics)
Cloudflare (DNS protection, CDN, security services, and optionally Google Analytics via Zaraz)
Typesense (search functionality and query processing)
Google reCAPTCHA (spam and bot protection)
Firebase App Check (mobile app security and abuse prevention)
We use Mixpanel and other analytics tools to collect detailed interaction data, including which events, venues, artists, event brands, and promoter pages you visit, and your search activity. This data helps us continuously improve our recommendation system and personalize your experience.
Communication and Backend Services
We use various backend services to operate our platform:
Mailchimp (email marketing)
SendGrid and Twilio (transactional email and SMS)
Additional Backend Services: We also use cloud infrastructure (AWS), hosting services (Vercel), search functionality (Typesense), payment processing (Stripe), accounting services (Xero), and mobile app security services (Firebase App Check). These services process data server-side and do not set cookies in your browser.
For information about services that do set cookies, please see our Cookie Policy.
Security and Protection Services
We use security services to protect our platform and users from spam, abuse, and unauthorized access:
Google reCAPTCHA: Implemented on login, sign-up, and contact forms to prevent automated spam and abuse. reCAPTCHA may collect and analyze device information, mouse movements, and interaction patterns to determine if you are human. This data is processed by Google according to their Privacy Policy.
Firebase App Check: Used in our mobile applications to verify app authenticity and prevent abuse. This service may collect device attestation information and app integrity data to ensure requests come from legitimate app instances.
SMS Geo-Restrictions: We implement geographic restrictions on SMS delivery to certain high-risk countries to prevent SMS fraud and pumping attacks. This is managed through our SMS provider (Twilio) and may prevent SMS verification codes from being sent to phone numbers in restricted regions.
Rate Limiting: We implement rate limiting across all API requests and user interactions to prevent abuse, spam, and automated attacks. This may temporarily restrict access if unusual activity patterns are detected.
Web Application Firewall (WAF): We use Web Application Firewalls provided by AWS and Cloudflare to protect against malicious traffic, DDoS attacks, and other security threats. These firewalls may block certain requests or temporarily restrict access to protect our services and users. Some features may be unavailable if your traffic is flagged by these security systems.
Third-Party Data Sources
We may collect personal data about you from third-party sources where legally permitted, such as marketing partners, analytics providers, or public sources. We process such data in accordance with this Privacy Policy.
How We Use Your Information
We use your personal data to:
Provide, operate, and maintain our services
Process transactions and ticket purchases (note: Lines does not sell tickets directly but facilitates purchases through third-party platforms)
Provide customer support
Analyze and improve services
Personalize event recommendations (including based on Spotify preferences)
Analyze your interactions with events, venues, artists, promoters, brands, and your search activity to improve our recommendation systems and personalize your experience
Send transactional communications
Send marketing communications (with your consent)
Deliver push notifications based on your preferences and interactions
Manage presales, including sharing your information with event partners where applicable under specific presale terms and conditions
Detect and prevent fraud and abuse
Comply with legal obligations and respond to legal requests
Monitor and diagnose errors on our website and App
Protect our rights, property, and safety, and that of our users and the public
Facilitate business transfers, mergers, acquisitions, or sale of company assets
Legal Bases for Processing
Where required under GDPR and other laws, we process your personal data on the following legal bases:
Consent (for marketing communications, presale data sharing, push notifications, Spotify integration)
Performance of a contract (providing services and processing transactions)
Legal obligation (including compliance with court orders, law enforcement requests, and regulatory requirements)
Legitimate interest (service improvement, fraud prevention, analytics, business transfers)
Sharing of Personal Information
We may share your personal data with:
Payment processors
Cloud infrastructure providers (AWS, Firebase)
Hosting and CDN providers (Vercel, Cloudflare)
Analytics services (Google Analytics, Mixpanel)
Search services (Typesense)
Error monitoring tools (Sentry)
Communication providers (Mailchimp, SendGrid, Twilio)
Google (for Google Maps and Google Analytics - either directly or via Cloudflare Zaraz)
Meta (Facebook) (for advertising and retargeting)
Spotify (for embedded music content)
Security services (Google reCAPTCHA, Firebase App Check)
Law enforcement, regulatory authorities, and legal advisors when required by law
Potential acquirers, successors, or assignees in connection with business transfers
Business Transfers
In the event of a business transfer, your personal information may be transferred as part of the transaction. Business transfers include:
Merger or acquisition of Lines by another company
Sale of all or substantially all of Lines' assets
Corporate restructuring, bankruptcy, or similar proceedings
Due diligence processes in connection with potential transactions
In such cases, we will notify you via email and/or prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy. The acquiring entity will be required to use your personal information in a manner consistent with this Privacy Policy unless you consent to different treatment.
Legal Compliance and Protection
We may disclose your personal information when we believe in good faith that disclosure is necessary to:
Court orders, subpoenas, or other legal processes
Law enforcement inquiries and investigations
Regulatory compliance requirements
To enforce our Terms of Service or protect our rights, property, or safety
To protect the rights, property, or safety of our users or the public
To prevent, investigate, or address fraud, security, or technical issues
In connection with legal proceedings or potential legal proceedings
We will only disclose the minimum amount of personal information necessary to comply with such legal obligations or to protect legitimate interests. Where possible and legally permissible, we will notify you of such disclosures.
Pre-Sales and Personal Data
Lines provides access to two types of event pre-sales: (1) Internal Pre-Sales, which are managed by Lines and subject to this Privacy Policy, and (2) External Pre-Sales, operated by third-party platforms.
Internal Pre-Sales: When you participate in an Internal Pre-Sale, we may collect additional personal data such as your real email address and/or phone number. If you have registered using a masked Apple email address, we may request that you provide your real email address to proceed. Phone numbers may also be validated using third-party services (e.g. Twilio).
Personal data collected during Internal Pre-Sales may be shared with the relevant event organizer, venue, and/or their partners for purposes including event operations, ticketing communications, and marketing related to the specific event.
Participation in an Internal Pre-Sale does not guarantee the ability to purchase a ticket.
External Pre-Sales: When participating in an External Pre-Sale, you will be redirected to a third-party platform. Lines does not control the data collection or processing performed by such third parties. We recommend that you review their privacy policy before providing any personal information.
Third-Party Payment Processing
All payment transactions are processed through secure third-party payment processors (such as Stripe). Lines does not store, process, or have access to your credit card details or other sensitive payment information on our servers.
Payment information is transmitted directly to and processed securely by our payment providers in compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements. Our payment processors maintain their own privacy policies and security measures for handling your payment data.
By using our payment services, you acknowledge that your payment information will be processed by these third-party providers according to their respective privacy policies and terms of service.
Sharing with Partners
For presale registrations, if specified in the presale terms and conditions, we may share your:
Email address
Phone number
Full name
Relevant user interests (such as event preferences or artists followed)
with event organizers, promoters, and partners. Each presale will clearly indicate if such sharing occurs.
Partner Dashboards
In the future, we may provide event organizers, venues, brands, and sponsors with dedicated dashboards. Personal information will only be shared with such partners when the user has given explicit consent or where required for a specific service (such as presales).
We do not sell your personal data.
Third-Party Services and Links
Our services integrate with and link to various third-party services, including:
Spotify (embedded music players and integration)
Google Maps (venue location services, subject to Google's Privacy Policy at https://policies.google.com/privacy)
Third-party ticketing platforms (Eventbrite, Motix, etc.)
Payment processors (Stripe, etc.)
Social media platforms (for login and sharing features)
Other external websites or services linked from our platform
Important Notice: This Privacy Policy does not apply to third-party websites, services, or applications that you may access through our platform. When you interact with embedded third-party content (such as Spotify players or Google Maps), click on external links, or use third-party services (such as ticketing platforms), those third parties may collect information about you according to their own privacy policies and terms of service.
We are not responsible for the privacy practices, content, or security of these third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your personal information or using their services.
Some third-party services may set their own cookies or tracking technologies when you interact with their embedded content on our platform. You can manage these through your browser settings or the respective third-party service's privacy controls.
Retargeting and Advertising
We use retargeting and advertising services, including:
Meta (Facebook) Pixel
Google Ads
to display personalized ads based on your interactions with our website and App.
Push Notifications
We use push notifications via Expo Notifications, which may be targeted:
By city
To all users
Based on events, venues, artists, promoters, or event brands that you follow
Based on your location (with your consent) for nearby events and offers
You may control notification preferences via the App settings.
Location-Based Push Notifications
Our mobile App may use your device's location (with your consent) to send you push notifications about relevant events and offers nearby.
You may disable location-based notifications at any time through your device settings. Disabling them may limit some App functionality.
Social Login
You may choose to log in using your:
Apple ID
Google account
When using social login, the respective service provider may share limited personal data with us (such as your name and email address), subject to their own privacy policies.
International Data Transfers
Your personal data is primarily stored and processed in Australia, where our core databases and AWS-hosted cloud infrastructure are located.
In addition, we use cloud services that may process certain personal data in data centers located in the United States or other countries outside your country of residence, including Firebase (Google Cloud) and Typesense (search functionality). Analytics data collected through Mixpanel is stored in the European Union.
Where personal data of users located in the European Economic Area (EEA) or United Kingdom is transferred to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards — including Standard Contractual Clauses approved by the European Commission or UK Information Commissioner's Office — to protect such data.
Please note that when your personal data is transferred outside the EEA or UK, it may be subject to access by governmental authorities in those jurisdictions under applicable law. In such cases, please be aware that the data protection standards in those countries may not be equivalent to those in your country of residence.
By using our services, you acknowledge and consent to the transfer of your personal data to countries outside your country of residence, including Australia and the United States, in accordance with this Privacy Policy.
Retention of Personal Information
We retain your personal data for as long as you have an account with us and as needed to provide our services. Specific retention periods include:
Account Data: Retained for the duration of your account and up to 7 years after account deletion for legal compliance purposes.
Analytics Data: Analytics data is retained for a maximum of 26 months unless a shorter period is configured in a specific analytics tool.
Marketing Communications: Retained until you unsubscribe or withdraw consent.
Legal Compliance: Some data may be retained longer where required by applicable laws or regulations.
You may request deletion of your personal data at any time, subject to our legal obligations.
Your Rights
You have the following rights regarding your personal data:
Right to access
Right to rectification
Right to erasure ("right to be forgotten")
Right to restriction of processing
Right to object to processing
Right to data portability
You may exercise these rights by contacting us at privacy@linesapp.co.
You may withdraw your consent to processing (such as marketing communications, Spotify integration, or push notifications) at any time by adjusting your preferences in the App, clicking "unsubscribe" in emails, or contacting us at privacy@linesapp.co.
You also have the right to lodge a complaint with a relevant Data Protection Authority, in particular in the country of your habitual residence, place of work, or where the alleged infringement of your rights occurred.
Profiling and Automated Decision-Making
We may use your personal data and usage data to create user profiles and make automated decisions to personalize your experience, improve our services, or for security and fraud prevention purposes. These decisions are based on algorithms and predefined criteria. This includes analyzing your interactions with events, venues, artists, promoters, brands, and search activity to better understand your preferences and deliver more relevant recommendations.
You have the right to object to profiling and automated decision-making, request human intervention, and request explanations regarding decisions that significantly affect you.
To exercise these rights, contact us at privacy@linesapp.co.
We do not engage in automated decision-making that produces legal effects concerning you or similarly significantly affects you, as defined under Article 22 of the GDPR, without your explicit consent or where otherwise permitted by law.
You will not be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you, unless you have given us explicit consent or such processing is otherwise legally permitted.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale or sharing of personal information
Right to correct inaccurate personal information
Right to limit the use and disclosure of sensitive personal information
Right to non-discrimination for exercising privacy rights
We do not process sensitive personal information as defined under the CPRA (including precise geolocation, health data, government identifiers, or similar categories), except for optional GPS location in the App and approximate location inferred via IP address on the website. Both are processed solely to provide core functionality and are not used for profiling or advertising.
Sale or Sharing of Personal Information: While we do not sell personal information for monetary consideration, we may share personal information with third parties for targeted advertising purposes, which may be considered a "sale" or "sharing" under California law. This includes sharing data with advertising platforms like Meta (Facebook) and Google for retargeting purposes.
Opt-Out Rights: You have the right to opt out of the sale or sharing of your personal information. To exercise this right:
• Email us at privacy@linesapp.co with the subject line "Do Not Sell or Share My Personal Information"
• Adjust your browser settings to block advertising cookies
• Use browser-based opt-out tools provided by advertising networks
Non-Discrimination: We will not discriminate against you for exercising your California privacy rights. This means we will not:
• Deny you goods or services
• Charge you different prices or rates for goods or services
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price, rate, level, or quality of goods or services
Exercising Your Rights: To exercise any of your California privacy rights, please contact us at privacy@linesapp.co. We may need to verify your identity before processing your request.
Data Security
We implement industry-standard technical and organizational measures to safeguard your personal data, including:
Encryption of sensitive data
Access controls
Secure storage
Regular security audits
Cookies Policy
We use cookies and similar technologies on our website and App. For detailed information about our use of cookies, please see our Cookie Policy.
Manage Your Cookie Preferences
You have full control over which cookies we use. Our cookie preference center allows you to enable or disable different categories of cookies and provides detailed information about each type.
Cookies used include:
Strictly necessary cookies (core site functionality)
Functional cookies (preferences such as closest city)
Performance cookies (Google Analytics, Mixpanel)
Advertising cookies (Meta Pixel, Google Ads)
Error monitoring cookies (Sentry)
Embedded content cookies (Spotify Player, Google Maps)
Cookie Consent Management: We use a comprehensive cookie consent management system that:
Automatically detects your jurisdiction and applicable privacy laws
Respects Global Privacy Control (GPC) signals from your browser
Provides granular control over different cookie categories
Stores your preferences securely and applies them across sessions
Allows you to withdraw consent as easily as you gave it
Most browsers allow you to:
See what cookies are stored
Delete cookies
Block cookies entirely or from specific sites
Please note that blocking certain types of cookies may affect your experience and functionality of our website and App, including embedded content like Spotify Player and Google Maps.
Do Not Track
Our website does not currently respond to generic "Do Not Track" browser signals. However, we honor legally recognized browser signals for opt-out where required. For example, Global Privacy Control (GPC) signals transmitted by your browser will be treated as an opt-out of sale or sharing of personal information under applicable laws.
Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children under this age.
If we learn that we have collected personal data from a child under 16 without verified parental consent, we will delete that information as soon as possible.
Changes to this Policy
We may update this Privacy Policy from time to time. Any changes will be posted on https://linesapp.co.
Your continued use of our services constitutes acceptance of the updated Privacy Policy.
Contact
If you have questions about this Privacy Policy or your personal data, please contact:
Global Lines Co Pty Ltd
Unit 201, 28-32 Kingsway, Cronulla, NSW, 2230, Australia
Email: privacy@linesapp.co
If unresolved, you may contact your relevant Data Protection Authority.